Detail of DES symmetric encryption in NET

DES algorithm 1, there are two key points, the first is encryption mode, the second is the data, the main meaning of encryption mode is that is encrypted in a block encryption algorithm, DES, for example, is 64 Bit 1 block is encrypted, is encrypted 8 bytes at a time, so every time the input of 8 bytes expressly output 8 bytes ciphertext, if it is 16 bytes, then split into two pieces, in turn, is encrypted, problems arise here, if the plaintext is 1234567812345678, block encrypt respectively, Similar to the result of the encryption "C4132737962C519C C4132737962C519C", you can see clear, this is ECB encryption mode, the law of the cipher can see clear; In order to solve this problem, with other encryption mode: CBC encryption mode group (password), CFB encryption mode (password feedback mode), OFB encryption mode (output feedback mode) CBC is a requirement for an initialization vector, then each output and the vector operation, and will be the result of the operation as an encrypted block initialization vector, CFB and OFB do not need to provide initialization vector, passwords or directly to the output as the initialization vector operations; In this way, the rules of plaintext are avoided in ciphertext; Of course, the disadvantage is that it is necessary to ensure the correctness of ciphertext when decrypting. If there is a part 1 error during network transmission, the decryption result may be wrong. The ECB mode only affects the block in which the transmission error occurred. Cryptographic algorithms are basically grouped (press fast) for encryption. What if the ciphertext length is not just right for grouping? You can only fill.

Common encryption algorithms include ECB mode and CBC mode:
The first electronic encryption method (ECB)
ECB mode: electron dense in this way, that is, the data according to the eight bytes DES encryption or decryption of duan 1 period of 8 bytes of cipher text or clear, last a period of less than 8 bytes, then make up 8 bytes (note: this involves data fill) is calculated, according to the order will be calculated after the data obtained can be in 1, paragraphs data between each other. Divide the plaintext into n 64 bit groups, and if the length of the plaintext is not a multiple of 64 bits, fill in an appropriate number of specified symbols at the end of the plaintext. The plaintext group is encrypted separately with the given key, line ciphertext C=(C0,C1... And Ci = DES Cn - 1) them (K xi), i = 0, 1,... . n - 1. This is the default mode for the DES algorithm encapsulated by Java.
The second Ciphertext Grouping Link Method (CBC)

In CBC, each plaintext group xi is sent to DES to encrypt after the addition of bitmode 2 to the first group of ciphertext before encryption. CBC overcomes the shortcoming of the ECB method in reporting internal group weight. However, because the plaintext group is related to the first group of ciphertext before encryption, the error of the first group of ciphertext will spread to the next group. This is the default mode of DES algorithm encapsulated by.NET. It is troublesome. The encryption steps are as follows:

1. First, the data is grouped according to a group of 8 bytes to get D1D2...... Dn(data padding is involved if the data is not an integer multiple of 8)

2. The first set of data D1 was encrypted by DES after I and vector C1(note: vector I is used here, but vector I is not used in ECB mode)

3. The encryption results of the second group, D2, and the encryption results of the first group, C1 or later, were encrypted by DES to obtain the ciphertext C2 of the second group

4. After that, the data is analogize to Cn

5. Connect in order C1C2C3...... Cn is the encryption result.

The third ciphertext feedback mode (CFB) can be used for sequence cipher
Clear text X = (x0,x1... , ES87en-1), where xi consists of t bits 0 fourth output feedback mode (OFB), which can be used for sequence cipher
The only difference between OFB and CFB is that OFB takes the output of DES directly, instead of the ciphertext of t, the rest are the same as CFB. But it takes the output of DES, so it overcomes the disadvantage of the ciphertext error propagation of CFB

Data complement 1 generally has the filling mode of NoPadding and PKCS7Padding(PKCS5Padding in Java), PKCS7Padding and PKCS5Padding are actually only different protocols. According to relevant information, PKCS5Padding clearly defines that the encryption block is 8 bytes, and PKCS7Padding encryption speed can be between 1-255. But the encapsulated DES algorithm defaults to 8 bytes, so you can think of them as one. Data complement is actually the process of filling up the multiple of 8 bytes before the data is less than the multiple of 8 bytes.

NoPadding filling method: the algorithm itself does not fill, for example, None and Zeros of NET provide the methods of no filling and 0 filling, respectively.

The filling method of PKCS7Padding(PKCS5Padding) : is the default filling method of NET and Java. The remainder of the encrypted data byte length is r. If r is greater than 0, then 8-ES134en bytes are filled, and the byte is the value of 8-ES135en. If r is equal to 0, 8 bytes are added. For example:

If the encrypted string is AAA, the complement is AAA55555; If the encrypted string is BBBBBB, the complement is BBBBBB22; If the encrypted string is CCCCCCCC, the complement is CCCCCCCC88888888.

. DES encryption in NET

For. NET framework in System. Security. Cryptography namespace provides DESCryptoServiceProvider as System. Under Security. Cryptography. DES encryption to decrypt the packing of the interface, it provides the following four methods:

public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)

public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)

public override void GenerateIV()

public override void GenerateKey()

From.NET class library package, encryption and decryption need to pass 1 Key and IV vector. And Key must be 8 bytes of data, otherwise it will be thrown out. When using ECB mode, no matter what IV vector is passed in, the encryption result will be the same.