Tutorial – Encryption And Decryption Using DESede (Triple DES) In Java

We learned how to do a DES Encryption /Decryption in Java in the previous tutorial. In this tutorial, we will extend our knowledge of DES Encryption to DESede also known as Triple DES.

Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA) block cipher.It is so named because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.

The standards define three keying options:

  • Keying option 1: All three keys are independent.
  • Keying option 2: K1 and K2 are independent, and K3 = K1.
  • Keying option 3: All three keys are identical, i.e. K1 = K2 = K3.

Keying option 1 is the strongest, with 3 x 56 = 168 independent key bits.

Keying option 2 provides less security, with 2 x 56 = 112 key bits. This option is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it protects against meet-in-the-middle attacks.

Keying option 3 is no better than DES, with only 56 key bits. This option provides backward compatibility with DES, because the first and second DES operations simply cancel out. It is no longer recommended by the National Institute of Standards and Technology (NIST) and not supported by ISO/IEC 18033-3.

In general Triple DES with three independent keys (keying option 1) has a key length of 168 bits (three 56-bit DES keys), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. Keying option 2, reduces the key size to 112 bits. However, this option is susceptible to certain chosen-plaintext or known-plaintext attacks and thus it is designated by NIST to have only 80 bits of security. (Information Source: Wikipedia).

The following diagram simplifies the working detail of Triple DES Algorithm.

In the following tutorial, we have used Keying Option 3, where all the keys are identical.

package com.kushal.utils;

import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

public class DESedeEncryption {

	private static final String UNICODE_FORMAT = "UTF8";
	public static final String DESEDE_ENCRYPTION_SCHEME = "DESede";
	private KeySpec myKeySpec;
	private SecretKeyFactory mySecretKeyFactory;
	private Cipher cipher;
	byte[] keyAsBytes;
	private String myEncryptionKey;
	private String myEncryptionScheme;
	SecretKey key;

	public DESedeEncryption() throws Exception
		myEncryptionKey = "ThisIsSecretEncryptionKey";
		myEncryptionScheme = DESEDE_ENCRYPTION_SCHEME;
		keyAsBytes = myEncryptionKey.getBytes(UNICODE_FORMAT);
		myKeySpec = new DESedeKeySpec(keyAsBytes);
		mySecretKeyFactory = SecretKeyFactory.getInstance(myEncryptionScheme);
		cipher = Cipher.getInstance(myEncryptionScheme);
		key = mySecretKeyFactory.generateSecret(myKeySpec);

	 * Method To Encrypt The String
	public String encrypt(String unencryptedString) {
		String encryptedString = null;
		try {
			cipher.init(Cipher.ENCRYPT_MODE, key);
			byte[] plainText = unencryptedString.getBytes(UNICODE_FORMAT);
			byte[] encryptedText = cipher.doFinal(plainText);
			BASE64Encoder base64encoder = new BASE64Encoder();
			encryptedString = base64encoder.encode(encryptedText);
		} catch (Exception e) {
		return encryptedString;
	 * Method To Decrypt An Ecrypted String
	public String decrypt(String encryptedString) {
		String decryptedText=null;
		try {
			cipher.init(Cipher.DECRYPT_MODE, key);
			BASE64Decoder base64decoder = new BASE64Decoder();
			byte[] encryptedText = base64decoder.decodeBuffer(encryptedString);
			byte[] plainText = cipher.doFinal(encryptedText);
			decryptedText= bytes2String(plainText);
		} catch (Exception e) {
		return decryptedText;
	 * Returns String From An Array Of Bytes
	private static String bytes2String(byte[] bytes) {
		StringBuffer stringBuffer = new StringBuffer();
		for (int i = 0; i < bytes.length; i++) {
			stringBuffer.append((char) bytes[i]);
		return stringBuffer.toString();

	 * Testing The DESede Encryption And Decryption Technique
	public static void main(String args []) throws Exception
		DESedeEncryption myEncryptor= new DESedeEncryption();

		String stringToEncrypt="Sanjaal.com";
		String encrypted=myEncryptor.encrypt(stringToEncrypt);
		String decrypted=myEncryptor.decrypt(encrypted);

		System.out.println("String To Encrypt: "+stringToEncrypt);
		System.out.println("Encrypted Value :" + encrypted);
		System.out.println("Decrypted Value :"+decrypted);




Here is the sample output:

String To Encrypt: Sanjaal.com
Encrypted Value :aArhqI25Y1SkYrdv9gxYDQ==
Decrypted Value :Sanjaal.com

Tagged , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

7 Responses to Tutorial – Encryption And Decryption Using DESede (Triple DES) In Java

  1. Modha says:

    Hello Kushal

    I enjoyed reading your articles ( and jokes ) at sanjaal.

    I have a question on encryption and decryption

    will this work only on UTF-8?

    I want to write a utility which encrypts a column in a database table.

    Can I use this program to read string from a database table – encrypt it and – write it back.

    Will it work if database in not in UTF-8, (I am trying to ask if it can encode some other charecter set like chinese or japanese)?
    I am trying to learn what these charecter encodings mean, excuse me if my question are basic.

    Hope to get a reply.


    • kushalzone says:

      Thank you Modha for enjoying my blogs at Sanjaal.

      Yes, the program is capable of handling the other character sets like ASCII, UTF-16 etc. UTF-8 is the unicode format, so most probably the japanese or chinese characters will be in this Character Set.

      If you know exactly what character set your database is using, you can pass that onto the getBytes () method as parameter, and do the encryption/decryption. The character sets will be defined while creating the database or database tables.

      For example, if your database character set is UTF-16, you can modify the above program where it says

      byte[] plainText = unencryptedString.getBytes(UNICODE_FORMAT);


      byte[] plainText = unencryptedString.getBytes(“UTF-16”);

      Or, if the character set defined is ASCII, you simply define the line as:

      byte[] plainText = unencryptedString.getBytes(“ASCII”);

      Also make sure you modify the following line accordingly:
      keyAsBytes = myEncryptionKey.getBytes(UNICODE_FORMAT);

      I hope it helps.

  2. Raanan says:


    Thanks for the post !!

    I have 2 questions:

    i. in your your example you wrote “…In the following tutorial, we have used Keying Option 3, where all the keys are identical.” – what make the code use option 3?

    ii. if I have a byte array that is used to build a DESedeKeySpec instance, can I tell which length is the encryption key (168 or 112)?


  3. Minal says:


    This article is very helpful. I am trying to encrypt and decrypt using DES but getting following error
    javax.crypto.BadPaddingException: Given final block not properly padded
    I tried all possible ways but problem is not solved yet. I appreciate if you could hlep me in this regards


  4. Send the code that you are trying to run, I will have a look at it.

  5. Minal says:

    code to get cipher is
    key = InternalSecretKey.getInstance();
    //keyspec = InternalSecretKey.getInstance();
    System.out.println(“Key is:”+key);

    byte[] iv = new byte[]{
    (byte)0x8E, 0x12, 0x39, (byte)0x9C,
    0x07, 0x72, 0x6F, 0x5A
    //byte[] ivBytes = null;
    //IvParameterSpec iv = new IvParameterSpec(ivBytes);
    //IvParameterSpec iv = null;

    //ecipher = Cipher.getInstance(“DES”);
    //dcipher = Cipher.getInstance(“DES”);

    ecipher = Cipher.getInstance(“DES/CBC/NoPadding”);
    dcipher = Cipher.getInstance(“DES/CBC/NoPadding”);

    AlgorithmParameterSpec algparam = new IvParameterSpec(iv);
    //IvParameterSpec iv = null;

    System.out.println(” iv ====================” + ecipher.getIV());
    //iv = new IvParameterSpec(ivBytes);

    //IvParameterSpec iv2 = new IvParameterSpec(dcipher.getIV());

    AlgorithmParameters algparamdecrypt = ecipher.getParameters();
    ecipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key, algparam);
    dcipher.init(javax.crypto.Cipher.DECRYPT_MODE, key, algparam);

    I tryed padding input stream before encryptin

    byte[] padding = null;
    byte padded[] = null;
    if (null != fileData) {

    System.out.println(“length of byte arrary before ency but before padding ” + fileData.length);
    if((fileData.length % 8) > 0){
    int offset = ((fileData.length % 8));
    System.out.println(” offset is ” + offset);
    padding = new byte[((8-offset) + fileData.length)];
    System.out.println(“lenght of fileData is ” + fileData.length);
    System.out.println(“lenght of padding is ” + padding.length);
    System.arraycopy(fileData, 0, padding, 0, fileData.length);
    for(int i = fileData.length; i < (fileData.length + (8-offset)); i++){
    padding[i] = (byte)0xbb;
    System.out.println(" padding " + padding.toString());
    System.out.println(" fileData " + fileData.toString());

    System.out.println("length of byte arrary before ency but after padding ==" + padding.length);

    AesEncryptionDecryptionUtil endeUtil = new AesEncryptionDecryptionUtil();
    byte[] fileDataEnc = null;
    if(padding != null){
    fileDataEnc = ecipher.doFinal(padding);
    fileDataEnc = ecipher.doFinal(fileData);
    System.out.println("Bytes encrypted:"+fileDataEnc.toString());

    With this padding logic code might work for .txt, .doc and .xls. However if I want to ebcrypt pdf, image files or zip files what is to be done?

    Thanking in advance

  6. Minal says:

    I would also like to know that if I am using cipher to encrypt the data, and encrypted data is stored in file/database. Next time when I decrypt the data do I need same instance of cipher which was used to encrypt the data (ofcourse with mode as decryption) or differnect instance created by passing same parameters can be used?

Leave a Reply

Your email address will not be published. Required fields are marked *