DES Encryption

vek has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monks, I seek your wisdom.

I have been sent a DES encrypted file from a third party. Said third party also provided the key. I need to be able to decrypt the file for further processing. When it comes to encryption I'm about *this* close to having no idea what I'm talking about (using GnuPG obviously doesn't count) so I thought I'd ask for a little assistance.

My first stop was to make sure I had Crypt::DES and (per the suggesion in the Crypt::DES POD) Crypt::CBC installed. Crypt::CBC has an example in the Crypt-CBC-2.08/eg directory of DES encryption/decryption (des.pl) so I thought that would be as good a starting point as any:

#!/usr/local/bin/perl

use lib '../blib/lib';

use Getopt::Std;
use Crypt::DES;
use Crypt::CBC;
use strict vars;

my %options;

getopts('edk:i:o:',\%options) || die <<USAGE;
Usage: des.pl [options] file1 file2 file3...
   DES encrypt/decrypt files using Cipher Block Chaining mode.
Options:
       -e        encrypt (default)
       -d        decrypt
       -k 'key'  provide key on command line
       -i file   input file
       -o file   output file
USAGE
    ;

@ARGV = $options{'i'} if $options{'i'};
push(@ARGV,'-') unless @ARGV;
open (STDOUT,">$options{'o'}") || die "$options{'o'}: $!"
    if $options{'o'};

my $key = $options{'k'} || get_key();
$key = pack("H16", $key);
# DES used by default
my $cipher = Crypt::CBC->new($key) || die "Couldn't create CBC object"
+;  
my $decrypt = $options{'d'} and !$options{'e'};
$cipher->start($decrypt ? 'decrypt' : 'encrypt');

my $in;
while (@ARGV) {
    my $file = shift @ARGV;
    open(ARGV,$file) || die "$file: $!";
    print $cipher->crypt($in) while read(ARGV,$in,1024);
    close ARGV;
}
print $cipher->finish;

sub get_key {
    local($|) = 1;
    local(*TTY);
    open(TTY,"/dev/tty");
    my ($key1,$key2);
    system "stty -echo </dev/tty";
    do {
    print STDERR "DES key: ";
        chomp($key1 = <TTY>);
    print STDERR "\r\nRe-type key: ";
        chomp($key2 = <TTY>);
        print STDERR "\r\n";
        print STDERR "The two keys don't match. Try again.\r\n"
            unless $key1 eq $key2;
    } until $key1 eq $key2;
    system "stty echo </dev/tty";
    close(TTY);
    $key1;
}
[download]

I then run it like this des.pl -d -i infile -o outfile -k thekey. Unfortunately the outfile is garbage so the decryption obviously didn't work. I'm kind of scratching my head as to what to do next.

I'm going to double check that the key I was given is correct and make sure that when the third party FTPd the file to me they transferred it in binary mode.

Anyone familiar enough with DES encryption to know if I'm missing something trivial? Is there something else I should be doing/checking/setting etc...

Cheers.

-- vek -- _{janitored by ybiC: Balanced <readmore> tags around long codeblock}

Comment on DES Encryption Select or Download Code

Replies are listed 'Best First'.
Re: DES Encryption by sgifford (Prior) on Sep 12, 2003 at 21:05 UTC
I would recommend asking the person who sent the file to you how they encrypted it. DES can be used in CBC mode, or in ECB or other modes. Also, the password can be converted to a key in several ways. You'll have to know a bit more about how it was encrypted than just "with DES".	[reply]
Re: Re: DES Encryption by vek (Prior) on Sep 12, 2003 at 21:17 UTC
Thanks sgifford. Could you expand a little more on what you mean by `Also, the password can be converted to a key in several ways.` I just want to make sure I'm asking the right questions when I contact the person who sent me the file in the first place. -- vek --	[reply] [d/l]
Re: Re: Re: DES Encryption by iburrell (Chaplain) on Sep 12, 2003 at 22:43 UTC
DES takes an 56-bit integer as the key. This could be represented as a decimal integer or hex string. But usually people want to use a password. The password needs to be turned into the key used for encryption. One way is to just use the string as the key. But this limits the size of the password. And makes the key easier to guess. The standard way is to hash the password with MD5 or another one-way hash function and use part of the result as the key.	[reply]
Re: DES Encryption by tachyon (Chancellor) on Sep 13, 2003 at 11:03 UTC
Have you tried decrypting the first output a second and even third time? Double/triple DES is quite popular due to the short key and the fact that the last time I looked at the RSA site the proven brute force crack time was down below 24 hours for a distrubuted net attack. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]