Here is simple “How to do Triple-DES CBC mode encryption example in c programming with OpenSSL”
First you need to download standard cryptography library called OpenSSL to perform robust Triple-DES(Data Encryption Standard) encryption, But before that i will tell you to take a look at simple C code for Triple-DES encryption and decryption, so that you are familiar with DES cryptography APIs which is quite simple. Here i use Triple-DES CBC mode Encryption
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/des.h>
/* Triple DES key for Encryption and Decryption */
DES_cblock Key1 = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 };
DES_cblock Key2 = { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 };
DES_cblock Key3 = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33 };
DES_key_schedule SchKey1,SchKey2,SchKey3;
/* Print Encrypted and Decrypted data packets */
void print_data(const char *tittle, const void* data, int len);
int main()
{
/* Input data to encrypt */
unsigned char input_data[] = {0x01, 0x02, 0x03, 0x04, 0x05};
/* Init vector */
DES_cblock iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
DES_set_odd_parity(&iv);
/* Check for Weak key generation */
if ( -2 == (DES_set_key_checked(&Key1, &SchKey1) || DES_set_key_checked(&Key2, &SchKey2) || DES_set_key_checked(&Key3, &SchKey3)))
{
printf(" Weak key ....\n");
return 1;
}
/* Buffers for Encryption and Decryption */
unsigned char* cipher[sizeof(input_data)];
unsigned char* text[sizeof(input_data)];
/* Triple-DES CBC Encryption */
DES_ede3_cbc_encrypt( (unsigned char*)input_data, (unsigned char*)cipher, sizeof(input_data), &SchKey1, &SchKey2, &SchKey3,&iv, DES_ENCRYPT);
/* Triple-DES CBC Decryption */
memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value
DES_set_odd_parity(&iv);
DES_ede3_cbc_encrypt( (unsigned char*)cipher, (unsigned char*)text, sizeof(input_data), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);
/* Printing and Verifying */
print_data("\n Original ",input_data,sizeof(input_data));
print_data("\n Encrypted",cipher,sizeof(input_data));
print_data("\n Decrypted",text,sizeof(input_data));
return 0;
}
void print_data(const char *tittle, const void* data, int len)
{
printf("%s : ",tittle);
const unsigned char * p = (const unsigned char*)data;
int i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
printf("\n");
}
DES_cblock
There are two phases to the use DES encryption. The first is the generation of a DES_key_schedule from a key(8 bytes with odd parity) which is of type DES_cblock, the second phase is the actual encryption. The least significant bit in each byte is the parity bit.
DES_key_schedule
The key schedule is an expanded form of the key; it is used to speed the encryption process.
DES_set_odd_parity()
DES_set_odd_parity() sets the parity of the passed key to odd.
DES_set_key_checked()
Before a DES key can be used, it must be converted into the architecture dependent DES_key_schedule via the DES_set_key_checked() or DES_set_key_unchecked() function. DES_set_key_checked() will check that the key passed is of odd parity and is not a week or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated.
DES_ede3_cbc_encrypt()
DES_ede3_cbc_encrypt() implements main algorithm for triple CBC DES encryption with three keys.
Compiling and Installing OpenSSL
Before compiling this code, you need OpenSSL library which you can download from here
i am using openssl-1.0.1i which i have downloaded in form of tar file because my development OS is Linux(Ubuntu). So after downloading tar file we have to compile and install OpenSSL. To do so follow instruction below.
/* Go to the folder where your openssl-1.0.1i.tar.gz file is located, type following command : */ tar -xvf openssl-1.0.1i.tar.gz cd openssl-1.0.1i ./config shared --prefix=<FULL_PATH_OF_INSTALL_DIRECTORY> make make install
that’s it ! you have successfully compiled and installed OpenSSL.
Now create the file with above sample code and compile that with gcc compiler by using this gcc directives :
gcc -o <OUTPUT_BINARY_FILE_NAME> <AES_CODE_FILE_NAME.c> -I <FULL_PATH_TO_INCLUDE_FOLDER_OF_OPENSSL’s_INSTALL_DIRECTORY> -L <FULL_PATH_TO_LIB_FOLDER_OF_OPENSSL’s_INSTALL_DIRECTORY> -lcrypto
and run the binary you will see following output
$ ./<OUTPUT_BINARY_FILE_NAME>
Original : 00 01 02 03 04 05
Encrypted : D5 40 D0 BB 16 1D
Decrypted : 00 01 02 03 04 05
More Reading
http://en.wikipedia.org/wiki/Triple_DES
http://www.cryptopp.com/wiki/TripleDES
http://www.cryptosys.net/encrypt3des_ex.html
Suggested Reading