🔐 DES / 3DES Encrypt & Decrypt
Client-side DES and 3DES (2-key/3-key) encryption & decryption with zero dependencies. Supports five modes (ECB/CBC/CFB/OFB/CTR) and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Independent encoding switchers for Key/IV/Input/Output (Hex/UTF-8/Base64), real-time byte-length hints, built-in NIST test vectors, persistent deprecation banner (DES 2005, 3DES Jan 2024), and K1/K2/K3 key visualization. For education and legacy interop only — keys and plaintext are not uploaded by the tool.
Direction
Algorithm Variant
Block Mode
Padding
DES / 3DES block size is 64 bits — IV must be 8 bytes (Hex: 16 chars).
Output Format
FAQ
Is DES or 3DES still safe for production?
DES provides only 56-bit effective strength — brute-forced in 22 hours in 1999; NIST withdrew FIPS 46-3 in 2005. 3DES (TDEA) is nominally 168-bit (effectively 112-bit) but limited by the Sweet32 birthday attack (CVE-2016-2183) on 64-bit block ciphers. NIST disallowed 3DES effective Jan 1, 2024. Use AES-256-GCM or ChaCha20-Poly1305 for new systems; this tool is intended for legacy decryption and education only.
What is the difference between 2-key and 3-key 3DES?
3DES chains DES three times: E_K3(D_K2(E_K1(P))). 3-key (K1≠K2≠K3, 24 bytes) gives a nominal 168-bit strength; 2-key (K1=K3≠K2, 16 bytes) yields 112-bit and was deprecated by NIST in 2015. If K1=K2=K3, 3DES degenerates into single DES. Node.js names: des-ede3-cbc (3-key) and des-ede-cbc (2-key).
PKCS#5 vs PKCS#7 padding — are they the same?
PKCS#5 was originally defined for 8-byte blocks (DES); PKCS#7 extends it to arbitrary block sizes. For DES / 3DES (8-byte blocks) the two produce identical output and are interchangeable. Java PKCS5Padding, .NET PKCS7, and CryptoJS Pkcs7 yield the same bytes for DES.
Why does the tool count bytes instead of characters?
DES key lengths are measured in bytes: DES = 8 bytes, 3DES 2-key = 16 bytes, 3DES 3-key = 24 bytes. In UTF-8, one Chinese character is 3 bytes while an ASCII character is 1 byte, so character counts are misleading. This tool shows the actual byte count versus the expected size to prevent length mismatches or silent zero-padding.
Is my data safe?
All encryption, decryption, key handling, and IV processing run locally in your browser (pure JavaScript — no external API calls), and keys and plaintext are not uploaded by the tool. Correctness is verified against Wikipedia and NBS SP 500-20 public test vectors. Still, prefer using this tool on local files or public test data rather than entering highly sensitive production keys in any browser.
Free online DES / 3DES encrypt and decrypt tool — client-side with pure JavaScript (zero dependencies). Supports single DES, 3DES 2-key (16 bytes), and 3DES 3-key (24 bytes), five block modes (ECB/CBC/CFB/OFB/CTR), and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Key/IV/Input/Output can each switch independently between Hex, UTF-8, or Base64 with live byte-length hints. Built-in NIST and Wikipedia test vectors, K1/K2/K3 key visualization, and a persistent NIST deprecation banner (DES withdrawn 2005, 3DES disallowed 2024-01-01). For education and legacy interop only — use AES-256-GCM for new systems. Keys and plaintext are not uploaded by the tool.