Triple DES (3DES) is a symmetric-key encryption algorithm that applies the Data Encryption Standard (DES) algorithm three times to each data block. Here's a step-by-step guide on how to implement 3DES encryption in Java using the Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE).
import javax.crypto.*;
import javax.crypto.spec.DESedeKeySpec;
import java.security.spec.KeySpec;
byte[] keyBytes = "your_secret_key_here".getBytes();
KeySpec keySpec = new DESedeKeySpec(keyBytes);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey secretKey = keyFactory.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); // Specify algorithm, mode, and padding
Initialize Cipher for Encryption
byte[] ivBytes = "initialization_vector".getBytes(); // Optional for CBC mode
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
Encrypt Data
String plainText = "This is the text to encrypt";
byte[] plainTextBytes = plainText.getBytes("UTF-8");
byte[] encryptedBytes = cipher.doFinal(plainTextBytes);
Decrypt Data
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec); // Reuse key and IV for decryption
byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes, "UTF-8");
Points to Remember: - Key Size: 3DES uses a 192-bit key (3 × 56-bit DES keys).
- Mode: CBC (Cipher Block Chaining) mode is commonly used with 3DES.
- Padding: PKCS#5 padding is used to ensure the data length is a multiple of the block size.
- Initialization Vector (IV): Used in CBC mode to enhance security.
Secret Key: - Must be 192 bits (24 bytes) long.
- Should be randomly generated for security.
- Example: your_secret_key_here = "4B5C6D7E8F90A1B2C3D4E5F60718293A4B5C6D7E"
Initialization Vector (IV): - Used for modes like CBC to add randomness.
- Should be different for each encryption operation.
- Typically 8-16 bytes long.
- Can be randomly generated or a static value.
- Example: initialization_vector = "12345678"
Full Source | Java
import javax.crypto.*;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import java.security.spec.KeySpec;
public class ThreeDESExample {
public static void main(String[] args) throws Exception {
String plainText = "This is the secret message";
byte[] keyBytes = "4B5C6D7E8F90A1B2C3D4E5F60718293A4B5C6D7E".getBytes();
byte[] ivBytes = "12345678".getBytes();
byte[] encryptedBytes = encrypt(plainText, keyBytes, ivBytes);
byte[] decryptedBytes = decrypt(encryptedBytes, keyBytes, ivBytes);
System.out.println("Encrypted: " + new String(encryptedBytes, "UTF-8"));
System.out.println("Decrypted: " + new String(decryptedBytes, "UTF-8"));
}
public static byte[] encrypt(String plainText, byte[] keyBytes, byte[] ivBytes) throws Exception {
KeySpec keySpec = new DESedeKeySpec(keyBytes);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey secretKey = keyFactory.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
byte[] plainTextBytes = plainText.getBytes("UTF-8");
return cipher.doFinal(plainTextBytes);
}
public static byte[] decrypt(byte[] encryptedBytes, byte[] keyBytes, byte[] ivBytes) throws Exception {
KeySpec keySpec = new DESedeKeySpec(keyBytes);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey secretKey = keyFactory.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
return cipher.doFinal(encryptedBytes);
}
}
Best Practices: - Use strong, randomly generated keys.
- Keep keys confidential.
- Consider using more modern algorithms like AES for new applications.
Conclusion
Triple DES (3DES) is a symmetric-key encryption algorithm that applies the Data Encryption Standard (DES) three times to enhance security. Despite its past vulnerabilities, 3DES remains widely used for data protection in legacy systems and certain applications due to its compatibility and moderate level of security.