数据加密标准外文翻译

DATA ENCRYPTION STANDARD (DES)
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Bureau of Standards in accordance with section 111 (f) (2) of the Federal Property and Administrative Services Act of 1949, as amended, Public Law 89-306 (79 Stat 1127), Executive Order 11717 (38 FR 12315, dated May 11, 1973), and Part 6 of Title 15 Code of Federal Regulations.
（1）Name of Standard. Data Encryption Standard (DES).
（2）Category of Standard. Computer Security.
（3）Explanation. The Data Encryption Standard (DES) specifies a FIPS approved cryptographic algorithm as required by FIPS 140-1. This publication provides a complete description of a mathematical algorithm for encrypting (enciphering) and decrypting (deciphering) binary coded information. Encrypting data converts it to an unintelligible form called cipher. Decrypting cipher converts the data back to its original form called plaintext. The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key.
A key consists of 64 binary digits ("O"s or "1"s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm, are used for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the key odd, i.e., there is an odd number of "1"s in each 8-bit byte1. Authorized users of encrypted computer data must have the key that was used to encipher the data in order to decrypt it. The encryption algorithm specified in this standard is commonly known among those using the standard. The unique key chosen for use in a particular application makes the results of encrypting data using the algorithm unique. Selection of a different key causes the cipher that is produced for any given set of inputs to be different. The cryptographic security of the data depends on the security provided for the key used to encipher and decipher the data.
Data can be recovered from cipher only by using exactly the same key used to encipher it. Unauthorized recipients of the cipher who know the algorithm but do not have the correct key cannot derive the original data algorithmically. However, anyone who does have the key and the algorithm can easily decipher the cipher and obtain the original data. A standard algorithm based on a secure key thus provides a basis for exchanging encrypted computer data by issuing the key used to encipher it to
those authorized to have the data.
Data that is considered sensitive by the responsible authority, data that has a high value, or data that represents a high value should be cryptographically protected if it is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. A risk analysis should be performed under the direction of a responsible authority to determine potential threats. The costs of providing cryptographic protection using this standard as well as alternative methods of providing this protection and their respective costs should be projected. A responsible authority then should make a decision, based on these analyses, whether or not to use cryptographic protection and this standard.
（4）Approving Authority. Secretary of Commerce.
（5）Maintenance Agency.U.S. Department of Commerce, National Institute of Standards and Technology, Computer Systems Laboratory.
（6）Applicability.This standard may be used by Federal departments and agencies when the following conditions apply:
①An authorized official or manager responsible for data security or the security of any computer system decides that cryptographic protection is required;
②The data is not classified according to the National Security Act of 1947, as amended, or the Atomic Energy Act of 1954, as amended.
Federal agencies or departments which use cryptographic devices for protecting data classified according to either of these acts can use those devices for protecting unclassified data in lieu of the standard.
Other FIPS approved cryptographic algorithms may be used in addition to, or in lieu of, this standard when implemented in accordance with FIPS 140-1.
In addition, this standard may be adopted and used by non-Federal Government organizations. Such use is encouraged when it provides the desired security for commercial and private organizations.
（7）Applications.Data encryption (cryptography) is utilized in various applications and environments. The specific utilization of encryption and the implementation of the DES will be based on many factors particular to the computer system and its associated components. In general, cryptography is used to protect data while it is being communicated between two points or while it is stored in a medium vulnerable to physical theft. Communication security provides protection to data by enciphering it at the transmitting point and deciphering it at the receiving point. File
security provides protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In the first case, the key must be available at the transmitter and receiver simultaneously during communication. In the second case, the key must be maintained and accessible for the duration of the storage period. FIPS 171 provides approved methods for managing the keys used by the algorithm specified in this standard.
（8）Implementations.Cryptographic modules which implement this standard shall conform to the requirements of FIPS 140-1. The algorithm specified in this standard may be implemented in software, firmware, hardware, or any combination thereof. The specific implementation may depend on several factors such as the application, the environment, the technology used, etc. Implementations which may comply with this standard include electronic devices (e.g., VLSI chip packages), micro-processors using Read Only Memory (ROM), Programmable Read Only Memory (PROM), or Electronically Erasable Read Only Memory (EEROM), and mainframe computers using Random Access Memory (RAM). When the algorithm is implemented in software or firmware, the processor on which the algorithm runs must be specified as part of the validation process. Implementations of the algorithm which are tested and validated by NIST will be considered as complying with the standard. Note that FIPS 140-1 places additional requirements on cryptographic modules for Government use. Information about devices that have been validated and procedures for testing and validating equipment for conformance with this standard and FIPS 140-1 are available from the National Institute of Standards and Technology, Computer Systems Laboratory, Gaithersburg, MD 20899.
（9）Export Control.Cryptographic devices and technical data regarding them are subject to Federal Government export controls as specified in Title 22, Code of Federal Regulations, Parts 120 through 128. Some exports of cryptographic modules implementing this standard and technical data regarding them must comply with these Federal regulations and be licensed by the U.S. Department of State. Other exports of cryptographic modules implementing this standard and technical data regarding them fall under the licensing authority of the Bureau of Export Administration of the U.S. Department of Commerce. The Department of Commerce is responsible for licensing cryptographic devices used for authentication, access control, proprietary software, automatic teller machines (ATMs), and certain devices used in other equipment and software. For advice concerning which agency has
licensing authority for a particular cryptographic device, please contact the respective agencies.
（10）Patents.Cryptographic devices implementing this standard may be covered by U.S. and foreign patents issued to the International Business Machines Corporation. However, IBM has granted nonexclusive, royalty-free licenses under the patents to make, use and sell apparatus which complies with the standard. The terms, conditions and scope of the licenses are set out in notices published in the May 13, 1975 and August 31, 1976 issues of the Official Gazette of the United States Patent and Trademark Office (934 O.G. 452 and 949 O.G. 1717).
（11）Alternative Modes of Using the DES. FIPS PUB 81, DES Modes of Operation, describes four different modes for using the algorithm described in this standard. These four modes are called the Electronic Codebook (ECB) mode, the Cipher Block Chaining (CBC) mode, the Cipher Feedback (CFB) mode, and the Output Feedback (OFB) mode. ECB is a direct application of the DES algorithm to encrypt and decrypt data; CBC is an enhanced mode of ECB which chains together blocks of cipher text; CFB uses previously generated cipher text as input to the DES to generate pseudorandom outputs which are combined with the plaintext to produce cipher, thereby chaining together the resulting cipher; OFB is identical to CFB except that the previous output of the DES is used as input in OFB while the previous.
数据加密标准（ DES ）
联邦信息处理标准出版物（符合FIPS出版）是由国家标准局根据第111条（六）（ 2 ）1949年修订的联邦财产和行政管理服务法，公法89-306 （ 79统计1127年），行政命令11717 （联邦条例法典12315-38，日期1973年5月11日），以及联邦条例法典15-6。

（1）标准的名称。

数据加密标准（ DES ）。

（2）种类标准。

计算机安全。

（3）解释。

数据加密标准（ DES ）指定了一个符合FIPS批准的加密算法的要求，符合FIPS 140-1第。

这本刊物提供了一个完整说明的数学算法加密（加密）和解密（解密）二进制编码的信息。

加密就是把数据转换为密文。

解密就是转换密文到明文。

该算法的加密和解密标准依赖于二进制构成的密钥。

一个密钥由64个二进制数字组成（“O”或“1”），其中56位是随机生成，并直接利用该算法。

算法不用其他8位，这8位用于错误检测。

错误检测位设置使平价每8位字节中有一个关键字是奇数个，比如在每个8位字节有一个单数个“1” 。

加密数据计算机授权用户必须具备密钥，这是用来加密数据和解密的。

那些使用该标准的普遍认为该标准为加密算法标准。

独特的应用软件用唯一的密钥使用该算法获得唯一的密文，不同的输入集选择不同的密钥。

加密数据的安全依赖于用于加密和解密数据的密钥的安全。

数据可以用用于加密的密钥来恢复。

未经授权的密文接收者知道算法但是没有正确的密钥是不能恢复明文的。

然而，谁知道密钥和算法就可以轻松地破译密码并获取原始数据。

一个标准的算法用密钥来加密数据安全依赖于发送密钥给那些有权拥有数据的人。

如果具有较高价值或者表现出高价值的数据很容易受到未经授权者获得或在传输过程或者存储中进行修改未被发现，主管部门认为这样敏感的数据一个受到密码保护。

主管部门履行的风险分析应确定潜在的威胁。

使用这个标准既要选择密码保护的方法又要预计各自的费用。

基于这些分析，主管部门应作出决定或者用或者不用密码保护和这个标准。

（4）审批机关。

商务部长。

（5）维修机构。

美国商业部，国家标准与技术研究所，计算机系统实验室。

（6）适用性。

当以下条件满足时联邦部门和机构可能会用这个标准：
①一经授权的官员或管理员负责保护数据安全或任何计算机系统的安全，取决于加密保护;
②修正1947年的国家安全法或1954年的原子能法，将数据归类。

联邦机构或部门使用加密装置，保护机密数据，根据上述两种情况可以使用这些设备来代替标准保护未保密的数据。

其他符合FIPS批准的加密算法，按照FIPS 140-1执行可用于除或代替这个标准。

此外，这一标准可能会被采纳并在非联邦政府组织使用。

鼓励商业和私人组织使用，它提供了理想的安全。

（7）应用。

数据加密（加密）运用在各种应用软件和环境。

具体DES加密和执行应用将基于许多因素，特别是计算机系统及其相关部件。

一般，加密是用来在两者通信保护数据，或者是保护存储在一个容易被盗窃的介质中的数据。

数据加密为通信安全提供了保障，它在发送方加密，在接收方解密。

数据加密后记录在存储介质中和破译它时从存储介质上解密为档案的安全提供了保障。

第一，在通信的过程中发送方和接收方必须同时获得密钥。

第二，密钥必须在存储时间内持续保存。

FIPS 171提供被认可的指定这个标准的算法来管理密钥。

（8）执行。

加密模块遵照FIPS 140-1的要求执行这个标准。

这个标准指定的算法可能在软件，固件，硬件，或任何组合物上实施。

具体实施可能取决于几个因素，如应用软件，环境，所使用的技术等的实现可能遵守这个标准，包括电子设备（例如，超大规模集成电路芯片封装），微型处理器使用的只读存储（ROM ），可编程只读存储（PROM），或电子可消除只读存储（EEROM），以及大型计算机使用的随机存储器（RAM ）。

当该算法在应用软件、固件或处理器上运行时，必须指定验证过程。

NIST按照标准测试和验证算法的实施。

注意FIPS 140-1对供政府使用的加密模块有额外的要求。

FIPS 140-1用于国家标准与技术研究所，计算机系统实验室，盖瑟斯堡，海事处20899 ，要求设备信息和对应用程序进行测试和验证都符合标准。

（9）出口管制。

加密装置和技术数据受到美国联邦政府联邦条例法典22条120-128部分的出口管制。

一些实施这一标准出口的加密模块和技术方面的数据，它们必须遵照这些联邦法规并获得美国国务院许可。

其他实施这一标准出口的加密模块和技术数据，就属于美国商业部当局主席团出口管理。

商业部负责对用于加密装置如认证，访问控制，专用软件，自动柜员机（ ATM ），和其他设备或软件使用的某些设备发许可证。

建议联系各自针对特定的加密设备有发放许可证权利的机构。

（10）专利权。

实施这一标准的加密装置可能涵盖美国和外国专利发给国际商用机器公司。

不过，IBM公司制造、使用和出售符合标准的设备被准予非独家免版税许可。

有关条款，条件和许可证的范围列于通告发布于1975年5月13日，1976年8月31日出版了正式的美国专利和商标事务所官方公告。

（11）DES的可选模式。

FIPS第81次出版，描述了四种不同的使用算法标准运行模式。

这四个模式分别被称为电子密码本（ECB）模式，密码块链接（CBC）模式，密码反馈（CFB）模式，和输出反馈（ ofb ）模式。

ECB直接应用DES算法对数据进行加密和解密;CBC是一个增强ECB模式，密文组被链接在了一起;CFB 使用初始生成的密文作为DES输入来产生与明文产生密文有关的伪随机输出，从而串接在一起产生密码; ofb同CFB一样，除了ofb初始的DES输出用来作为输入，而CFB初始的密码是用来作为输入。

Ofb密码不是串接在一起产生的。