com.entrust.toolkit.security.crypto.cipher

Class TripleDesCipher

java.lang.Object

javax.crypto.CipherSpi

com.entrust.toolkit.security.crypto.cipher.SymmetricBlockCipher

com.entrust.toolkit.security.crypto.cipher.TripleDesCipher

public final class TripleDesCipher
extends SymmetricBlockCipher

An implementation of the Triple DES symmetric block cipher.

Triple DES is a symmetric block cipher that can process data blocks of 64 bits, with cipher keys of length 192 bits (represents 3 DES keys consisting of 168 security bits and 24 parity bits) or 128 bits (represents 2 DES keys consisting of 112 security bits and 16 parity bits). Thus, this implementation supports the following keying options:

Keying Option 1

K1, K2, and K3 are independent keys

Keying Option 2

K1 and K2 are independent keys and K3 = K1

An instance of this algorithm can be obtained using the Java Cryptography Architecture (JCA), by requesting a 'DESede' cipher from the Entrust cryptographic service provider. This can be done using either of the following calls:

Cipher.getInstance("DESede", "Entrust");
Cipher.getInstance("DESede/<mode>/<padding>", "Entrust");

A default block mode (mechanism) and padding mechanism are automatically used when either block mechanism or padding mechanism are not specified in the Cipher.getInstance() call. For a description of Entrust's symmetric block cipher architecture, including supported block mechanisms, padding mechanisms, and their default values, please refer to SymmetricBlockCipher.

This cipher implementation accepts keys in 'RAW' format (software keys), or keys stored on cryptographic hardware devices and accessed via the PKCS#11 interface (PKCS#11 keys). A software-based Triple DES key can be generated using the Triple DES key generation algorithm (KeyGenerator.getInstance("DESede, "Entrust") ) or manually created using an appropriate Key implementation ( javax.crypto.spec.SecretKeySpec). A PKCS#11-based Triple DES key can be created using the JNIPKCS11 class, and referenced using the TokenSymmetricKey class.

This cipher implementation only requires parameters when operated in a mode that requires an initialization vector (IV). In this case, the only algorithm parameters in transparent representation that are accepted are javax.crypto.spec.IvParameterSpec. Algorithm parameters in opaque representation are also accepted (AlgorithmParameters.getInstance("DESede, "Entrust") ), but these will need to be initialized with a transparent representation before they can be used by the cipher.

This class SHOULD NOT be used directly; it should only be used through the JCA/JCE.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

7.1

See Also:

FIPS 46-3, Data Encryption Standard (DES), Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

Constructor Summary

Constructors

Constructor and Description
TripleDesCipher() The constructor; creates a new instance of the Triple DES symmetric cipher algorithm.

Method Summary

Methods inherited from class com.entrust.toolkit.security.crypto.cipher.SymmetricBlockCipher

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUnwrap, engineUpdate, engineUpdate, engineUpdateAAD, engineWrap

Methods inherited from class javax.crypto.CipherSpi

engineDoFinal, engineUpdate, engineUpdateAAD

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TripleDesCipher

public TripleDesCipher()

The constructor; creates a new instance of the Triple DES symmetric cipher algorithm.

Applications should never use this constructor, instead the symmetric cipher algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: Cipher.getInstance("DESede", "Entrust").

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)