473,734 Members | 2,289 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Length of encrypted output under 3DES in CBC cipher mode

I have the following scenario:

Algorithm: 3DES
Cipher Mode: CBC
Key Size: 128-bit
Block Size: 64 bit
IV: 0x0000000000000 000 (an eight byte array of zeros)

The results I get using .NET with the following routine are:

1. EncryptUnicode: takes a unicode string in plain text and encrypts
it, returning a unicode string.

2. DecryptUnicode: takes an encrypted unicode string as input and
decrypts it, returning plain text in a unicode string.

3. EncryptBase64: takes a plain text in a unicode string and encrypts
it, returning a base64 string.

4. DecryptBase64: takes a base64 string and decrypts it, returns a
plain text unicode string.
The source code of the routines is given at the end of this post.

I am using C#. When I take a plain text such as "hello" and put it
through EncryptBase64, and then put the output of EncryptBase64 to
DecryptBase64, I get back the plain old string, for e.g "hello". So,
this part works ok.

However, when I do the same with the other set of methods, i.e
EncryptUnicode and DecryptUnicode, it doesn't work. The call to
EncryptUnicode gives me back some string. I assume that that is the
encrypted string. When I call DecryptUnicode with that string, it gives
me an exception saying, "Bad Data".

So, my first question is:

1. Does 3DES encryption in CBC mode work only in base64 strings?

You might say, "One set of your methods work, i.e the base64 ones. Why
are you being so pedantic. Just go ahead and use them. If it works,
it's good." And you'd be right in saying that. Only, my problem is that
some other machine on another platform, probably, is going to do the
encryption using 3DES in CBC (we'll share a IV and key), and I'll have
to decrypt them.
2. My second question pertains to the length of the output in
encryption process. I found that if I give a string of a length that is
less than a multiple of eight, the encrypted output is of the length
that is equal to the the nearest, higher multiple of eight. This is
true for the EncryptUnicode method. I understand that this might be
because 3DES works with a block size of 64-bits, i.e works with data in
chunks of 64-bits, and thus because of chaining the block (the
initialization vector), it might require some memory.

We'll get to the base64 methods later. So, my second question is:

Is it not possible to give 3DES in CBC mode a X length string, where X
is a multiple of 8, and get back exactly X bytes in the output as the
encrypted string? My finding says it is NOT possible. However, the
other end which, in my case, is going to do the encryption says that,
for example, a 16-byte plain text that they are encrypting will spit
out a 16-byte encrypted output.

Here're my findings (please ignore the base64 part for now). Look at
the plain text length and the encrypted text lengths in the case of
Unicode string encryption.
Enter plain text string [Press Q to quit]: a
_______________ _______________ _______________ _

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 1 8
Base64 1 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: ab
_______________ _______________ _______________ _

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 2 8
Base64 2 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefg
_______________ _______________ _______________
Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 7 8
Base64 7 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefgh
_______________ _______________ _______________ _

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 8 16
Base64 8 24
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefghijklmno
_______________ _______________ _______________ _

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 15 16
Base64 15 24
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefghijklmno p
_______________ _______________ _______________ _

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 16 24
Base64 16 32
--------------------------------------------------------------------------------

CODE FOR THE FOUR METHODS MENTIONED ABOVE

public static string EncryptUnicode( string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding() ;
TripleDESCrypto ServiceProvider p = new
TripleDESCrypto ServiceProvider ();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;

ICryptoTransfor m c = p.CreateEncrypt or();
byte[] bClear = asc.GetBytes(s) ;
byte[] bEncrypted = c.TransformFina lBlock(bClear, 0, bClear.Length);
return asc.GetString(b Encrypted);
}

public static string DecryptUnicode( string s, byte[] bkey, byte[]
bIV)
{
ASCIIEncoding asc = new ASCIIEncoding() ;
TripleDESCrypto ServiceProvider p = new
TripleDESCrypto ServiceProvider ();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;
ICryptoTransfor m c = p.CreateDecrypt or();
byte[] bEncrypted = asc.GetBytes(s) ;
byte[] bClear = c.TransformFina lBlock(bEncrypt ed, 0,
bEncrypted.Leng th);
return asc.GetString(b Clear);
}

public static string EncryptBase64(s tring s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding() ;
TripleDESCrypto ServiceProvider p = new
TripleDESCrypto ServiceProvider ();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;

ICryptoTransfor m c = p.CreateEncrypt or();
byte[] bClear = asc.GetBytes(s) ;
byte[] bEncrypted = c.TransformFina lBlock(bClear, 0, bClear.Length);
return Convert.ToBase6 4String(bEncryp ted);
}

public static string DecryptBase64(s tring s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding() ;
TripleDESCrypto ServiceProvider p = new
TripleDESCrypto ServiceProvider ();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;
ICryptoTransfor m c = p.CreateDecrypt or();
byte[] bEncrypted = Convert.FromBas e64String(s);
byte[] bClear = c.TransformFina lBlock(bEncrypt ed, 0,
bEncrypted.Leng th);
return asc.GetString(b Clear);
}

Sep 5 '06 #1
1 8038
I'm coming from the crypto side, I don't know the peculiarities of .NET.

"Sathyaish" <sa*******@gmai l.comwrote in message
news:11******** *************@7 4g2000cwt.googl egroups.com...
Algorithm: 3DES
Cipher Mode: CBC
The source code of the routines is given at the end of this post.
Honestly, save yourself a lot of time, and effort in debugging, add a
standard MAC to the end of the data, this will detect tampering far better
than formatting, and your routines will be format agnostic, they accept a
series of octets, they output a series of octets.

Additionally, you forget the important factor in answering the length of the
encrypted output, which method of termination is being used? I suspect this
is a big part of your problem.
1. Does 3DES encryption in CBC mode work only in base64 strings?
No. 3DES works on 64-bits of data packed into 64-bits of storage. Passing it
base64 encoded data will simply result in wasted space.
Is it not possible to give 3DES in CBC mode a X length string, where X
is a multiple of 8, and get back exactly X bytes in the output as the
encrypted string?
It is a matter of the termination method in use. Most likely it is using
PKCS-style termination which requires a minimum of 1 byte, and a maximum of
BLOCK_LENGTH (8-bytes in this case).
My finding says it is NOT possible. However, the
other end which, in my case, is going to do the encryption says that,
for example, a 16-byte plain text that they are encrypting will spit
out a 16-byte encrypted output.
You need to check your settings for termination, in this case a padding
method, your decryptor is not trimming the padding off like it should.
ASCIIEncoding asc = new ASCIIEncoding() ;
....
byte[] bEncrypted = c.TransformFina lBlock(bClear, 0, bClear.Length);
return asc.GetString(b Encrypted);
That is most likely a problem. bEncrypted is a random series of bits, it
will not be ASCII compatible, and any semi-intelligent mapping to ASCII will
cause corruption in the value. In order to put it in an ASCII string you
will have to format it somehow.
Joe
Sep 5 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
7783
by: Michael Bebenita | last post by:
Hi, A Java application is encrypting a block of text using 3DES ECB mode and PKCS5 padding. I need to decrypt this text using C#. I've extracted the 192 bit key using the getEncoded() method of the SecretKey Java class. However when I use this key in .NET i cannot decrypt the cipher text. I am pretty sure that all my settings are correct, as far as setting the ECB mode, PKCS5 padding and converting the cipher text to byte
4
4583
by: Burke Atilla | last post by:
While encrypting data with DES through CryptoStream makes encrypted data bigger than original string. if we have 8 byte key and 8 byte of data then the mode is ECB. output encrypted data is 16 bytes long. first 8 bytes is out encrypted key but last 8 byte unknown. and while decrypting if we couldn't supply this 8 bytes we couldnt decrypt data. and get exception "Bad Data" What is this 8 bytes and how can i supply this data if i have only the...
6
4446
by: Carolyn Vo | last post by:
Hi there! I have a string that was encrypted in Java using the classes DESKeySpec, SecretKeyFactory, SecretKey, and Cipher. It looks like using the SecretKeyFactory puts a transparent layer on top of the bytes from our key so when I try to decrypt using the classes in C#, I get different and invalid data. Has anyone ever been able to decrypt in C# what was originally decrypted in Java? I've read the samples from Frank Fang but they...
4
1865
by: jasper | last post by:
How can this be done? Thanks
8
5232
by: KRoy | last post by:
I have a password stored in the Registry encrypted using System.Security.Cryptography DES Algorithm. I supplied it a password and a Initialization Vector. I am trying to decrypt it using the CryptoAPI in VB6. I am using the CryptDeriveKey to generate a session key from a password. But it is not working and I am sure the password is correct. In .net I supplied an IV, when and how do I do that using
0
2064
by: newbie | last post by:
i'm a newbie of c language. can anyone help me to implement the code so that I can get the ciphertext from the output. thanks. #ifndef _3DES_H #define _3DES_H #ifndef uint8 #define uint8 unsigned char #endif
5
6775
by: Michael Sperlle | last post by:
Is it possible? Bestcrypt can supposedly be set up on linux, but it seems to need changes to the kernel before it can be installed, and I have no intention of going through whatever hell that would cause. If I could create a large file that could be encrypted, and maybe add files to it by appending them and putting in some kind of delimiter between files, maybe a homemade version of truecrypt could be constructed. Any idea what it...
0
3373
by: Hannibal111111 | last post by:
I found this code on a site for doing string encryption/decryption. The string will encrypt fine, but I get this error when I try to decrypt. Any idea why? I posted the code below. The error actually points to this line of code in byte decrypt function: cs.FlushFinalBlock(); public static byte encrypt(byte clearData, byte Key, byte IV)
1
4090
by: pradeepavelu | last post by:
plz tell me how to store a string encrypted by 3DES algorithm.i want to store password column to be stored by using this algorithm. Thanks.
0
8780
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9456
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9315
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9246
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
1
6742
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
6035
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4553
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4816
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2733
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.