Single DES


Use AES instead. This module is provided only for legacy purposes.

DES (Data Encryption Standard) is a symmetric block cipher standardized in FIPS 46-3 (now withdrawn). It has a fixed data block size of 8 bytes.

Its keys are 64 bits long, even though 8 bits were used for integrity (now they are ignored) and do not contribute to security. The effective key length is therefore 56 bits only.

DES was never cryptographically broken, but its key length is too short by nowadays standards and it could be brute forced with some effort.

As an example, encryption can be done as follows:

>>> from Crypto.Cipher import DES
>>> key = b'-8B key-'
>>> cipher =, DES.MODE_OFB)
>>> plaintext = b'sona si latine loqueris '
>>> msg = cipher.iv + cipher.encrypt(plaintext)

Module’s constants for the modes of operation supported with Single DES:

var MODE_ECB:Electronic Code Book (ECB)
var MODE_CBC:Cipher-Block Chaining (CBC)
var MODE_CFB:Cipher FeedBack (CFB)
var MODE_OFB:Output FeedBack (OFB)
var MODE_CTR:CounTer Mode (CTR)
 OpenPGP Mode
var MODE_EAX:EAX Mode, mode, *args, **kwargs)

Create a new DES cipher.

  • key (bytes/bytearray/memoryview) – The secret key to use in the symmetric cipher. It must be 8 byte long. The parity bits will be ignored.
  • mode (One of the supported MODE_* constants) – The chaining mode to use for encryption or decryption.
Keyword Arguments:
  • iv (byte string) – (Only applicable for MODE_CBC, MODE_CFB, MODE_OFB, and MODE_OPENPGP modes).

    The initialization vector to use for encryption or decryption.

    For MODE_CBC, MODE_CFB, and MODE_OFB it must be 8 bytes long.

    For MODE_OPENPGP mode only, it must be 8 bytes long for encryption and 10 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext).

    If not provided, a random byte string is generated (you must then read its value with the iv attribute).

  • nonce (byte string) – (Only applicable for MODE_EAX and MODE_CTR).

    A value that must never be reused for any other encryption done with this key.

    For MODE_EAX there are no restrictions on its length (recommended: 16 bytes).

    For MODE_CTR, its length must be in the range [0..7].

    If not provided for MODE_EAX, a random byte string is generated (you can read it back via the nonce attribute).

  • segment_size (integer) – (Only MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If not specified, it will be assumed to be 8.

  • mac_len : (integer) – (Only MODE_EAX) Length of the authentication tag, in bytes. It must be no longer than 8 (default).

  • initial_value : (integer) – (Only MODE_CTR). The initial value for the counter within the counter block. By default it is 0.


a DES object, of the applicable mode.