? ? ? DES(Data Encryption Standard)是分組對稱密碼算法。DES采用了64位的分組長度和56位的密鑰長度，它將64位的輸入經(jīng)過一系列變換得到64位的輸出。解密則使用了相同的步驟和相同的密鑰。DES的密鑰長度為64位，由于第n*8(n=1,2,…8)是校驗位，因此實際參與加密的長度為56位，密鑰空間含有2^56個密鑰。

? ? ? DES算法利用多次組合替代算法和換位算法，分散和錯亂的相互作用，把明文編制成密碼強度很高的密文，它的加密和解密用的是同一算法。

? ? ? DES算法，是一種乘積密碼，其在算法結(jié)構(gòu)上主要采用了置換、代替、模二相加等函數(shù)，通過輪函數(shù)迭代的方式來進行計算和工作。

? ? ? DES算法也會使用到數(shù)據(jù)置換技術(shù)，主要有初始置換IP和逆初始置換IP^-1兩種類型。DES算法使用置換運算的目的是將原始明文的所有格式及所有數(shù)據(jù)全部打亂重排。而在輪加密函數(shù)中，即將數(shù)據(jù)全部打亂重排，同時在數(shù)據(jù)格式方面，將原有的32位數(shù)據(jù)格式，擴展成為48位數(shù)據(jù)格式，目的是為了滿足S盒組對數(shù)據(jù)長度和數(shù)據(jù)格式規(guī)范的要求。

? ? ? 一組數(shù)據(jù)信息經(jīng)過一系列的非線性變換以后，很難從中推導(dǎo)出其計算的過程和使用的非線性組合；但是如果這組數(shù)據(jù)信息使用的是線性變換，計算就容易的多。在DES算法中，屬于非線性變換的計算過程只有S盒，其余的數(shù)據(jù)計算和變換都是屬于線性變換，所以DES算法安全的關(guān)鍵在于S盒的安全強度。此外，S盒和置換IP相互配合，形成了很強的抗差分攻擊和抗線性攻擊能力，其中抗差分攻擊能力更強一些。

? ? ? DES算法是一種分組加密機制，將明文分成N個組，然后對各個組進行加密，形成各自的密文，最后把所有的分組密文進行合并，形成最終的密文。

? ? ? DES加密是對每個分組進行加密，所以輸入的參數(shù)為分組明文和密鑰，明文分組需要置換和迭代，密鑰也需要置換和循環(huán)移位。在初始置換IP中，根據(jù)一張8*8的置換表，將64位的明文打亂、打雜，從而提高加密的強度；再經(jīng)過16次的迭代運算，在這些迭代運算中，要運用到子密鑰；每組形成的初始密文，再次經(jīng)過初始逆置換IP^-1，它是初始置換的逆運算，最后得到分組的最終密文。

圖1 DES流程圖

? ? ? 圖1左半部分，DES對明文的處理經(jīng)過了三個階段。首先，64位的明文經(jīng)過初始置換(IP)而被重新排列。而后進行16輪的相同函數(shù)的作用，每輪的作用都有置換和代換。最后一輪迭代的輸出有64位，它是輸入明文和密鑰的函數(shù)。將其左半部分和右半部分互換產(chǎn)生預(yù)輸出。最后，預(yù)輸出再與初始置換(IP)互逆的逆初始置換(IP^-1)作用產(chǎn)生64位的密文。

? ? ? 圖2右半部分，給出了作用56比特密鑰的過程。DES算法的加密密鑰是64比特，但是由于密鑰的第n*8(n=1,2…8)是校驗(保證含有奇數(shù)個1)，因此實際參與加密的的密鑰只有56比特。開始時，密鑰經(jīng)過一個置換，然后經(jīng)過循環(huán)左移和另一個置換分別得到子密鑰ki，供每一輪的迭代加密使用。每輪的置換函數(shù)都一樣，但是由于密鑰位的重復(fù)迭代使得子密鑰互不相同。

? ? ? DES算法利用多次組合替代算法和換位算法，分散和錯亂的相互作用，把明文編制成密碼強度很高的密文，它的加密和解密用的是同一算法。

? ? ? DES算法詳述：DES對64位明文分組(密鑰56bit)進行操作。

? ? ? 1.?初始置換函數(shù)IP：64位明文分組x經(jīng)過一個初始置換函數(shù)IP，產(chǎn)生64位的輸出x0，再將分組x0分成左半部分L0和右半部分R0：即將輸入的第58位換到第一位，第50位換到第2位，…，依次類推，最后一位是原來的第7位。L0、R0則是換位輸出后的兩部分，L0是輸出的左32位，R0是右32位。例，設(shè)置換前的輸入值為D1D2D3…D64，則經(jīng)過初始置換后的結(jié)果為：L0=D58D50…D8；R0=D57D49…D7.其置換規(guī)則如表1所示。

? ? ? DES加密過程最后的逆置換IP^-1，是表1的逆過程。就是把原來的每一位都恢復(fù)過去，即把第1位的數(shù)據(jù)，放回到第58位，把第2位的數(shù)據(jù)，放回到第50位。

表 1

? ? ? 2. 獲取子密鑰Ki：DES加密算法的密鑰長度為56位，一般表示為64位(每個第8位用于奇偶校驗)，將用戶提供的64位初始密鑰經(jīng)過一系列的處理得到K1,K2,…,K16，分別作為1~16輪運算的16個子密鑰。

? ? ? (1). 將64位密鑰去掉8個校驗位，用密鑰置換PC-1(表2)置換剩下的56位密鑰；

表2

? ? ? (2). 將56位分成前28位C0和后28位D0，即PC-1(K56)=C0D0;

? ? ? (3). 根據(jù)輪數(shù)，這兩部分分別循環(huán)左移1位或2位，表3：

表3

? ? ? (4). 移動后，將兩部分合并成56位后通過壓縮置換PC-2(表4)后得到48位子密鑰，即Ki=PC-2(CiDi).

表4

? ? ? 子密鑰產(chǎn)生如圖2所示：

?圖2 子密鑰產(chǎn)生流程圖

? ? ? 3. 密碼函數(shù)F(非線性的)

? ? ? (1). 函數(shù)F的操作步驟：密碼函數(shù)F 的輸入是32比特數(shù)據(jù)和48比特的子密鑰：

? ? ? A．擴展置換(E):將數(shù)據(jù)的右半部分Ri從32位擴展為48位。位選擇函數(shù)(也稱E盒)，如表5所示：

表 5

? ? ? B．異或：擴展后的48位輸出E(Ri)與壓縮后的48位密鑰Ki作異或運算；

? ? ? C．S盒替代：將異或得到的48位結(jié)果分成八個6位的塊，每一塊通過對應(yīng)的一個S盒產(chǎn)生一個4位的輸出。

? ? ? S盒的具體置換過程(行和列均從0開始計數(shù))：某個Si盒的6位輸入的第1位和第6位形成一個2位的二進制數(shù)，對應(yīng)表中的某一行；輸入的中間4位構(gòu)成4位二進制數(shù)對應(yīng)表中的某一列；第8個S盒的輸入為001011，對應(yīng)第8個S盒的第1行第5列(數(shù)為6)，就用6(0110)代替原輸入001011.

? ? ? 下面給出選擇函數(shù)Si(i=1,2,…….,8)的功能表：

表 6? S1盒

表 7 S2盒

? ? ? 在此以S1為例說明其功能，在S1中，共有4行數(shù)據(jù)，命名為0，1，2，3行；每行有16列，命名為0，1，2，3，….，14，15列。現(xiàn)設(shè)輸入為：D=D1D2D3D4D5D6，令：列=D2D3D4D5，行=D1D6；然后在S1表中查的對應(yīng)的數(shù)，以4位二進制表示，此即為選擇函數(shù)S1的輸出。

? ? ? (2)、D、P盒置換：將八個S盒的輸出連在一起生成一個32位的輸出，輸出結(jié)果再通過置換P產(chǎn)生一個32位的輸出即：F(Ri,Ki)，F(Ri,Ki)算法描述如圖3，最后，將P盒置換的結(jié)果與最初的64位分組的左半部分異或，然后，左、右半部分交換，開始下一輪計算。

圖 3 F(Ri, Ki)計算

? ? ? 4.?密文輸出：經(jīng)過16次迭代運算后，得到L16、R16，將此作為輸入，進行逆置換，即得到密文輸出。逆置換正好是初始置的逆運算。例如，第1位經(jīng)過初始置換后，處于第40位，而通過逆置換，又將第40位換回到第1位，其逆置換規(guī)則如表8所示：

表 8 逆置換規(guī)則

? ? ? 圖4為DES算法加密原理圖：

圖 4 DES算法加密原理圖

? ? ? DES算法加密和解密過程采用相同的算法，并采用相同的加密密鑰和解密密鑰，兩者的區(qū)別是：(1)、DES加密是從L0、R0到L15、R15進行變換，而解密時是從L15、R15到L0、R0進行變換的；(2)、加密時各輪的加密密鑰為K0K1…K15，而解密時各輪的解密密鑰為K15K14…K0；(3)、加密時密鑰循環(huán)左移，解密時密鑰循環(huán)右移。

? ? ? DES加密過程分析：

? ? ? (1)、首先要生成64位密鑰，這64位的密鑰經(jīng)過“子密鑰算法”換轉(zhuǎn)后，將得到總共16個子密鑰。將這些子密鑰標識為Kn(n=1,2,…,16)。這些子密鑰主要用于總共十六次的加密迭代過程中的加密工具。

? ? ? (2)、其次要將明文信息按64位數(shù)據(jù)格式為一組，對所有明文信息進行分組處理。每一段的64位明文都要經(jīng)過初試置換IP，置換的目的是將數(shù)據(jù)信息全部打亂重排。然后將打亂的數(shù)據(jù)分為左右兩塊，左邊一塊共32位為一組，標識為L0；右邊一塊也是32位為一組，標識為R0.

? ? ? (3)、置換后的數(shù)據(jù)塊總共要進行總共十六次的加密迭代過程。加密迭代主要由加密函數(shù)f來實現(xiàn)。首先使用子密鑰K1對右邊32位的R0進行加密處理，得到的結(jié)果也是32位的；然后再將這個32位的結(jié)果數(shù)據(jù)與左邊32位的L0進行模2處理，從而再次得到一個32位的數(shù)據(jù)組。我們將最終得到的這個32位組數(shù)據(jù)，作為第二次加密迭代的R1，往后的每一次迭代過程都與上述過程相同。

? ? ? (4)、在結(jié)束了最后一輪加密迭代之后，會產(chǎn)生一個64位的數(shù)據(jù)信息組，然后我們將這個64位數(shù)據(jù)信息組按原有的數(shù)據(jù)排列順序平均分為左右兩等分，然后將左右兩等分的部分進行位置調(diào)換，即原來左等分的數(shù)據(jù)整體位移至右側(cè)，而原來右等分的數(shù)據(jù)則整體位移至左側(cè)，這樣經(jīng)過合并后的數(shù)據(jù)將再次經(jīng)過逆初始置換IP^-1的計算，我們最終將得到一組64位的密文。

? ? ? DES解密過程分析：DES的解密過程與它的加密過程是一樣的，這是由于DES算法本身屬于對稱密碼體制算法，其加密和解密的過程可以共用同一個過程和運算。

? ? ? DES加密函數(shù)f：在DES算法中，要將64位的明文順利加密輸出成64位的密文，而完成這項任務(wù)的核心部分就是加密函數(shù)f。加密函數(shù)f的主要作用是在第m次的加密迭代中使用子密鑰Km對Km-1進行加密操作。加密函數(shù)f在加密過程中總共需要運行16輪。

? ? ? 十六輪迭代算法：它先將經(jīng)過置換后的明文分成兩組，每組32位；同時密鑰也被分成了兩組，每組28位，兩組密鑰經(jīng)過運算，再聯(lián)合成一個48位的密鑰，參與到明文加密的運算當(dāng)中。S盒子，它由8個4*16的矩陣構(gòu)成，每一行放著0到15的數(shù)據(jù)，順序各個不同，是由IBM公司設(shè)計好的。經(jīng)過異或運算的明文，是一個48位的數(shù)據(jù)，在送入到S盒子的時候，被分成了8份，每份6位，每一份經(jīng)過一個S盒子，經(jīng)過運算后輸出為4位，即是一個0到15的數(shù)字的二進制表示形式。具體運算過程為，將輸入的6位中的第1位為第6位合并成一個二進制數(shù)，表示行號，其余4位也合并成一個二進制數(shù)，表示列號。在當(dāng)前S盒子中，以這個行號和列號為準，取出相應(yīng)的數(shù)，并以二進制的形式表示，輸出，即得到4位的輸出，8個S盒子共計32位。

? ? ? DES算法優(yōu)缺點：

? ? ? (1)、產(chǎn)生密鑰簡單，但密鑰必須高度保密，因而難以做到一次一密；

? ? ? (2)、DES的安全性依賴于密鑰的保密。攻擊破解DES算法的一個主要方法是通過密鑰搜索，使用運算速度非常高的計算機通過排列組合枚舉的方式不斷嘗試各種可能的密鑰，直到破解為止。一般，DES算法使用56位長的密鑰，通過簡單計算可知所有可能的密鑰數(shù)量最多是2^56個。隨著巨型計算機運算速度的不斷提高，DES算法的安全性也將隨之下降，然而在一般的民用商業(yè)場合，DES的安全性仍是足夠可信賴的。

? ? ? (3)、DES算法加密解密速度比較快，密鑰比較短，加密效率很高但通信雙方都要保持密鑰的秘密性，為了安全還需要經(jīng)常更換DES密鑰。

? ? ? openssl, include/des.h(des_old.h)文件中函數(shù)說明：

? ? ? 1. DES_random_key:generates a random key. The PRNG must be seeded prior to using this function(see L<rand(3)|rand(3)>).? If thePRNG could not generate a secure key, 0 is returned.

? ? ? 2.DES_set_key_checked: Before a DES key can beused, it must be converted into the architecture dependentI<DES_key_schedule> via the DES_set_key_checked() orDES_set_key_unchecked() function. DES_set_key_checked() will check that the keypassed is of odd parity and is not a week or semi-weak key.? If the parity is wrong, then -1 isreturned.? If the key is a weak key, then-2 is returned.? If an error is returned,the key schedule is not generated.

? ? ? 3. DES_set_key:works like DES_set_key_checked() if the I<DES_check_key> flag isnon-zero, otherwise like DES_set_key_unchecked().

? ? ? 4. DES_set_odd_parity:sets the parity of the passed I<key> to odd.

? ? ? 5. DES_is_weak_key:returns 1 is the passed key is a weak key, 0 if it is ok.

? ? ? 6.?DES_ecb_encrypt:the basic DES encryption routine that encrypts or decrypts a single 8-byteI<DES_cblock> in I<electronic code book> (ECB) mode.

? ? ? 7.?DES_ecb3_encrypt:encrypts/decrypts the I<input> block by using three-key Triple-DESencryption in ECB mode. This involves encrypting the input with I<ks1>,decrypting with the key schedule I<ks2>, and then encrypting withI<ks3>.? This routine greatlyreduces the chances of brute force breaking of DES and has the advantage of ifI<ks1>, I<ks2> and I<ks3> are the same, it is equivalent tojust encryption using ECB mode and I<ks1> as the key.

? ? ? 8.?DES_ecb2_encrypt:The macro is provided to perform two-key Triple-DES encryption by usingI<ks1> for the final encryption.

? ? ? 9. DES_ncbc_encrypt:encrypts/decrypts using the I<cipher-block-chaining> (CBC) mode of DES. If theI<encrypt> argument is non-zero, the routine cipher-block-chain encryptsthe cleartext data pointed to by the I<input> argument into theciphertext pointed to by the I<output> argument, using the key scheduleprovided by the I<schedule> argument, and initialization vector providedby the I<ivec> argument.? If the I<length>argument is not an integral multiple of eight bytes, the last block is copiedto a temporary area and zero filled.? Theoutput is always an integral multiple of eight bytes.

? ? ? 10. DES_xcbc_encrypt:is RSA's DESX(DESX是DES的一個改進版本，原理是利用一個隨機的二進制數(shù)與加密前的數(shù)據(jù)以及解密后的數(shù)據(jù)異或) mode of DES. It usesI<inw> and I<outw> to 'whiten' the encryption.? I<inw> and I<outw> are secret (unlikethe iv) and are as such, part of the key.?So the key is sort of 24 bytes.?This is much better than CBC DES.

? ? ? 11. DES_ede3_cbc_encrypt:implements outer triple CBC DES encryption with three keys. This mode is usedby SSL.

? ? ? 12. DES_ede2_cbc_encrypt:The macro implements two-key Triple-DES by reusing I<ks1> for the finalencryption. This form of Triple-DES is used by the RSAREF library.

? ? ? 13. DES_pcbc_encrypt:encrypt/decrypts using the propagating cipher block chaining mode used byKerberos v4. Its parameters are the same as DES_ncbc_encrypt.

? ? ? 14. DES_cfb_encrypt:encrypt/decrypts using cipher feedback mode.?This method takes an array of characters as input and outputs and arrayof characters.? It does not require anypadding to 8 character groups. Note: the I<ivec> variable is changed andthe new changed value needs to be passed to the next call to this function.? Since this function runs a complete DES ECBencryption per I<numbits>, this function is only suggested for use whensending small numbers of characters.

? ? ? 15. DES_cfb64_encrypt:implements CFB mode of DES with 64bit feedback. this routine will allow you toencrypt an arbitrary number of bytes, no 8 byte padding.? Each call to this routine will encrypt theinput bytes to output and then update ivec and num.

? ? ? 16.?DES_ede3_cfb64_encrypt:is the same as DES_cfb64_encrypt except that Triple-DES is used.

? ? ? 17. DES_ede2_cfb64_encrypt:is the same as DES_cfb64_encrypt except that Triple-DES is used.

? ? ? 18. DES_ofb_encrypt: encrypts using output feedbackmode.? This method takes an array ofcharacters as input and outputs and array of characters.? It does not require any padding to 8character groups. Note: the I<ivec> variable is changed and the newchanged value needs to be passed to the next call to this function.? Since this function runs a complete DES ECBencryption per numbits, this function is only suggested for use when sendingsmall numbers of characters.

? ? ? 19. DES_ofb64_encrypt:is the same as DES_cfb64_encrypt using Output Feed Back mode.

? ? ? 20. DES_ede3_ofb64_encrypt:is the same as DES_ofb64_encrypt, using Triple-DES.

? ? ? 21. DES_ede2_ofb64_encrypt:is the same as DES_ofb64_encrypt, using Triple-DES.

? ? ? 22. DES_cbc_cksum:produces an 8 byte checksum based on the input stream (via CBCencryption).? The last 4 bytes of thechecksum are returned and the complete 8 bytes are placed in I<output>.This function is used by Kerberos(網(wǎng)絡(luò)認證協(xié)議) v4.

? ? ? 23. DES_quad_cksum:is a Kerberos v4 function.? It returns a4 byte checksum from the input bytes.?The algorithm can be iterated over the input, depending onI<out_count>, 1, 2, 3 or 4 times.?If I<output> is non-NULL, the 8 bytes generated by each pass arewritten into I<output>.

? ? ? 24.?DES_fcrypt:is a fast version of the Unix crypt(3) function.? This version takes only a small amount ofspace relative to other fast crypt() implementations.? This is different to the normal crypt in thatthe third parameter is the buffer that the return value is written into.? It needs to be at least 14 bytes long.? This function is thread safe, unlike thenormal crypt.

? ? ? 25. DES_crypt:is a faster replacement for the normal system crypt(). This function callsDES_fcrypt() with a static array passed as the third parameter.? This emulates the normal non-thread safesemantics of crypt(3).

? ? ? 26. DES_enc_write:writes I<len> bytes to file descriptor I<fd> from bufferI<buf>. The data is encrypted via I<pcbc_encrypt> (default) usingI<sched> for the key and I<iv> as a starting vector.? The actual data send down I<fd>consists of 4 bytes (in network byte order) containing the length of thefollowing encrypted data.? The encrypted datathen follows, padded with random data out to a multiple of 8 bytes.

? ? ? 27. DES_enc_read:is used to read I<len> bytes from file descriptor I<fd> into bufferI<buf>. The data being read from I<fd> is assumed to have come fromDES_enc_write() and is decrypted using I<sched> for the key schedule andI<iv> for the initial vector.

? ? ? Note: (1).ECB mode is not suitable for mostapplications; (2). DES_3cbc_encrypt is flawed and must not beused in applications. (3).DES_cbc_encrypt does not modify B<ivec>; useDES_ncbc_encrypt instead. (4). In OpenSSL 0.9.7, all des_ functions wererenamed to DES_ to avoid clashes with older versions of libdes.

? ? ? Des modes: the variants of DES and othercrypto algorithms of OpenSSL.

? ? ? Several crypto algorithms for OpenSSL can beused in a number of modes.? Those areused for using block ciphers in a way similar to stream ciphers, among otherthings.

? ? ? 1、?ElectronicCodebook Mode (ECB): (1). Normally, this is found as the functionI<algorithm>_ecb_encrypt();(2). 64 bits are enciphered at a time;(3). The order of the blocks can be rearranged without detection; (4). The sameplaintext block always produces the same ciphertext block(for the same key)making it vulnerable to a 'dictionary attack'; (5). An error will only affect oneciphertext block.

? ? ? 2、?CipherBlock Chaining Mode (CBC): (1). Normally, this is found as the functionI<algorithm>_cbc_encrypt(). Be aware that des_cbc_encrypt() is not reallyDES CBC (it does not update the IV); use des_ncbc_encrypt() instead; (2). amultiple of 64 bits are enciphered at a time; (3). The CBC mode produces the sameciphertext whenever the same plaintext is encrypted using the same key andstarting variable; (3). The chaining operation makes the ciphertextblocks dependent on the current and all preceding plaintext blocks andtherefore blocks can not be rearranged; (4). The use of different startingvariables prevents the same plaintext enciphering to the same ciphertext; (5). An errorwill affect the current and the following ciphertext blocks.

? ? ? 3、?CipherFeedback Mode (CFB): (1). Normally, this is found as the functionI<algorithm>_cfb_encrypt(); (2). a number of bits (j) <= 64 areenciphered at a time; (3). The CFB mode produces the same ciphertextwhenever the same plaintext is encrypted using the same key and startingvariable; (4). The chaining operation makes the ciphertextvariables dependent on the current and all preceding variables and thereforej-bit variables are chained together and can not be rearranged; (5). The useof different starting variables prevents the same plaintext enciphering to thesame ciphertext; (6). The strength of the CFB mode depends on thesize of k (maximal if j == k).? In myimplementation this is always the case; (7). Selection of a small value for jwill require more cycles through the encipherment algorithm per unit ofplaintext and thus cause greater processing overheads; (8). Onlymultiples of j bits can be enciphered; (9). An error will affect the currentand the following ciphertext variables.

? ? ? 4、?OutputFeedback Mode (OFB): (1). Normally, this is found as the functionI<algorithm>_ofb_encrypt(); (2). a number of bits (j) <= 64 areenciphered at a time; (3). The OFB mode produces the same ciphertextwhenever the same plaintext enciphered using the same key and startingvariable.? Moreover, in the OFB mode thesame key stream is produced when the same key and start variable are used.? Consequently, for security reasons a specificstart variable should be used only once for a given key; (4). Theabsence of chaining makes the OFB more vulnerable to specific attacks; (5). The useof different start variables values prevents the same plaintext enciphering tothe same ciphertext, by producing different key streams; (6). Selectionof a small value for j will require more cycles through the enciphermentalgorithm per unit of plaintext and thus cause greater processing overheads;(7). Only multiples of j bits can be enciphered; (8). OFB modeof operation does not extend ciphertext errors in the resultant plaintextoutput.? Every bit error in theciphertext causes only one bit to be in error in the deciphered plaintext; (9). OFB modeis not self-synchronizing.? If the twooperation of encipherment and decipherment get out of synchronism, the systemneeds to be re-initialized; (10). Each re-initialization should usea value of the start variable different from the start variable values usedbefore with the same key.? The reason forthis is that an identical bit stream would be produced each time from the sameparameters.? This would be susceptible toa 'known plaintext' attack.

? ? ? 5、?TripleECB Mode: (1). Normally, this is found as the functionI<algorithm>_ecb3_encrypt(); (2). Encrypt with key1, decrypt withkey2 and encrypt with key3 again; (2). As for ECB encryption butincreases the key length to 168 bits. There are theoretic attacks that can beused that make the effective key length 112 bits, but this attack also requires2^56 blocks of memory, not very likely, even for the NSA; (3). If bothkeys are the same it is equivalent to encrypting once with just one key; (4). If thefirst and last key are the same, the key length is 112 bits. There are attacksthat could reduce the effective key strength to only slightly more than 56bits, but these require a lot of memory; (5). If all 3 keys are the same, thisis effectively the same as normal ecb mode.

? ? ? 6、?TripleCBC Mode: (1). Normally, this is found as the functionI<algorithm>_ede3_cbc_encrypt(); (2). Encrypt with key1, decrypt withkey2 and then encrypt with key3; (3). As for CBC encryption butincreases the key length to 168 bits with the same restrictions as for tripleecb mode.

? ? ? 參考文獻：

? ? ? 1、?《基于DES和ECC混合加密算法的數(shù)字簽名研究與應(yīng)用》

? ? ? 2、 openssl/doc