Crypt::TripleDES and public/private keys

I've been asked to look into TripleDES encryption for a project, and
have what may sound like a silly newbie question. Is TripleDES based on
a public-key / private-key kind of setup, such as PGP? I notice that
the documentation for Perl's "Crypt::TripleDES" module only involves
three input parameters... the plaintext to be encrypted, or the
cyphertext to be decrypted, and a passphrase. There is no reference
whatsoever to telling the module about a public or private key.

Is this really all there is to it, and communicating with another party
via TripleDES means that you have to exchange and store the common
passphrase in some other secure means?

Re: Crypt::TripleDES and public/private keys

Steve wrote in news:5o94fcFlovu5U1
@mid.individual.net:

> I've been asked to look into TripleDES encryption for a project, and
> have what may sound like a silly newbie question. Is TripleDES based on
> a public-key / private-key kind of setup, such as PGP?

http://en.wikipedia.org/wiki/Triple_DES

http://www.rsa.com/rsalabs/node.asp?id=2231

Sinan
--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(remove .invalid and reverse each component for email address)
clpmisc guidelines:

Re: Crypt::TripleDES and public/private keys

> http://en.wikipedia.org/wiki/Triple_DES
>
> http://www.rsa.com/rsalabs/node.asp?id=2231


Well, obviously I started my search with Google and Wikipedia, and
didn't find a direct answer to the question I asked. I understand that
Triple-DES involves a "key"... but is this simply referring to the
passphrase (used as a salt value), or is there a true public-key /
private-key exchange involved? If so, how does that factor in with
Perl's "Crypt::TripleDES" module... which only takes in as input the
string to encrypt/decrypt and a passphrase?

Re: Crypt::TripleDES and public/private keys

On Wed, 24 Oct 2007 14:39:27 -0400, Steve wrote:

>> http://en.wikipedia.org/wiki/Triple_DES
>>
>> http://www.rsa.com/rsalabs/node.asp?id=2231
>
>
> Well, obviously I started my search with Google and Wikipedia, and
> didn't find a direct answer to the question I asked. I understand that

Two mouse clicks took me to http://en.wikipedia.org/wiki/
Symmetric_key_algorithm. But then, I knew what I was looking for.

HTH,
M4

Re: Crypt::TripleDES and public/private keys

In article <5o9hr0Fls1v7U1@mid.individual.net>, Steve
wrote:

> > http://en.wikipedia.org/wiki/Triple_DES
> >
> > http://www.rsa.com/rsalabs/node.asp?id=2231
>
>
> Well, obviously I started my search with Google and Wikipedia, and
> didn't find a direct answer to the question I asked. I understand that
> Triple-DES involves a "key"... but is this simply referring to the
> passphrase (used as a salt value), or is there a true public-key /
> private-key exchange involved? If so, how does that factor in with
> Perl's "Crypt::TripleDES" module... which only takes in as input the
> string to encrypt/decrypt and a passphrase?

DES has a single, private key, TripleDES can have 3 keys, or just use
the same key for the three encryption steps. The same key used for
encryption is used for decryption, therefore the key must be kept
private.

In most public-private encryption schemes, a symmetric,
private-key-only method is used to actually encrypt and decrypt the
message, because the symmetric methods are usually much faster than the
public/private methods. What is done is to encrypt the symmetric key(s)
using the slower public-private algorithm. The receiver uses the public
key to decrypt the symmetric key, and uses that key to decrypt the
message using the fast symmetric method.

--
Jim Gibson

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com

Re: Crypt::TripleDES and public/private keys

.... but how does this relate back to Perl, through the
"Crypt::TripleDES" module? This module does not appear to take in a key
as any of its input parameters... just the text to be
encrypted/decrypted, and a passphrase. Is what "Crypt::TripleDES" calls
the "passphrase" actually the private key value that you're referring
to? I do appreciate all the background information, but is anyone out
there actually using this "Crypt::TripleDES" module in Perl?

Re: Crypt::TripleDES and public/private keys

In article <5obi6tFm1i9fU1@mid.individual.net>,
Steve wrote:
>... but how does this relate back to Perl, through the
>"Crypt::TripleDES" module? This module does not appear to take in a key
>as any of its input parameters... just the text to be
>encrypted/decrypted, and a passphrase. Is what "Crypt::TripleDES" calls
>the "passphrase" actually the private key value that you're referring
>to? I do appreciate all the background information, but is anyone out
>there actually using this "Crypt::TripleDES" module in Perl?

This question turns out to be more interesting than it seemed at first.
In general, a "passphrase" is something that's used to generate a "key".
The difference between them is that the passphrase is made of text, so
it can be entered manually by the user. Text doesn't have a high density
of unpredictable bits, so the passphrase is usually hashed to create a
key.

However, in the case of Crypt/TripleDES.pm we have this:

$passphrase .= ' ' x (16*3);

for ( 0..2 ) {
my @kvs = Crypt::PPDES::des_set_key( pack( "H*", substr($passphrase, 16*
$_, 16 )));
$keyvecs{$_} = \@kvs;
}

So the passphrase is padded with spaces to 48 characters, then split
into groups of 16 characters, and interpreted as hex numbers. So the
passphrase in this case should actually be the key you want, expressed
in hex. I suspect the author made a mistake. (Why pad with spaces if
you're going to interpret them as numbers? Wouldn't zeros make more
sense?)

The documentation is misleading:

The passphrase is an ASCII character string of upto 48 characters.

48 characters which will go through an "H*" packing! perlfunc says that
packing isn't even well-defined for all inputs.

--
Alan Curry
pacman@world.std.com