3DES
Deprecated
Starting from v10.0.x, the 3DES protection method is deprecated based on NIST recommendations around weak ciphers.
It is recommended to use the AES-128 and AES-256 protection method instead of the 3DES protection method.
The 3DES algorithm applies the DES algorithm. It is the first USA national standard of block ciphering, three times to each data block. The Triple Data Encryption Standard (3DES) cipher key size is 168 bits, compared to 56 bits key of DES. The 3DES algorithm, using the DES cipher algorithm, provides a simple method of data protection.
Table: 3DES Encryption Algorithm Properties
| Properties | Values |
|---|---|
| Name | 3DES |
| Operation Mode | EDE3 CBC - triple CBC DES encryption with three keys. - CBC = Cipher Block Chaining - EDE = E(ks3,D(ks2,E(ks1,M))) - E=Encrypt - D=Decrypt |
| Encryption Properties | IV, CRC, Key ID |
| Length Preservation with padding formula for non-length preserving algorithms | No For explanation on calculating data length, refer to Data Length and Padding in Encryption. |
| Minimum Length | None |
| Maximum Length | 2147483610 bytes (2 GB) |
| Specifics of algorithm | A block cipher with 168 bit key |
The following table shows examples of the way in which the value “Protegrity” will be encrypted with the 3DES algorithm.
Table: Examples of 3DES Encryption
| Encryption Algorithm | Output Value | Comments |
|---|---|---|
| 3DES | 0x4AA7402C77808D80D093A15A51318D19 | The input value, which is 10 bytes long, is padded to become 16 bytes. This represents two blocks of 8 bytes. The output value consists of 16 bytes. |
| 3DES-CRC | 0xF1B7EFD118D27E5568AB192CE2A12E35 | The input value, which is 10 bytes long with a checksum of 4 bytes, is padded to become 16 bytes. This represents two blocks of 8 bytes. The output value consists of 16 bytes. |
| 3DES-IV | 0x5126D8EB02A213922FB7E6DEDA861ABF661A01AEF7CAEC86 | 8 bytes IV is added. The output value consists of 24 bytes. This represents three blocks of 8 bytes. |
| 3DES-KeyID | 0x200479E1CC7983040987362DA49DD68B6E16 | 2 bytes are added for the Key ID. The output value consists of 18 bytes. |
| 3DES-IV-CRC-KeyID | 0x20055B72BF6E9B55B799A9DF51587E93ED8CF42E48A80F9474C0 | The input value, which is 10 bytes long with a checksum of 4 bytes, is padded to a total length of 16 bytes. Additionally, 8 bytes IV and 2 bytes of Key ID are added to the output. The final output value consists of 26 bytes. |
CUSP 3DES
Deprecated
Starting from v10.0.x, the CUSP 3DES protection method is deprecated based on NIST recommendations around weak ciphers.
It is recommended to use the CUSP AES-128 and CUSP AES-256 protection method instead of the CUSP 3DES protection method.
CUSP 3DES uses a 3DES key with the CUSP expansion to the 3DES algorithm. Data is CBC encrypted in 8 byte blocks. Any remaining data is stream ciphered using the same 3DES key with an IV of a double encrypted last full block.
Table: CUSP 3DES Encryption Algorithm Properties
| Properties | Values |
|---|---|
| Name | CUSP 3DES |
| Operation Mode | CBC – Cipher Block Chaining, combined with ECB - Electronic codebook |
| Encryption Properties | CRC, Key ID |
| Length Preservation with padding formula for non-length preserving algorithms | Yes No, if CRC or Key ID are used. |
| Minimum Length | None |
| Maximum Length | 2147483610 bytes (2 GB) |
| Specifics of algorithm | A modified block algorithm mainly used in environments where an IBM mainframe is present. |
The following table shows examples of the way in which the value “Protegrity” will be encrypted with the CUSP 3DES algorithm.
| Encryption Algorithm | Output Value | Comments |
|---|---|---|
| CUSP 3DES | 0xD7DE903612B29BA825B4 | Length of the output value is the same as input value - 10 bytes as CUSP preserves length. |
| CUSP 3DES - CRC | 0x7920A9AF0CEE96E1C4EDB8F5E9EF | 4 bytes checksum is added. The output value consists of 14 bytes. |
| CUSP 3DES - KeyID | 0x200525200D62B05DCB17E8DB | 2 bytes Key ID is added. The output value consists of 12 bytes. |
| CUSP 3DES - CRC-KeyID | 0x20068C2A54ACB80DB3C3332421B8851B | 4 bytes checksum and 2 bytes of Key ID are added. The output value consists of 16 bytes. |
3DES Encryption Properties for Protectors
The Application Protector, Big Data Protector, and Database Protector can use 3DES encryption algorithm.
All protectors support encryption properties, such as, IV, CRC, and Key ID. The Key ID is a part of the encrypted data.
The 3DES encryption algorithm can also be used with File Protectors.
For the protect operation, the Input type / Character set can be any value depending upon the DB, then the Output type / Character set is Binary. For the unprotect operation, the Input type / Character set is binary and the Output type / Character set can be any value depending upon the DB.
Application Protector
For the Input type / Character set property, refer to Supported Input Data Types by Application Protectors for supported data types.
Big Data Protector
For the Input type / Character set property, refer to Supported Input Data Types by Big Data Protectors for supported data types.
Feedback
Was this page helpful?