Broccoli Products home | contact us | about us
Profile Services Downloads Workshop Extras

DES, TripleDES and BlowFish in Silverlight
(by Lou Brown, last updated 4-MAR-2011)

The Brief
Anyone wanting to implement DES or TripleDES encryption in Silverlight is going to get a surprise. The reduced .Net library for Silverlight 4 does not contain a cryptography provider for either. You can use AES instead, which is supported on all .Net platforms, but if you are being fed DES or TripleDES encrypted data from a service that is out of your reach, the lack of any DES support is a problem.

BlowFish on the other hand was never supported in .Net, which is a shame because it is simpler and quicker than DES and TripleDES, and has a maximum key length of 56 bytes, compared to the shorter 8 bytes for DES and 24 bytes for TripleDES.  (DES had United States government approval a long time ago, whereas Richard Nixon never gave his opinion of BlowFish.)

BlowFish, DES and TripleDES have something in common - they have no known crack. There are some methods of attacking DES that reduce a brute force attack by a log or two, and there are some weak and semi-weak keys to avoid, but if you want to crack DES, TripleDES or BlowFish, something like a brute force attack is the only way.

DES has a feeble key length of 8 bytes, and recently DES was cracked using a brute force attack in 24 hours by an array of FPGAs. But by extending the key length to 24 bytes with TripleDES, this again puts your data out of reach or prying eyes for the next few years.

Class Libraries
The algorithms are implemented as two .Net classes - DESCryptography and BlowFishCryptography. Both classes were developed on Windows 7 and VS2010 using .Net 4 and Silverlight 4.

File: DESCrytography.cs
Current Build:    4th MAR 2011
 
File: BlowFishCrytography.cs
Current Build:    4th MAR 2011

DESCryptography
The DESCryptography class matches the output of .Net's TripleDESCryptoServiceProvider and DESCryptoServiceProvider, assuming you have not changed the DES default padding mode. 

The default padding mode used by .Net adds a number of bytes to the end of the plaintext before encrypting, to bring the length of the plaintext up to a factor of the DES block length, 8 bytes. If the plaintext is already a factor of 8 bytes, another 8 bytes are added.  So encrypting 8 bytes produces 16, and decrypting 16 bytes produces 8.

For each block that is encrypted, the block is first XORed with the previous block. Applying this succession method reduces the possibility of a pattern appearing in the cyphertext.

The following is a summary of the structures and functions:

DESCryptography This is a static class.
          Structure BLOCK8BYTE An array of 8 bytes. As the DES algorithm is applied, the data width reduces from 8 bits to 7, then 6, then 5. These bits are held in a byte, aligned to the most significant bit.
  Structure KEY_SET A set of 17 keys, the result of expanding the DES key provided.
  Structure WORKING_SET A set of BLOCK8BYTE structures that are used throughout the workings of DES algorithm. By holding a singular instance of these variables, processor time is saved from working out whether they be disposed or reused.
  Function IsValidDESKey Returns true if a key is the correct length, has the correct parity bits, and is neither weak or semi-weak.
  Function IsStrongDESKey Returns true if the key is not one of the listed weak or semi-weak keys.
  Function CreateDesKey Creates a valid DES key using a .Net Random object.
  Function MakeGoodDesKey Modifies an 8-byte array of bytes so that it becomes a valid DES key.
  Function DES Encrypts or decrypts an array of bytes into another array of bytes. The data encrypted can be any length greater than 0 bytes.
  Function IsValidTripleDESKey Returns true if the key provided is the correct length, and is composed of unique, strong DES keys with the correct parity-bit.
Function CreateTripleDesKey Creates a valid TripleDES key using a .Net Random object.
  Function MakeGoodTripleDesKey    Modifies an array of 24 bytes into a valid TripleDES key.
  Function TripleDES Encrypts or decrypts a buffer into another buffer using the TripleDES algorithm.
  Function Test A static test function to confirm that DES and TripleDES encryption and decryption routines match the equivalent .Net routines, and that the encrypted data decrypts to the original data.

The functions MakeGoodDesKey and MakeGoodTripleDesKey are for converting a source of key data, such as a string or a series of numbers, into a valid key. These functions do not use any random number generation, so the resulting key can consistently be recreated from the binary source.

BlowFishCryptography
The BlowFishCryptogaphy class is similar in functionality to the DES class, except there is a choice of encryption functions, BlowFish and BlowFishWithPadding.

The following is a summary of the functions:

BlowFishCryptography This is a static class.
          Structure DWORD_SPLITTER A structure that behaves like a C-style Union. A DWORD (4 byte unsigned integer) shares memory with 4 individually addressable bytes.
  Function IsValidBlowFishKey Returns true if the key provided is a valid BlowFish key.
Function CreateBlowFishKey Creates a valid BlowFish key.
  Function BlowFishWithPadding    Encrypts and decrypts a buffer to another buffer using the BlowFish algorithm. Padding is used to identify the original length of the plaintext. The plaintext can be any length greater than 1 byte.
  Function BlowFish Encrypts and decrypts a buffer to another buffer using the BlowFish algorithm. The data encrypted must be a factor of the BlowFish block length in length or an exception is thrown
  Function Test Runs a series of test vectors for the BlowFish functions, and confirms that decrypted-encrypted data matches the original.

Code Example
The following code snippet takes a buffer of random bytes and encrypts it using DES.

/////////////////////////////////////////////////////////
// Example of DES encryption

// Create a key
Random rnd = new Random();
byte[] Key = DESCrytography.CreateDesKey(rnd);

// Create a buffer of text
byte[] plainText = new byte[1024];
rnd.NextBytes(plainText);

// Encrypt
byte[] cypherText = null;
DESCrytography.DES(plainText, ref cypherText, Key, true);

Here are the source files again.

File: DESCrytography.cs
Current Build:    4th MAR 2011
 
File: BlowFishCrytography.cs
Current Build:    4th MAR 2011

Development note: The DESCryptography and BlowFishCryptogaphy classes are not specific to any application, so I've placed them in the BroccoliProducts namespace. You are free to copy or modify the code samples.

MORE INFORMATION

The DES Algorithm Illustrated by J. Orlin Grabbe

MSDN - DESCryptoServiceProvider

Wikipedia - DES
Wikipedia - BlowFish
Contact form 
Use the contact form to send comments and requests for information to Broccoli Products.
Topic:
Message:
Email:
Return to the top of the page | Return to the home page
Broccoli Products Ltd © 1998-2012 Broccoli Products Ltd
Reg Number: 2895355
Reg Office: 27 Old Gloucester Street, London. WC1N 3AX 		Privacy Policy
Copyright Notice
Liability Disclaimer
Contact Us