Author: Todd Whiteman
Version: 2.0.1
Release: 28th April, 2010
License: MIT
This is a pure python implementation of the DES encryption algorithm. It's pure python to avoid portability issues, since most DES implementations are programmed in C (for performance reasons).
Using the Python package manager:
$ pip install pydesExtract the files from the downloaded archive and run:
$ python setup.py install
If you'd like to run the tests, run the command:
$ python test_pydes.py
python -c "import pyDes; des = pyDes.des('This Key'); \
print des.encrypt('SomeData').encode('hex')"Class initialization
--------------------
pyDes.des(key, [mode], [IV], [pad], [padmode])
pyDes.triple_des(key, [mode], [IV], [pad], [padmode])
key -> Bytes containing the encryption key. 8 bytes for DES, 16 or 24 bytes
for Triple DES
mode -> Optional argument for encryption type, can be either
pyDes.ECB (Electronic Code Book) or pyDes.CBC (Cypher Block Chaining)
IV -> Optional Initial Value bytes, must be supplied if using CBC mode.
Length must be 8 bytes.
pad -> Optional argument, set the pad character (PAD_NORMAL) to use during
all encrypt/decrpt operations done with this instance.
padmode -> Optional argument, set the padding mode (PAD_NORMAL or PAD_PKCS5)
to use during all encrypt/decrypt operations done with this instance.
I recommend to use PAD_PKCS5 padding, as then you never need to worry about any
padding issues, as the padding can be removed unambiguously upon decrypting
data that was encrypted using PAD_PKCS5 padmode.
Common methods
--------------
encrypt(data, [pad], [padmode])
decrypt(data, [pad], [padmode])
data -> Bytes to be encrypted/decrypted
pad -> Optional argument. Only when using padmode of PAD_NORMAL. For
encryption, adds this characters to the end of the data block when
data is not a multiple of 8 bytes. For decryption, will remove the
trailing characters that match this pad character from the last 8
bytes of the unencrypted data block.
padmode -> Optional argument, set the padding mode, must be one of PAD_NORMAL
or PAD_PKCS5). Defaults to PAD_NORMAL.
Example
-------
import pyDes
# For Python3, you'll need to use bytes, i.e.:
# data = b"Please encrypt my data"
# k = pyDes.des(b"DESCRYPT", pyDes.CBC, b"\0\0\0\0\0\0\0\0", pad=None, padmode=pyDes.PAD_PKCS5)
data = "Please encrypt my data"
k = pyDes.des("DESCRYPT", pyDes.CBC, "\0\0\0\0\0\0\0\0", pad=None, padmode=pyDes.PAD_PKCS5)
d = k.encrypt(data)
print "Encrypted: %r" % d
print "Decrypted: %r" % k.decrypt(d)
assert k.decrypt(d) == data
See the pyDes test file (test_pydes.py) for more examples of use.
Note: This code was not written for high-end systems needing a fast
implementation, but rather a handy portable solution with small usage.
The code is not written for speed or performance, so not for those needing a fast DES implementation, but rather a handy portable solution ideal for small usages. The speed at which pyDes encrypts/decrypts is around 10Kb/s (using the DES method) - that's very SLOW!!
Triple DES is just running the DES algorithm 3 times over the data with the specified key. The supplied key is split up into 3 parts, each part being 8 bytes long (the mandatory key size for DES).
The triple DES algorithm uses the DES-EDE3 method when a 24 byte key is supplied. This means there are three DES operations in the sequence encrypt-decrypt-encrypt with the three different keys. The first key will be bytes 1 to 8, the second key bytes 9 to 16 and the third key bytes 17 to 24.
If a 16 byte key is supplied instead, the triple DES method used will be DES-EDE2. This means there are three DES operations in the sequence encrypt-decrypt-encrypt, but the first and third operations use the same key. The first/third key will be bytes 1 to 8 and the second key bytes 9 to 16.
Thanks go to:
- David Broadwell: Ideas, comments and suggestions.
- Mario Wolff: Finding and debugging triple des CBC errors.
- Santiago Palladino: Providing the PKCS5 padding technique.
- Shaya: Fixing triple DES CBC errors with PAD_PKCS5.
- Yoav Aner: For spotting a triple DES CBC IV error.
