3DES Key Components

Question

I need to encrypt/decrypt data using 3DES. the Keys shared with me are in the form of;

Component 1 = 11111111111111111111111111111111

Component 2 = 22222222222222222222222222222222

KVC = ABCD1234

I need to create 3DES Key from the above components, or K1,k2,k3 sub keys,

I understand sub keys are 16 bytes long, however these are 32 bytes long.

Please share the procedure to create 3DES key.

There's really not enough information to make sense of the data you present. — President James K. Polk, Jan 13 '15 at 12:43
just need the process/algorithm that is used to translate components into KEY. the online key generator at http://www.emvlab.org/keyshares/ does not match my KCV value — kasai, Jan 13 '15 at 14:01

score 8 · Answer 1 · answered May 23 '15 at 11:14

Transform the clear components in to byte arrays using HexStringToByte standard method. Pass the 3 byte arrays to the method below. You can verify your results at http://www.emvlab.org/keyshares/. Here are sample data:

cc1: 447FC2AA6EFFFEE5405A559E88DC958C
cc2: 1086F0493DB0EFE42EDF1BC99541E96F
cc3: D1C603D64D1EDC9D3CA78CD95D168E40
result key: 853F31351E51CD9C5222C28E408BF2A3
result key kvc: 1E49C1

public static byte[] buildKey(byte[] cc1, byte[] cc2, byte[] cc3) {
  byte[] result = new byte[cc1.length];
  int i = 0;
  for (byte b1: cc1) {
    byte b2 = cc2[i];
    byte b3 = cc3[i];
    result[i] = (byte)(b1 ^ b2 ^ b3);
    i++;
  }
  return result;
}

This does not make sense, cc1, cc2 abd cc3 in hex are 16-bytes each. a 3DES full key is 24-bytes — zaph, Aug 14 '17 at 23:28

score 1 · Answer 2 · answered May 13 '15 at 19:13

1

Transform the hex strings to byte arrays. 32 chars will give you 16 bytes
3des requires 3 8-byte keys, so it needs 24 bytes. However first and third keys can be the same. So you need to expand your array to 24 bytes by copying first 8 bytes to the end. This 24 byte array is the resulting key you can use for encryption and decryption.
No to check you key - encrypt the string '0000000000000000' (8 zero bytes or 16 zero hex chars) using your key. The beginning of the encoded result must be equal to your KCV.

answered May 13 '15 at 19:13

Jedi-Philosopher

126
2
4

Hello, can you please explain how 32 chars give 16 bytes? I think that sizeof(char)=1byte. – kingsjester Oct 18 '22 at 14:06
Here we use text string containing hex values. 2 hex values encode 1 byte. Like '9F' string, which contains 2 symbols 1 byte each, means 10011111 – Jedi-Philosopher Oct 20 '22 at 16:09

score 0 · Answer 3 · edited Jun 20 '20 at 09:12

0

I was having the same issue. Continuing with the example above you have two key components:

Component 1 = 11111111111111111111111111111111

Component 2 = 22222222222222222222222222222222

You have to add a third component, as you don't have it, it will be zeros

Component 3 = 00000000000000000000000000000000

Now use the method provided by @Slav, this will give you the real master key.

byte[] masterKey = buildKey (component1, component2, component3) ; remember those values has to be in hexa.

Now let's suppose you have a Encrypted Value you will decrypt it as follows:

byte[] plainValue = tripleDESDecrypt (encryptedValue, masterKey);

If you need more detail information, please contact me to send java files.

edited Jun 20 '20 at 09:12

Community

1
1

answered Aug 14 '17 at 19:51

Carlos Emilio Mejia

11
1

Generally in 2TDEA, 2-key 3DES, the first and last 8-bytes are the same. – zaph Aug 14 '17 at 22:55
Yes you are right, but that is for the key. What we have here are components that making the XOR we will have the key. If resulting key is 16 bytes then we will add the first 8 bytes to append to the key. Generally this is done automatically in TripleDes implementation in .net – Carlos Emilio Mejia Aug 17 '17 at 21:18
"Generally this is done automatically in TripleDes implementation in .net" yes, *generally* but not always in different implementations. That would make a great addition to the answer. It really is better to provide the full 24-byte key, there is no ambiguity and is implementation agnostic.. WRT the question it is not clear what the values are, large integers, ASCII characters, hex encoded binary. You have made a generally valid choice that they are hex, that seems correct. – zaph Aug 17 '17 at 21:36

score -1 · Answer 4 · answered Jan 14 '15 at 21:29

Just use EFT calculator, which can be downloaded by following link: https://eftcalculator.codeplex.com/ Just XOR all the components you have and you will have your 3DES key. To verify the result just encrypt '0000000000000000' using the same calculator with the resulting XORed key. You will have the key check value (KCV) as result.

You have 32 bytes long 3DES key in HEX string representation. Compressing this string to bytes will give you 16 byes (1 byte == 2 hex chars of string).

Note: a 3DES key is 24-bytes.There is an online [3DES calculator](http://extranet.cryptomathic.com/descalc/index). — zaph, Aug 14 '17 at 23:32

3DES Key Components

4 Answers4