Use AES instead. This module is provided only for legacy purposes.
Its keys are 64 bits long, even though 8 bits were used for integrity (now they are ignored) and do not contribute to security. The effective key length is therefore 56 bits only.
DES was never cryptographically broken, but its key length is too short by nowadays standards and it could be brute forced with some effort.
As an example, encryption can be done as follows:
>>> from Crypto.Cipher import DES >>> >>> key = b'-8B key-' >>> cipher = DES.new(key, DES.MODE_OFB) >>> plaintext = b'sona si latine loqueris ' >>> msg = cipher.iv + cipher.encrypt(plaintext)
Module’s constants for the modes of operation supported with Single DES:
|var MODE_ECB:||Electronic Code Book (ECB)|
|var MODE_CBC:||Cipher-Block Chaining (CBC)|
|var MODE_CFB:||Cipher FeedBack (CFB)|
|var MODE_OFB:||Output FeedBack (OFB)|
|var MODE_CTR:||CounTer Mode (CTR)|
|var MODE_EAX:||EAX Mode|
new(key, mode, *args, **kwargs)¶
Create a new DES cipher.
- key (bytes/bytearray/memoryview) – The secret key to use in the symmetric cipher. It must be 8 byte long. The parity bits will be ignored.
- mode (One of the supported
MODE_*constants) – The chaining mode to use for encryption or decryption.
iv (byte string) – (Only applicable for
The initialization vector to use for encryption or decryption.
MODE_OFBit must be 8 bytes long.
MODE_OPENPGPmode only, it must be 8 bytes long for encryption and 10 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext).
If not provided, a random byte string is generated (you must then read its value with the
nonce (byte string) – (Only applicable for
A value that must never be reused for any other encryption done with this key.
MODE_EAXthere are no restrictions on its length (recommended: 16 bytes).
MODE_CTR, its length must be in the range [0..7].
If not provided for
MODE_EAX, a random byte string is generated (you can read it back via the
segment_size (integer) – (Only
MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If not specified, it will be assumed to be 8.
mac_len : (integer) – (Only
MODE_EAX) Length of the authentication tag, in bytes. It must be no longer than 8 (default).
initial_value : (integer) – (Only
MODE_CTR). The initial value for the counter within the counter block. By default it is 0.
a DES object, of the applicable mode.