CMSC 414 Programming Resources

  

Homework 1 FAQ

Problem 1:
I hear that we can not use Java classes directly to generate keys or to encrypt/decrypt using DES/AES. Are we supposed to implement DES/AES from scratch?

The goal of the assignment is to learn how to use DES and AES, to see a little bit of what goes on "under the hood", and to get familiar with the various modes of encryption. JCE provides interfaces to these functions which completely hide this information. So, you should not simply call JCE and have it perform the entire encryption for you. The intention is that you will (1) generate a random key yourself (and, in the case of DES, make sure that the key is formatted appropriately); (2) generate IVs yourself, when needed; and (3) implement the modes of encryption yourself, by only accessing the primitive block cipher function (and its inverse) which, as discussed in class, maps a key and a fixed-length plaintext block to a fixed-length ciphertext block. More details follow.

Generating a random key. You should generate a random key of the appropriate length using the SecureRandom class. For more information about this, see: here. Some other sites that may be useful include this one and this one. As discussed in class, for DES you will need to make sure to appropriately format the key before using it.

Generating a random IV. As above. For CBC, CFB, and OFB modes, you should use a random IV of the same length as the block-length of the cipher you are using.

Accessing DES/AES. Unfortunately, the JCE does not provide a way to directly access to underlying DES/AES encryption/decryption algorithms. However, a simple "hack" is to make all calls to the block cipher in ECB mode using only a single block of plaintext (this was discussed in class). In particular, the only instance of a Cipher object in javax.crypto you are allowed to generate is

Cipher myCipher = Cipher.getInstance("DES/ECB/NoPadding");

Note that under NoPadding, your input to the Cipher object's doFinal methods must have size a multiple of 8-bytes.  This is OK since the problem says you can assume that the length of the input plaintext will be a multiples of 64 bits (or 128 bits in the case of AES). Note that if the length of your input plaintext is not a multiple of the correct length, you will get an IllegalBlockSizeException. 

What does the DES key look like?

It is a 64-bit key.  But only 56 bits are used.  There are 8 bits used to as parity checks for each 7-bit value of the key.  The organization is that for every 7 bit quantity, a bit of check bit follows.  This setup repeats itself for 8 times for a total of 64 bits.  What is this 8th bit?  It is an odd parity bit, meaning that the value of it depends on the 7-bits it is following.  If the number of 1's (in binary notation) is odd, then the parity bit is 0; if the number of 1's is even, then the parity bit is 1.  The parity bit makes the number of total 1's in each 8-bit quantity part of the key odd, hence Odd Parity.  The parity key is the least significant bit here.  Example:

11010110    (parity bit in yellow.  it stays yellow since there are 5 1's.)

0010010   (parity bit is 1 to make the number of 1's odd for this 8-bit quantity.)

a valid DES key example looks like (each quantity should have odd number of 1's):

11010110 00100101 10010010 11011100 00101100 10010111 00010110 01011011

Can Java check DES key for me?

Once you generate your key, call it raw_key, you may call a method that checks to see if your key is parity-adjusted (you should adjust the parity yourself, Java won't do that for you).  You can call:

boolean isGoodKey = DESKeySpec.isParityAdjusted(raw_key, 0);

where raw_key is an byte array of 8 elements, and 0 is the offset of the array you want the method to start checking (0 means it starts checking from the beginning).  This method returns a boolean value.  It the key is parity-adjusted, then it returns true; false otherwise.

Also note that this method throws InvalidKeyException (when your array's size is less than 8).  The exception must be handled correctly (caught or thrown).

How many shift bits should we assume for OFB and CFB?

You may assume a shift length equal to the block length of the cipher (i.e., 64 bits for DES and 128 bits for AES).

How do I check/ manipulate bits in Java?

Use bit-wise operators: & (AND), | (OR), ^ (XOR), ~ (NOT), >> (ARITHMETIC SHIFT RIGHT -- sign extending), << (SHIFT LEFT), >>> (LOGICAL SHIFT RIGHT -- no sign extending).  And you should also apply masking techniques.

Homework 1 FAQ