3

I need to decrypt a message that was encrypted using 3DES in OFB mode.

I have an encrypted message. I have a key. I have an IV.

I'm on a .Net platform

The encrypted message is 24 chars long in base64. The key is 24 chars long in base64. and the IV is a 64-bit binary number.

Because of the lack of examples I tried using an ECB mode example, as follows:

   public static string DecryptTextFromMemory(byte[] Data, byte[] Key, byte[] IV)
    {
        try
        {
            // Create a new MemoryStream using the passed 
            // array of encrypted data.
            MemoryStream msDecrypt = new MemoryStream(Data);

            // Create a CryptoStream using the MemoryStream 
            // and the passed key and initialization vector (IV).
            CryptoStream csDecrypt = new CryptoStream(msDecrypt,
                new TripleDESCryptoServiceProvider().CreateDecryptor(Key, IV),
                CryptoStreamMode.Read);

            // Create buffer to hold the decrypted data.
            byte[] fromEncrypt = new byte[Data.Length];

            // Read the decrypted data out of the crypto stream
            // and place it into the temporary buffer.
            csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);

            //Convert the buffer into a string and return it.
            return new ASCIIEncoding().GetString(fromEncrypt);
        }
        catch (CryptographicException e)
        {
            Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
            return null;
        }
    }

This is the error I get:

A Cryptographic error occurred: Specified key is not a valid size for this algorithm.

I've tried other code examples where I've changed the algorithm to OFB and it says it's not supported.

Can anyone please help me? I'm obviously out of my depth with this stuff so please be patient if I'm messing up somthing obvious.

There are loads of examples of 3DES decryption in ECB mode but little or nothing I can find about OFB mode.

crystal
  • 31
  • 3
  • Can anyone point me towards working examples of decrypting 3DES in OFB mode? I don't want to get bogged down in debugging this code. I shouldn't really have included it in the post. All I'm looking for is a working example of 3DES decryption in OFB mode. – crystal Feb 02 '11 at 22:53
  • 1
    possible duplicate of [How do I use 3DES decryption in C# in OFB mode?](http://stackoverflow.com/questions/4880392/how-do-i-use-3des-decryption-in-c-in-ofb-mode) – Hasturkun Feb 03 '11 at 12:22
  • Um, Hasturkun, that link is to this post. – KeithS Feb 07 '11 at 15:29

2 Answers2

2

The third-party CryptoSys API says it specifically supports Triple-DES in OFB mode. Dunno why the .NET implementation wouldn't, though a good reason may be to discourage its use in new development in favor of the much-faster Rijndael and AES ciphers.

EDIT: Just to explain, a "mode" of the algorithm is a defined way that the basic Triple-DES ciphering algorithm is leveraged to produce encrypted text. These have become standardized over most symmetric-key algorithms. OFB mode is one of two standard "stream cipher" modes, which use the base algorithm to create a "shift register" based on text it has already encrypted, allowing text after the first "block" to be encrypted one byte at a time instead of in larger "blocks".

Anyway, the "key size" error points to a specific type of problem. Triple-DES algorithms (ALL of them; this isn't implementation-specific) require a key that is exactly either 128 or 192 bits long. You're getting the key as a byte array, so you need an array that is exactly 16 or 24 elements long. This should be one of your first checks; throw an ArgumentException if the key isn't the right size. Trace the problem down the call stack until you find where the key is generated and fix the problem at its source.

Next, if you set the Mode property of the TripleDesCryptoServiceProvider to OFB, and it gives you a CryptoException either right then or when you start decrypting that the mode isn't supported, then that's a .NET limitation; the .NET developer team didn't bother to implement that mode of that algorithm in the provider. It'll be more trouble than its worth to try to roll your own; you'll have to look for a third-party implementation that can be used by .NET code. Pretty much any library registered for COM interop will do the trick, doesn't have to be written in a .NET language. There are dozens; I'd do a search for CryptoSys as, like I said, the documentation says it supports TripleDES OFB by name.

KeithS
  • 70,210
  • 21
  • 112
  • 164
  • I know nothing about decryption. I've been given an encrypted message in 3DES and have been told I have to use OFB mode in order to decrypt it. I have no choice! – crystal Feb 02 '11 at 22:32
  • Thanks for the detailed reply. My key is 24 elements long, so I don't think that's an issue. I have seen other posts on other sites from people experiencing the same problems as me and none of them have received any satisfactory answers so I'm guessing a .net limitation is the likely scenario but I'll try out some more code in a minute and post it here to establish that for myself, unless anyone else has a definitive answer. – crystal Feb 03 '11 at 08:15
1

The error message tells you precisely what the problem is: "Specified key is not a valid size for this algorithm."

You say that "The key is 24 chars long in base64". Base64 encodes 6 bits per char, so that's 144 bits in total. But a 3DES key should be 64 bits (==DES), 128 bits, or 196 bits. You have to either use a key of the appropriate length or work out what the library on the other end is doing to convert the key to an appropriate length.

Peter Taylor
  • 4,918
  • 1
  • 34
  • 59
  • @crystal, delete that comment now. You should never post keys publicly, even if they're wrong. – Peter Taylor Feb 07 '11 at 13:07
  • Thanks, @Peter. I've now had a colleague use a php component with that 24 char key to decrypt the data successfully in order to verify the data i'm using. Would you be able to comment on how that key length will work with the php component and not in this scenario? To fill you in a bit more, I was given an example of how to do this decryption in php but that's not an avenue open to me. I need to replicate the process in .net but I'm tripping up immediately over the key length. – crystal Feb 08 '11 at 10:32
  • @crystal, ask your colleague to dig through their php and tell you exactly how it's converting that value into a 3DES key. – Peter Taylor Feb 08 '11 at 11:03
  • @peter, he has no idea but this is a relevant snippet from the php example. `//initialize the encryption mechanism (no specific algorithm and mode directories) $dec = mcrypt_module_open(MCRYPT_TRIPLEDES, "", MCRYPT_MODE_NOFB, ""); //get the maximum key size for the algorithm, should always be 24 (3x8bytes for 3DES) $max_key_size = mcrypt_enc_get_key_size($dec); //build the effective decryption key which is a subset of the private key combined with the salt $decrypt_key = substr($key_buffer, $salt, $max_key_size); ` – crystal Feb 08 '11 at 12:12
  • @crystal, the last line is the key: `$decrypt_key = substr($key_buffer, $salt, $max_key_size);` It's not using the whole thing. Find out what the value of `$salt` is, and what `substr` does when asked for a substring longer than the input string. Then find the person who wrote that and tell them to stop abusing the word "salt". – Peter Taylor Feb 08 '11 at 12:29
  • Sorry if it wasn't clear, @peter, but the $max_key_size is always 24 (as hinted at in the comments). The 24 char key is extracted from a much larger string, the $key_buffer. There's a separate routine for generating the $salt but it doesn't affect this issue. – crystal Feb 08 '11 at 13:57
  • @crystal, maybe the 24-char string you have isn't actually base-64 encoded but is the 24-byte key encoded as ASCII. – Peter Taylor Feb 08 '11 at 14:31
  • @peter, I now get the error: A Cryptographic error occurred: Length of the data to decrypt is invalid. Could this be due to the OFB mode not being set, which I thought was my initial problem? – crystal Feb 08 '11 at 16:01