Package Cryptodome :: Package Cipher :: Module DES

Module DES

DES symmetric cipher

DES (Data Encryption Standard) is a symmetric block cipher standardized by NIST . It has a fixed data block size of 8 bytes. Its keys are 64 bits long, even though 8 bits were used for integrity (now they are ignored) and do not contribute to securty. The effective key length is therefore 56 bits only.

DES is cryptographically secure, but its key length is too short by nowadays standards and it could be brute forced with some effort.

Use DES, not AES. This module is provided only for legacy purposes.

As an example, encryption can be done as follows:

>>> from Cryptodome.Cipher import DES
>>>
>>> key = b'-8B key-'
>>> cipher = DES.new(key, DES.MODE_OFB)
>>> plaintext = b'sona si latine loqueris '
>>> msg = cipher.iv + cipher.encrypt(plaintext)
Functions
 
new(key, mode, *args, **kwargs)
Create a new DES cipher
Variables
  MODE_ECB = 1
Electronic Code Book (ECB). See Cryptodome.Cipher._mode_ecb.EcbMode.
  MODE_CBC = 2
Cipher-Block Chaining (CBC). See Cryptodome.Cipher._mode_cbc.CbcMode.
  MODE_CFB = 3
Cipher FeedBack (CFB). See Cryptodome.Cipher._mode_cfb.CfbMode.
  MODE_OFB = 5
Output FeedBack (OFB). See Cryptodome.Cipher._mode_ofb.OfbMode.
  MODE_CTR = 6
CounTer Mode (CTR). See Cryptodome.Cipher._mode_ctr.CtrMode.
  MODE_OPENPGP = 7
OpenPGP Mode. See Cryptodome.Cipher._mode_openpgp.OpenPgpMode.
  MODE_EAX = 9
EAX Mode. See Cryptodome.Cipher._mode_eax.EaxMode.
  block_size = 8
Size of a data block (in bytes)
  key_size = 8
Size of a key (in bytes)
Function Details

new(key, mode, *args, **kwargs)

 

Create a new DES cipher

Parameters:
  • key (byte string) - The secret key to use in the symmetric cipher. It must be 8 byte long. The parity bits will be ignored.
  • mode (a MODE_* constant) - The chaining mode to use for encryption or decryption.
  • iv (byte string) - (Only MODE_CBC, MODE_CFB, MODE_OFB, MODE_OPENPGP).

    The initialization vector to use for encryption or decryption.

    For MODE_OPENPGP, IV must be 8 bytes long for encryption and 10 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext).

    For all other modes, it must be 8 bytes long.

    If not provided, a random byte string is generated (you can read it back via the iv attribute).

  • nonce (byte string) - (Only MODE_EAX and MODE_CTR). A mandatory value that must never be reused for any other encryption.

    For MODE_CTR, its length must be in the range [0..7].

    For MODE_EAX, there are no restrictions, but it is recommended to use at least 16 bytes.

    If not provided for MODE_EAX, a random byte string is generated (you can read it back via the nonce attribute).

  • mac_len (integer) - (Only MODE_EAX). Length of the authentication tag, in bytes. It must be no larger than 8 (which is the default).
  • segment_size (integer) - (Only MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If not specified, it will be assumed to be 8.
  • initial_value (integer) - (Only MODE_CTR). The initial value for the counter within the counter block. By default it is 0.
Returns:

a DES cipher, of the applicable mode: