标题: ASP网站制作之若何完成 DES 算法 [打印本页] 作者: 分手快乐 时间: 2015-2-3 23:35 标题: ASP网站制作之若何完成 DES 算法 由于ASP提供的是一对多的服务,所以用户的一些特殊需求很难得到满足。算法
How to implement the
Data Encryption Standard (DES)
A step by step tutorial
Version 1.2
The Data Encryption Standard (DES) algorithm, adopted by the U.S.
government in 1977, is a block cipher that transforms 64-bit data blocks
under a 56-bit secret key, by means of permutation and substitution. It
is officially described in FIPS PUB 46. The DES algorithm is used for
many applications within the government and in the private sector.
This is a tutorial designed to be clear and compact, and to provide a
newcomer to the DES with all the necessary information to implement it
himself, without having to track down printed works or wade through C
source code. I welcome any comments.
Matthew Fischer <mfischer@heinous.isca.uiowa.edu>
;下面是引见,我就不翻了。 ;)
Here's how to do it, step by step:
1 Process the key.
;生成密钥
1.1 Get a 64-bit key from the user. (Every 8th bit is considered a
parity bit. For a key to have correct parity, each byte should contain
an odd number of "1" bits.)
;从用户处失掉一个64位的密钥。(每8位一组,每组的第8位是校验位。假如校验
准确,每一个字节应当有一个为1的
1.2 Calculate the key schedule.
;盘算密钥表
1.2.1 Perform the following permutation on the 64-bit key. (The parity
bits are discarded, reducing the key to 56 bits. Bit 1 of the permuted
block is bit 57 of the original key, bit 2 is bit 49, and so on with bit
56 being bit 4 of the original key.)
;对64位的密钥停止以下的置换。(去失落校验位,密钥的实践长度是56位。置换后的
;第一名是原密钥的第57位,第二位是原第49位,第五十六位就是本来密钥的第4位。)
# 乖僻的置换,哪位年老能写出算式?
# 好象是分红两部
# for(j=57;j<64;j++)
# {
# for(i=j;i<0;i-=8)
# {
# if(k=28)
# break;
# c[k]=i;
# k++;
# }
# 这是前28位,不晓得对不合错误?请斧正。
Permuted Choice 1 (PC-1)
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
1.2.2 Split the permuted key into two halves. The first 28 bits are
called C[0] and the last 28 bits are called D[0].
;把置换后的密钥分为C[0] 和D[0]两局部,各28位。
1.2.3 Calculate the 16 subkeys. Start with i = 1.
;盘算16个子密钥,从i=1入手下手。
1.2.3.1 Perform one or two circular left shifts on both C[i-1] and
D[i-1] to get C[i] and D[i], respectively. The number of shifts per
iteration are given in the table below.
;分离对C[i-1]和D[i-1]停止左移一到两位的位移操作,失掉C[i]和D[i]。每次
;位移数量以下:
# 共16次
Iteration # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Left Shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
1.2.3.2 Permute the concatenation C[i]D[i] as indicated below. This
will yield K[i], which is 48 bits long.
;以下表,改动C[i]和D[i]的分列,失掉48位长的k[i]。
# 不懂 :(
# 是否是丢失落了某些位?
Permuted Choice 2 (PC-2)
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
1.2.3.3 Loop back to 1.2.3.1 until K[16] has been calculated.
;反复 1.2.3.1 入手下手的进程,算出16个字密钥。
2 Process a 64-bit data block.
;处置一个64位的数据块。
2.1 Get a 64-bit data block. If the block is shorter than 64 bits, it
should be padded as appropriate for the application.
;获得一个64位的数据块。假如数据块不到64位,就补足64位。
# 多是用0补吧。
2.2 Perform the following permutation on the data block.
;对数据块停止以下置换。
# 又是分红两局部停止,先是偶数位。
# 对照复杂,算式就不写了。
Initial Permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
2.3 Split the block into two halves. The first 32 bits are called L[0],
and the last 32 bits are called R[0].
;将数据块等分为L[0]和R[0]两局部。
2.4 Apply the 16 subkeys to the data block. Start with i = 1.
;从i=1入手下手,用16个子密钥对数据块停止加密。
2.4.1 Expand the 32-bit R[i-1] into 48 bits according to the
bit-selection function below.
;将数据块的后32位R[i-1]以上面划定规矩停止扩大。
# 不会写算式。:(
Expansion (E)
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
2.4.2 Exclusive-or E(R[i-1]) with K[i].
;用K[i]对E(R[i-1])停止异或操作。
2.4.3 Break E(R[i-1]) xor K[i] into eight 6-bit blocks. Bits 1-6 are
B[1], bits 7-12 are B[2], and so on with bits 43-48 being B[8].
;将上一步的操作了局分红8块,每块6位,定名为B[1]到B[8]。
This has been a description of how to use the DES algorithm to encrypt
one 64-bit block. To decrypt, use the same process, but just use the keys
K[i] in reverse order. That is, instead of applying K[1] for the first
iteration, apply K[16], and then K[15] for the second, on down to K[1].
;以上就是如何用DES算法对一个64位的数据块停止加密的进程。至于解密,只需求
;在以上过程当中把子密钥的按次倒过去用就能够了。也就是说,在加密时用子密钥
;K[1],在解密过程当中就用K[16];在加密时用子密钥K[2],在解密过程当中就用K[12]。
To encrypt or decrypt more than 64 bits there are four official modes
(defined in FIPS PUB 81). One is to go through the above-described
process for each block in succession. This is called Electronic Codebook
(ECB) mode. A stronger method is to exclusive-or each plaintext block
with the preceding ciphertext block prior to encryption. (The first
block is exclusive-or'ed with a secret 64-bit initialization vector
(IV).) This is called Cipher Block Chaining (CBC) mode. The other two
modes are Output Feedback (OFB) and Cipher Feedback (CFB).
;对超越64位的加密息争密,(美国)联邦信息处置尺度 PUB 81 中定有四种办法。
;一种是一连的对每一个数据块停止上述操作。这类办法被称 ECB mode。另外一种更
;高强度的办法是在加密前,用前述的密文块对明文块停止异或操作。
# 括号里那句话不懂 :(
;这类办法被称为 CBC mode。还有两种办法是 OFB mode 和 CFB mode。
When it comes to padding the data block, there are several options. One
is to simply append zeros. Two suggested by FIPS PUB 81 are, if the data
is binary data, fill up the block with bits that are the opposite of the
last bit of data, or, if the data is ASCII data, fill up the block with
random bytes and put the ASCII character for the number of pad bytes in
the last byte of the block. Another technique is to pad the block with
random bytes and in the last 3 bits store the original number of data bytes.
;在填凑数据块时(还记不记得,当数据块缺乏64位时要停止填充),有以下几种
;选择:一种就是填0。第二种是被(美国)联邦信息处置尺度 PUB 81所建议的,如
;果数据是二进制的,就填入和数据位最初一名相反的数;假如数据块是ASCII码,
;就填入随机字节,而且将填凑数目写入最初一个字节。另外一种手艺就是填入随机
;字节,而且将最初原数据字节数写入最初的三位。(注重:是位,bit)