Length of encrypted output under 3DES in CBC cipher mode

Sathyaish

I have the following scenario:

Algorithm: 3DES
Cipher Mode: CBC
Key Size: 128-bit
Block Size: 64 bit
IV: 0x0000000000000000 (an eight byte array of zeros)

The results I get using .NET with the following routine are:

1. EncryptUnicode: takes a unicode string in plain text and encrypts
it, returning a unicode string.

2. DecryptUnicode: takes an encrypted unicode string as input and
decrypts it, returning plain text in a unicode string.

3. EncryptBase64: takes a plain text in a unicode string and encrypts
it, returning a base64 string.

4. DecryptBase64: takes a base64 string and decrypts it, returns a
plain text unicode string.
The source code of the routines is given at the end of this post.

I am using C#. When I take a plain text such as "hello" and put it
through EncryptBase64, and then put the output of EncryptBase64 to
DecryptBase64, I get back the plain old string, for e.g "hello". So,
this part works ok.

However, when I do the same with the other set of methods, i.e
EncryptUnicode and DecryptUnicode, it doesn't work. The call to
EncryptUnicode gives me back some string. I assume that that is the
encrypted string. When I call DecryptUnicode with that string, it gives
me an exception saying, "Bad Data".

So, my first question is:

1. Does 3DES encryption in CBC mode work only in base64 strings?

You might say, "One set of your methods work, i.e the base64 ones. Why
are you being so pedantic. Just go ahead and use them. If it works,
it's good." And you'd be right in saying that. Only, my problem is that
some other machine on another platform, probably, is going to do the
encryption using 3DES in CBC (we'll share a IV and key), and I'll have
to decrypt them.
2. My second question pertains to the length of the output in
encryption process. I found that if I give a string of a length that is
less than a multiple of eight, the encrypted output is of the length
that is equal to the the nearest, higher multiple of eight. This is
true for the EncryptUnicode method. I understand that this might be
because 3DES works with a block size of 64-bits, i.e works with data in
chunks of 64-bits, and thus because of chaining the block (the
initialization vector), it might require some memory.

We'll get to the base64 methods later. So, my second question is:

Is it not possible to give 3DES in CBC mode a X length string, where X
is a multiple of 8, and get back exactly X bytes in the output as the
encrypted string? My finding says it is NOT possible. However, the
other end which, in my case, is going to do the encryption says that,
for example, a 16-byte plain text that they are encrypting will spit
out a 16-byte encrypted output.

Here're my findings (please ignore the base64 part for now). Look at
the plain text length and the encrypted text lengths in the case of
Unicode string encryption.
Enter plain text string [Press Q to quit]: a
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 1 8
Base64 1 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: ab
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 2 8
Base64 2 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefg
_____________________________________________
Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 7 8
Base64 7 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefgh
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 8 16
Base64 8 24
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefghijklmno
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 15 16
Base64 15 24
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefghijklmnop
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 16 24
Base64 16 32
--------------------------------------------------------------------------------

CODE FOR THE FOUR METHODS MENTIONED ABOVE

public static string EncryptUnicode(string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;

ICryptoTransform c = p.CreateEncryptor();
byte[] bClear = asc.GetBytes(s);
byte[] bEncrypted = c.TransformFinalBlock(bClear, 0, bClear.Length);
return asc.GetString(bEncrypted);
}

public static string DecryptUnicode(string s, byte[] bkey, byte[]
bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;
ICryptoTransform c = p.CreateDecryptor();
byte[] bEncrypted = asc.GetBytes(s);
byte[] bClear = c.TransformFinalBlock(bEncrypted, 0,
bEncrypted.Length);
return asc.GetString(bClear);
}

public static string EncryptBase64(string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;

ICryptoTransform c = p.CreateEncryptor();
byte[] bClear = asc.GetBytes(s);
byte[] bEncrypted = c.TransformFinalBlock(bClear, 0, bClear.Length);
return Convert.ToBase64String(bEncrypted);
}

public static string DecryptBase64(string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;
ICryptoTransform c = p.CreateDecryptor();
byte[] bEncrypted = Convert.FromBase64String(s);
byte[] bClear = c.TransformFinalBlock(bEncrypted, 0,
bEncrypted.Length);
return asc.GetString(bClear);
}

Sep 5 '06 #1

Subscribe Post Reply

7983

Joseph Ashwood

I'm coming from the crypto side, I don't know the peculiarities of .NET.

"Sathyaish" <sa*******@gmail.comwrote in message
news:11*********************@74g2000cwt.googlegrou ps.com...

Algorithm: 3DES
Cipher Mode: CBC

The source code of the routines is given at the end of this post.

Honestly, save yourself a lot of time, and effort in debugging, add a
standard MAC to the end of the data, this will detect tampering far better
than formatting, and your routines will be format agnostic, they accept a
series of octets, they output a series of octets.

Additionally, you forget the important factor in answering the length of the
encrypted output, which method of termination is being used? I suspect this
is a big part of your problem.

1. Does 3DES encryption in CBC mode work only in base64 strings?

No. 3DES works on 64-bits of data packed into 64-bits of storage. Passing it
base64 encoded data will simply result in wasted space.

Is it not possible to give 3DES in CBC mode a X length string, where X
is a multiple of 8, and get back exactly X bytes in the output as the
encrypted string?

It is a matter of the termination method in use. Most likely it is using
PKCS-style termination which requires a minimum of 1 byte, and a maximum of
BLOCK_LENGTH (8-bytes in this case).

My finding says it is NOT possible. However, the
other end which, in my case, is going to do the encryption says that,
for example, a 16-byte plain text that they are encrypting will spit
out a 16-byte encrypted output.

You need to check your settings for termination, in this case a padding
method, your decryptor is not trimming the padding off like it should.

ASCIIEncoding asc = new ASCIIEncoding();

....

byte[] bEncrypted = c.TransformFinalBlock(bClear, 0, bClear.Length);
return asc.GetString(bEncrypted);

That is most likely a problem. bEncrypted is a random series of bits, it
will not be ASCII compatible, and any semi-intelligent mapping to ASCII will
cause corruption in the value. In order to put it in an ASCII string you
will have to format it somehow.
Joe

Sep 5 '06 #2

Similar topics

Java CryptoAPI 3DES Key Compatibility

by: Michael Bebenita | last post by:

Hi, A Java application is encrypting a block of text using 3DES ECB mode and PKCS5 padding. I need to decrypt this text using C#. I've extracted the 192 bit key using the getEncoded() method of...

C# / C Sharp

CryptoStream makes encrypted data bigger than original string

by: Burke Atilla | last post by:

While encrypting data with DES through CryptoStream makes encrypted data bigger than original string. if we have 8 byte key and 8 byte of data then the mode is ECB. output encrypted data is 16 bytes...

C# / C Sharp

Decrypt string encrypted in Java

by: Carolyn Vo | last post by:

Hi there! I have a string that was encrypted in Java using the classes DESKeySpec, SecretKeyFactory, SecretKey, and Cipher. It looks like using the SecretKeyFactory puts a transparent layer on...

C# / C Sharp

Problem appending to an encrypted file

by: jasper | last post by:

How can this be done? Thanks

C# / C Sharp

Decrypting a .Net Encrypted string in VB6

by: KRoy | last post by:

I have a password stored in the Registry encrypted using System.Security.Cryptography DES Algorithm. I supplied it a password and a Initialization Vector. I am trying to decrypt it using the...

Visual Basic .NET

how to see the 'cipher' text from the output?

by: newbie | last post by:

i'm a newbie of c language. can anyone help me to implement the code so that I can get the ciphertext from the output. thanks. #ifndef _3DES_H #define _3DES_H #ifndef uint8 #define uint8 ...

C / C++

Using Python To Create An Encrypted Container

by: Michael Sperlle | last post by:

Is it possible? Bestcrypt can supposedly be set up on linux, but it seems to need changes to the kernel before it can be installed, and I have no intention of going through whatever hell that would...

Python

Length of the data to decrypt is invalid

by: Hannibal111111 | last post by:

I found this code on a site for doing string encryption/decryption. The string will encrypt fine, but I get this error when I try to decrypt. Any idea why? I posted the code below. The error...

ASP.NET

How to Store 3DES encrypted String in MySQL column

by: pradeepavelu | last post by:

plz tell me how to store a string encrypted by 3DES algorithm.i want to store password column to be stored by using this algorithm. Thanks.

MySQL Database

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General