DES Encryption Algorithm | Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

< Day Day Up >

The DES encryption algorithm is called for in the XML Encryption standard. It is the basis for 3DES, which is the recommended way to use DES. In both cases, it is best performed in hardware and was designed with that use in mind.

The DES algorithm begins with an initial permutation performed to accommodate DES hardware limitations. The incoming message block is then broken into a right half and a left half, each 32 bits long.

On that message block, the algorithm performs the following function that combines the data with the key for 16 rounds:

The key bits are shifted.
Then 48 bits are selected from 56 bits of the key.
The right half is expanded to 48 bits via an expansion transformation.
These bits are combined with 48 bits of a shifted and permuted key via XOR .
This output is sent through a substitution box, producing 32 new bits, and is permuted again.
This output is then combined with the left half using another XOR .
The left and right halves are combined.
The final permutation produces the ciphertext .

As you can see, several substitutions, permutations , XOR s, and shifts are necessary to get the DES encrypted ciphertext. The design of DES is so clever that decryption uses exactly the same algorithm as encryption. The only difference is that the order the key parts are used is exactly reversed .

< Day Day Up >