Encrypts data with 3DES-CBC (PKCS#7 padding).
The block size is 8 bytes, so the IV must also be 8 bytes. PKCS#7 padding is applied automatically, rounding the output up to the next 8-byte boundary.
@eryx/crypto/des Module
JSON
Triple-DES (3DES / TDEA) symmetric encryption.
Only Triple-DES is provided; single DES is cryptographically broken and omitted intentionally. Keys must be exactly 24 bytes (three independent 8-byte DES keys = 192-bit key material, ~112-bit effective security).
Warning
3DES is a legacy cipher. Its 64-bit block size makes it vulnerable to birthday attacks (Sweet32) in long sessions. Prefer AES for new designs.
Only CBC mode is defined for DES in PSA Crypto.
local des = require("@eryx/crypto/des")
-- Key MUST be exactly 24 bytes.
local key = buffer.fromstring("123456789012345678901234")
local iv = buffer.fromstring("12345678") -- 8 bytes
local ct = des.cbc_encrypt(key, iv, buffer.fromstring("Hello!!"))
local pt = des.cbc_decrypt(key, iv, ct)
Summary
Functions
API Reference
Functions
des.encryptCBC
des.encryptCBC(key: buffer, iv: buffer, data: buffer) → buffer
Parameters
key: buffer
Triple-DES key - exactly 24 bytes.
iv: buffer
Initialisation vector - 8 bytes.
data: buffer
Plaintext to encrypt.
Returns
buffer
Ciphertext.
des.decryptCBC
Decrypts 3DES-CBC ciphertext (strips PKCS#7 padding).
des.decryptCBC(key: buffer, iv: buffer, data: buffer) → buffer
Parameters
key: buffer
Triple-DES key - exactly 24 bytes.
iv: buffer
Initialisation vector - 8 bytes.
data: buffer
Ciphertext to decrypt.
Returns
buffer
Plaintext.