Updated 2014-01-12 21:48:50 by dkf

There is a DES package in tcllib. Since version 0.8 this has been based upon MacCody's DES implementation. Before that it used an implementation by Jochen Loewer. The current version supports all the standard cryptographic block modes: ECB, CBC, CFB and OFB. It also checks for the weak keys and will raise an error if a weak key is used.

Example Simple user interface
 % set ciphertext [DES::des -mode cbc -dir encrypt -key $secret $plaintext]
 % set plaintext [DES::des -mode cbc -dir decrypt -key $secret $ciphertext]

Programming interface (more flexible)
 set iv [string repeat \\0 8]
 set Key [DES::Init cbc \\0\\1\\2\\3\\4\\5\\6\\7 $iv]
 set ciphertext [DES::Encrypt $Key "somedata"]
 append ciphertext [DES::Encrypt $Key "moredata"]
 DES::Reset $Key $iv
 set plaintext [DES::Decrypt $Key $ciphertext]
 DES::Final $Key

Read about DES in the Handbook of Applied Cryptography [1] Chapter 7 [2]

http://www.queuecard.com/docs/RSA_faq.pdf is a large FAQ on cryptography.

Performance

A simple benchmark, testing encryption+decryption of 100.000 bytes:
 package require des

 set k [binary format H* 86A560F10EC6D85B]
 #make a 100.000 bytes long msg:
 for { set x 0 } { $x < 10000 } {incr x } {
    append msg "1234567890"
 }

 puts "Size: [string length $msg]"
 puts [time {
   set c [DES::des -mode encode -key $k $msg]
   set p [DES::des -mode decode -key $k $c]
 } 1]

Results:
 Tcl 8.4.1
 Pentium IV 1800Mhz:  8.3 seconds (linux, ActiveTcl)
 Pentium III 930Mhz:  35 seconds (linux, ActiveTcl)

See here for ActiveTcl.
 Tcl 8.3.4
 Pentium III 930Mhz:  27 seconds (linux, redhat)
 AMD K6-400Mhz: 52 seconds (linux, redhat)

23jan03 jcw - Here's an example of the "Ghz trap":
 Both based on Tcl 8.4.1 (Tclkit Nov 2002):
 Pentium IV 2400Mhz: 6.2 seconds (linux)
 PowerPC G4 1000Mhz: 10.8 seconds (macosx)

Jochen Loewer I did a pure-tcl implementation of Eric Young's fast version some years ago. The recent developement of TkVNC (pure-Tcl as well) and the missing authentication, leads me to release the code. Unfortunately, I recognize that the VNC implementation generates the key vector out of the key/password slightly different. So I reimplemented another, more readable version, whichs allows standard and VNC mode easily to be switched. I still have the old version around.

Mac Cody: Having been summarily thrust into the "me too" category, I'll let you know I'm about to release a pure-Tcl implementation of DES as well. TclDES performs both DES and 3DES (triple-DES) encryption/decryption. It supports both Electronic Code Block (ECB) and Cipher Block Chaining (CBC) modes of operation. I would have released it back last year, but time and other commitments have prevented me from doing so. Right now, I'm trying to get an opinion from the U.S. Bureau of Industry and Security on whether I can get an export license exception TSU (Technology and software unrestricted). The Export Administration Regulations (EAR) and the Wassenaar Agreements are not 100% clear on releasing 3DES. I also have a version of the code, with the 3DES capabilities stripped out, called TclDESjr. It can be freely circulated. - updated January 23, 2003.

Mac Cody: UPDATE - TclDES 0.5 and TclDESjr 0.5 are now available at [3]. The TclDES home page is at [4]. - update March 8, 2003.

AK: Nice. The last two modes officially specified modes are CFB and OFB = Cipher/Output FeedBack.

Mac Cody: UPDATE - TclDES 0.6 and TclDESjr 0.6 now support CFB and OFB as well! - September 9, 2003.

Mac Cody: UPDATE - TclDES 0.8 and TclDESjr 0.8 has been released. With TclDES 0.8, the initialization vector used in DES CBC, OFB, and CFB modes is now passed by reference (i.e. variable name) rather than by value. This allows for the CBC mode to supports ciphertext block feed-forward from procedure call to procedure call. The encryption of a message can now be split between multiple invocations of the procedure. This also applies for the OFB and CFB modes with the feedback block. The feedback facility provided in TclDES 0.7 has been removed and is now deprecated. As a result, the programming interface has changed slightly for TclDES 0.8. In addition the des::createKeys procedure now checks for DES weak keys, forcing an error if the submitted key matches one of them.

The TclDES distribution now contains the document "A Guide To TclDES". This document provides an overview of the DES and 3DES algorithms, the various modes of operation for DES/3DES, and installation and usage instructions for the TclDES library.

TclDES is now considered to be feature complete with a stable interface. Suggestions for feature additions or enhancements are still welcome, though. After a trial period of testing and feedback on the code and/or documentation, it is anticipated that the package will be pushed to version 1.0 and further development will cease. It is hoped that this complete implementation of the DES standard will become part of the tcllib distribution at that time. - October 27, 2004.

PT: the above version is part of tcllib since tcllib version 0.8