0

I'm using this code for DES encryption: How do I use 3des encryption/decryption in Java?

I'm encrypting byte array of size 8. As far as I know, it should result in encrypted data of size 8. But the result is 16 bytes.

I've done necessary edits in the code to do DES encryption of byte array. Like changed the algo name to DES (than DEDede), key size of 8 bytes (than 24) etc.

Community
  • 1
  • 1
vish4071
  • 5,135
  • 4
  • 35
  • 65

1 Answers1

2

DES has a block size of 64 bit or 8 byte. Modes of operations like CBC and ECB are block based, but in order to encrypt plaintexts of arbitrary it is necessary to use a padding scheme like PKCS#5/PKCS#7 paddings to pad the arbitrary plaintext to the next multiple of the block size.

The padding itself contains the information how many bytes where added for PKCS#5 padding. Since 8 byte is already a multiple of the block size, a full padding block is added. It this weren't the case, you would be able to reliably disambiguate plaintext and padding after decryption.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • So should I use NoPadding? Is it safe? – vish4071 Sep 23 '15 at 15:03
  • 1
    No, then you would need to apply some kind if padding yourself. A popular padding is also ZeroPadding which you would need to implement yourself. It's usually implemented without adding a full block as in this case. If it is a problem that the output is increased, then you can ask a new question describing why it is an issue for your and asking how to workaround it. – Artjom B. Sep 23 '15 at 15:08
  • Yes, this is an issue. Can I do it like if to-encrypt byte size is 0 (mod 8), I use NoPadding else PKCS5? Will this be safe? – vish4071 Sep 23 '15 at 15:09
  • Not really, because then you wouldn't know how many padding bytes you have. If you're only encryption text data, then you can safely implement ZeroPadding, but this won't work for arbitrary binary data. If I understood you correctly in the previous question you want to create a cascade of multiple DES stages. You could use PKCS#5 padding for the first stage and NoPadding (because the output is always a multiple of the block size) for latter stages. The decryption would be reverse of course. – Artjom B. Sep 23 '15 at 15:14
  • Yes. Actually I have a byte[] of 8 bytes and I encrypt it. Then, again I encrypt (the result of this) many times. So, I want the size to always remain 8 bytes. – vish4071 Sep 23 '15 at 15:23
  • If your input is always 8 byte (or a multiple of 8 byte) then you can safely use NoPadding. – Artjom B. Sep 23 '15 at 15:26
  • Not always (but most of the time). So I thought that if it is not, then only I use PKCS5. – vish4071 Sep 23 '15 at 15:29
  • And if this is what I do, what would I use while decryption? Because NoPadding *is* causing me problems. – vish4071 Sep 23 '15 at 15:35
  • Think about it, if the last byte of the decrypted plaintext is 0x01 which in PKCS5Padding would denote that the padding is one byte long, are you really sure that this is byte is actually a padding byte or a plaintext byte? It's not solvable without using an additional block. – Artjom B. Sep 23 '15 at 15:37