2

I need to replicate .NET code in Node.js. My hard requirement is that Triple DES encryption needs to performed with 16 byte Key & 16 byte IV. However, I searched all over but couldn't find that combination with any Node.js package. The following code complains that IV length needs to be 8 bytes in length. And it does work if I make it 8 bytes.

const crypto = require('crypto');
const text = "4111111111111111";
const des_key = Buffer.from([1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]);
const des_iv = Buffer.from([1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]);
const cipher = crypto.createCipheriv("DES-EDE-CBC", des_key, des_iv);
const encryptedText = cipher.update(text,'utf8','base64') + cipher.final('base64');
console.log("EncryptedText: " + encryptedText);

I tried other algoritms but couldn't find the length combinations I need. See my findings below.

DES-ECB -      Key: 8;  IV: 0
DES-CBC -      Key: 8;  IV: 8
DES-CFB -      Key: 8;  IV: 8
DES-CFB1 -     Key: 8;  IV: 8
DES-CFB8 -     Key: 8;  IV: 8
DES-EDE-CBC -  Key: 16; IV: 8
DES-EDE-CFB -  Key: 16; IV: 8
DES-EDE-OFB -  Key: 16; IV: 8
DES-EDE3-CBC - Key: 24; IV: 8
DESX-CBC -     Key: 24; IV: 8

Will greatly appreciate any help that I can get.

Junaidi
  • 21
  • 3
  • I've never seen a wrapper-mode construction that used an IV of a different size than the underlying cipher's block-size. If you need 16/16, is AES an option? – lockcmpxchg8b Sep 01 '18 at 22:00
  • Thanks for your comment lockcmp. If AES can produce the same output as DES with 16/16, then that would be great. But I doubt it would. – Junaidi Sep 02 '18 at 00:05
  • 1
    "My hard requirement is that Triple DES encryption needs ... 16 byte IV." Sorry, that's not how it works. The IV for modes like CBC is the same as the blocksize, which is 8 for T-DES. – President James K. Polk Sep 02 '18 at 01:32
  • Hi @JamesKPolk . I guess Microsoft's implementation of 3DES allows for IV length to be a multiple of blocksize. I think OpenSSL that Node.JS uses doesn't have this flexibity. https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.symmetricalgorithm.iv?view=netframework-4.7.2#System_Security_Cryptography_SymmetricAlgorithm_IV – Junaidi Sep 02 '18 at 02:13
  • The docs you reference say "The size of the IV property must be the same as the BlockSize property divided by 8.", and the `BlockSize` property is expressed in bits. So this says the IV must be the same size as the block. For 3DES/DES-EDE, it is common to accept keys that are 8/16/24 bytes long, but the IV should typically be 8. – lockcmpxchg8b Sep 02 '18 at 13:32
  • IV in the CBC mode is used only to encrypt the 1st block, so my best quest would be that the .NET code is silently trimming the IV array and using only subset of it. Indeed the DES (and 3DES) is implemented as 64 bit block. – gusto2 Sep 04 '18 at 10:18

0 Answers0