Tcl Library Source Code

Bounty program for improvements to Tcl and certain Tcl packages.

[ Main Table Of Contents | Table Of Contents | Keyword Index | Categories | Modules | Applications ]


des - Implementation of the DES and triple-DES ciphers

Table Of Contents


package require Tcl 8.2
package require des 1.1

::DES::des ?-mode [ecb|cbc|cfb|ofb]? ?-dir [encrypt|decrypt]? -key keydata ?-iv vector? ?-hex? ?-weak? ?-out channel? ?-chunksize size? [ -in channel | data ]
::DES::Init mode keydata iv ?weak?
::DES::Encrypt Key data
::DES::Decrypt Key data
::DES::Reset Key iv
::DES::Final Key


This is an implementation in Tcl of the Data Encryption Standard (DES) as published by the U.S. National Institute of Standards and Technology (NIST) [1]. This implementation also supports triple DES (3DES) extension to DES. DES is a 64-bit block cipher that uses a 56-bit key. 3DES uses a 168-bit key. DES has now officially been superceeded by AES but is in common use in many protocols.

The tcllib implementation of DES and 3DES uses an implementation by Mac Cody and is available as a separate download from [2]. For anyone concerned about the details of exporting this code please see the TclDES web pages. The tcllib specific code is a wrapper to the TclDES API that presents same API for the DES cipher as for other ciphers in the library.



Internal state is maintained in an opaque structure that is returned from the Init function. In ECB mode the state is not affected by the input but for other modes some input dependent state is maintained and may be reset by calling the Reset function with a new initialization vector value.



% set ciphertext [DES::des -mode cbc -dir encrypt -key $secret $plaintext]
% set plaintext [DES::des -mode cbc -dir decrypt -key $secret $ciphertext]

set iv [string repeat \\0 8]
set Key [DES::Init cbc \\0\\1\\2\\3\\4\\5\\6\\7 $iv]
set ciphertext [DES::Encrypt $Key "somedata"]
append ciphertext [DES::Encrypt $Key "moredata"]
DES::Reset $Key $iv
set plaintext [DES::Decrypt $Key $ciphertext]
DES::Final $Key


  1. "Data Encryption Standard", Federal Information Processing Standards Publication 46-3, 1999, (

  2. "TclDES: munitions-grade Tcl scripting"


Jochen C Loewer, Mac Cody, Pat Thoyts

Bugs, Ideas, Feedback

This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category des of the Tcllib Trackers. Please also report any ideas for enhancements you may have for either package and/or documentation.

When proposing code changes, please provide unified diffs, i.e the output of diff -u.

Note further that attachments are strongly preferred over inlined patches. Attachments can be made by going to the Edit form of the ticket immediately after its creation, and then using the left-most button in the secondary navigation bar.


aes(n), blowfish(n), md5(n), rc4(n), sha1(n)


3DES, DES, block cipher, data integrity, encryption, security


Hashes, checksums, and encryption


Copyright © 2005, Pat Thoyts