Developer Reference


TDES Functions

The TDES algorithm is considered weak due to known attacks on it. The functionality remains in the library, but the implementation will no longer be optimized and no security patches will be applied. A more secure alternative is available: AES. For more information, see
Transitioning the Use of Cryptographic Algorithms and Key Lengths
Update to Current Use and Deprecation of TDEA
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
The Triple Data Encryption Algorithm (TDEA) is a revised symmetric algorithm scheme built on the Data Encryption Standard (DES) system. The Triple DES (TDES) encryption process includes three consecutive DES operations in the encryption, decryption, and encryption (E-D-E) sequence again in accordance with the American standard FIPS 46-3. While AES (Rijndael) is preferred, TDEA is an approved cipher. Use implementations of AES where possible. In cases where using AES is impossible or inconvenient, use TDES functions.
Although the functions that support TDES operations require three sets of round keys, the functions can operate under TDES cipher system with a two-set round keys by simply setting the third set of round keys to be the same as the first set.
You can use the functions described in this section for performing various operational modes under the TDES cipher systems.
Intel IPP functions for cryptography do not allocate memory internally. The
function does not require allocated memory. You need to call the
function to find out how much available memory you need to have to work with the selected algorithm and after that you call the initialization function to create a memory buffer and initialize it.
Intel IPP for cryptography supports ECB, CBC, CFB, and CTR modes. You can tell which algorithm a given function supports from the function base name, for example, the
function operates under the ECB mode.
The encryption function
operates under the CBC mode using its cipher scheme and requires to have an initialization vector
. Since there are a number of ways to initialize the initialization vector
, you should remember which of them you used to be able to decrypt the message when needed.
The encryption function
operates under the CFB mode using its cipher scheme and requires having the initialization vector
and CFB block size
All functions described in this section use the context
to serve as an operational vehicle that carries a set of round keys.
Application code for conducting a typical encryption under CBC mode using the TDES scheme must perform the following sequence of operations:
  1. Get the size required to configure the context
    by calling the function
  2. Call operating system memory allocation service function to allocate three buffers whose sizes are not less than the one specified by the function
    . Initialize pointers to contexts
    , and
    by calling the function
    three times, each with the allocated buffer and the respective DES key.
  3. Specify the initialization vector and then call the function
    to encrypt the input data stream under CBC mode using TDES scheme.
  4. Clean up secret data stored in the contexts.
  5. Free the memory allocated to the buffer once TDES encryption under the CBC mode has been completed and the data structures allocated for set of round keys are no longer required.
Similar procedure can be applied for ECB, CFB, and CTR mode operation.
context is position-dependent. The
functions transform the position-dependent context to a position-independent form and vice versa.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at