-1

I am using 3des-ede-ebc encryption from openssl library.. the result cipher is encoded using base64. But the result cipher of encryption (both base564 and Hex encode) is different than the result from any online encryption site for same.

Eg: for 1234
My program output:

Hex : 722DDADAB2AFF81A

Base64 : ci3a2rKv+Bo=

from an online encryption tool

Hex : 0685EBBC2E239F72

Base64 : BoXrvC4jn3I=

    //keys

des_cblock key1 = {0x73,0x64,0x73,0x64,0x33,0x34,0x35,0x34};

des_cblock key3 = {0x35,0x73,0x64,0x66,0x61,0x73,0x64,0x32};

des_cblock key2 = {0x33,0x32,0x73,0x64,0x73,0x33,0x33,0x34};

//Encryption

for(int incr = 0; incr < siL_Len; incr += 8)

{
 DES_ecb3_encrypt((C_Block *)(in + incr), (C_Block *)(out + incr), &ks1, &ks2, &ks3, DES_ENCRYPT);
}

I am able to decrypt the cipher from my program result to its original value(both are different programs).. And base64 encoding is proper and verified.

I am missing something during/before encryption.May be some encoding/padding done before encryption..

what is the standard padding done for 3des ebc?? Any other pre-encryption steps are there?? I can't find any information about it ..

Can anyone help me.. thanks in advance..

GOPU SURESH
  • 1
  • 3
  • 2
    Note: *noone* should be using 3DES for *anything* in 2020. It's horribly insecure. – Jesper Juhl Apr 30 '20 at 16:51
  • @JesperJuhl This is three key triple DES. It is still considered somewhat secure, as it delivers 112 bits of security. See the [NIST recommendations](https://www.keylength.com/en/4/) for instance. So twice upvoted but kinda wrong, certainly not **horribly** insecure. Now ECB is usually insecure and the block size of 64 bits is often an issue as well. – Maarten Bodewes Apr 30 '20 at 19:39
  • Please do not use online tools without clear specifications. OpenSSL and Java will commonly use PKCS#5 padding, we don't know what the online tool will do unless you provide a link. There is no universal standard for padding (but PKCS#5 compatible padding is most common). Where is your Java code that you want to compare against? – Maarten Bodewes Apr 30 '20 at 19:43
  • I didn't wrote the java code that N compared with.. Anyway from what I checked they haven't specified the mode or padding method while initializing cipher .. So I guess the mode and method is default crossed by java.. For the padding in openssl, I thought we have to manually do it.. Atleast for ecb mode. All online tools give same output but different than mine.. – GOPU SURESH May 01 '20 at 09:04

1 Answers1

0

I found out the solution, The problem was with how I did padding, Initially i didn't do the padding. Then I used PKCS5, but concatenating the padding value to the Input was wrong.

This is how I doing the padding now. And it works.

for(k= 0;k<PadLen;k++) sprintf((char*)(intext + InputLen +k),"%C",padValue);

paddValue is unsigned char type.

Thanks for the help..

GOPU SURESH
  • 1
  • 3