Search code examples
pythonencryptiondes3destripledes

Python TripleDES (3DES) Hexa input Encryption

Python 3DES doesn't output the correct answer.

    import pyDes
    import binascii

    text = '111122223333AAAA44446666BBBBEEEE'
    binaryText = binascii.unhexlify(text)

    key = '123412341234ABCD'

    k = pyDes.triple_des(key, pyDes.ECB)

    encrypted = k.encrypt(binaryText)

    print("Encrypted Value = %r" % binascii.hexlify(encrypted))

    # decrypted = k.decrypt(encrypted)
    # print("Decrypted Value = %r" %binascii.hexlify(decrypted))

Encrypted value should be : 569F2551E1749FEE9221B20C4F76CD4B

3DES Online Tool : http://tripledes.online-domain-tools.com/

Solution

  • There are two reasons in the code why the results differ:

    • The key specified as a hexadecimal string is not converted to its binary representation.

    • The wrong keysize is used: TDES is based on DES and uses three DES keys K1, K2, K3. It executes three DES rounds: In the first round an encryption with K1 is performed, in the second round a decryption with K2 and finally in the third round again an encryption with K3. Three keying options are supported: 3TDEA is the strongest variant and uses three independent DES keys. 2TDEA uses two independent keys with K3 = K1. 1TDEA uses three identical keys with K3 = K2 = K1, therefore it is reduced to DES and is with the security of DES the most insecure variant.

      On the Web Site, the use of the key 123412341234ABCD implies 1TDEA. pyDes on the other side explicitly supports only 2TDEA and 3TDEA, but not 1TDEA, because only 16 byte and 24 byte keys are allowed. But 1TDEA can be enforced by using the keys 123412341234ABCD123412341234ABCD or 123412341234ABCD123412341234ABCD123412341234ABCD.

    So that the Python-code provides the result of the web-site

    key = '123412341234ABCD'

    has to be replaced by

    #key = '123412341234ABCD'                                   # 8 bytes key works for DES, but fails for TDES
#key = '123412341234ABCD123412341234ABCD'                   # 16 bytes key or               
key = '123412341234ABCD123412341234ABCD123412341234ABCD'    # 24 bytes key works for TDES
key = binascii.unhexlify(str.encode(key, 'Utf-8'))          # convert hexadecimal string to binary data

    Be aware that the code is insecure in several ways: First, 1TDEA has practically the strength of DES and is therefore insecure. Even if TDES is used with the 3TDEA-variant (with a security comparable to AES), the more performant AES should be used. Second, the ECB-mode is insecure.