With 3DES encryption, we use a 128-bit key and a 64-bit IV value. The two modes supported are ECB (without salt) and CBC (with salt). The DES algorithm has been around for a long time, and the 56-bit version is now easily crackable (in less than a day on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (with a combination of the three keys - of which two of the keys are the same). In this case we will use PKCS7 padding, and which fills the input data with a value that is equal to the number of padding bytes. Overall, DES has a 64-bit block size, and which equates to eight ASCII characters.
3DES CBC/ECB Encryption with PowerShell |
Method
With 3DES encryption, we use a 128-bit key and a 64-bit IV value. The two modes supported are ECB (without salt) and CBC (with salt). The DES algorithm has been around for a long time, and the 56-bit version is now easily crackable (in less than a day on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (with a combination of the three keys - of which two of the keys are the same). In this case we will use PKCS7 padding, and which fills the input data with a value that is equal to the number of padding bytes.
Coding
The following is the coding:
$plaintext="Hello" $key="00010203040506070001020304050607" $iv="0001020304050607" $plaintext=$Args[0] $key=$Args[1] $iv=$Args[2] $mode=$Args[3] $des=[System.Security.Cryptography.TripleDES]::Create() if ($mode -eq "CBC") { $des.Mode = [System.Security.Cryptography.CipherMode]::CBC } elseif ($mode -eq "ECB") {$des.Mode = [System.Security.Cryptography.CipherMode]::ECB} $des.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7 $des.BlockSize = 64 $des.IV=[System.Convert]::FromHexString($iv) $des.Key = [System.Convert]::FromHexString($key) $bytes = [System.Text.Encoding]::UTF8.GetBytes($plaintext) $encryptor = $des.CreateEncryptor() $encryptedData = $encryptor.TransformFinalBlock($bytes, 0, $bytes.Length); $decryptor = $des.CreateDecryptor() $pl = $decryptor.TransformFinalBlock($encryptedData, 0, $encryptedData.Length); "== 3DES Encryption == " "Message: " + $plaintext "Key: " + $key "IV: " + $iv "Mode: " + $mode "Encrypted Data: " + [System.Convert]::ToHexString($encryptedData) "Decrypted Data: " + [System.Text.Encoding]::ASCII.GetString($pl)
A sample run shows:
== 3DES Encryption == Message: qwerty Key: 11210203040506070001020304050607 IV: 0001020304050607 Mode: CBC Encrypted Data: 4078929FE2FB6C76 Decrypted Data: qwerty