Length of encrypted output under 3DES in CBC cipher mode

Sathyaish

I have the following scenario:

Algorithm: 3DES
Cipher Mode: CBC
Key Size: 128-bit
Block Size: 64 bit
IV: 0x0000000000000000 (an eight byte array of zeros)

The results I get using .NET with the following routine are:

1. EncryptUnicode: takes a unicode string in plain text and encrypts
it, returning a unicode string.

2. DecryptUnicode: takes an encrypted unicode string as input and
decrypts it, returning plain text in a unicode string.

3. EncryptBase64: takes a plain text in a unicode string and encrypts
it, returning a base64 string.

4. DecryptBase64: takes a base64 string and decrypts it, returns a
plain text unicode string.
The source code of the routines is given at the end of this post.

I am using C#. When I take a plain text such as "hello" and put it
through EncryptBase64, and then put the output of EncryptBase64 to
DecryptBase64, I get back the plain old string, for e.g "hello". So,
this part works ok.

However, when I do the same with the other set of methods, i.e
EncryptUnicode and DecryptUnicode, it doesn't work. The call to
EncryptUnicode gives me back some string. I assume that that is the
encrypted string. When I call DecryptUnicode with that string, it gives
me an exception saying, "Bad Data".

So, my first question is:

1. Does 3DES encryption in CBC mode work only in base64 strings?

You might say, "One set of your methods work, i.e the base64 ones. Why
are you being so pedantic. Just go ahead and use them. If it works,
it's good." And you'd be right in saying that. Only, my problem is that
some other machine on another platform, probably, is going to do the
encryption using 3DES in CBC (we'll share a IV and key), and I'll have
to decrypt them.
2. My second question pertains to the length of the output in
encryption process. I found that if I give a string of a length that is
less than a multiple of eight, the encrypted output is of the length
that is equal to the the nearest, higher multiple of eight. This is
true for the EncryptUnicode method. I understand that this might be
because 3DES works with a block size of 64-bits, i.e works with data in
chunks of 64-bits, and thus because of chaining the block (the
initialization vector), it might require some memory.

We'll get to the base64 methods later. So, my second question is:

Is it not possible to give 3DES in CBC mode a X length string, where X
is a multiple of 8, and get back exactly X bytes in the output as the
encrypted string? My finding says it is NOT possible. However, the
other end which, in my case, is going to do the encryption says that,
for example, a 16-byte plain text that they are encrypting will spit
out a 16-byte encrypted output.

Here're my findings (please ignore the base64 part for now). Look at
the plain text length and the encrypted text lengths in the case of
Unicode string encryption.
Enter plain text string [Press Q to quit]: a
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 1 8
Base64 1 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: ab
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 2 8
Base64 2 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefg
_____________________________________________
Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 7 8
Base64 7 12
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefgh
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 8 16
Base64 8 24
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefghijklmno
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 15 16
Base64 15 24
--------------------------------------------------------------------------------

Enter plain text string [Press Q to quit]: abcdefghijklmnop
______________________________________________

Encoding Length (PT) Length (ET)
--------------------------------------------------------------------------------

Unicode 16 24
Base64 16 32
--------------------------------------------------------------------------------

CODE FOR THE FOUR METHODS MENTIONED ABOVE

public static string EncryptUnicode(string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;

ICryptoTransform c = p.CreateEncryptor();
byte[] bClear = asc.GetBytes(s);
byte[] bEncrypted = c.TransformFinalBlock(bClear, 0, bClear.Length);
return asc.GetString(bEncrypted);
}

public static string DecryptUnicode(string s, byte[] bkey, byte[]
bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;
ICryptoTransform c = p.CreateDecryptor();
byte[] bEncrypted = asc.GetBytes(s);
byte[] bClear = c.TransformFinalBlock(bEncrypted, 0,
bEncrypted.Length);
return asc.GetString(bClear);
}

public static string EncryptBase64(string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;

ICryptoTransform c = p.CreateEncryptor();
byte[] bClear = asc.GetBytes(s);
byte[] bEncrypted = c.TransformFinalBlock(bClear, 0, bClear.Length);
return Convert.ToBase64String(bEncrypted);
}

public static string DecryptBase64(string s, byte[] bkey, byte[] bIV)
{
ASCIIEncoding asc = new ASCIIEncoding();
TripleDESCryptoServiceProvider p = new
TripleDESCryptoServiceProvider();
p.Mode = CipherMode.CBC;
p.Key = bkey;
p.IV = bIV;
ICryptoTransform c = p.CreateDecryptor();
byte[] bEncrypted = Convert.FromBase64String(s);
byte[] bClear = c.TransformFinalBlock(bEncrypted, 0,
bEncrypted.Length);
return asc.GetString(bClear);
}

Sep 5 '06 #1

Subscribe Post Reply

7840

Joseph Ashwood

I'm coming from the crypto side, I don't know the peculiarities of .NET.

"Sathyaish" <sa*******@gmail.comwrote in message
news:11*********************@74g2000cwt.googlegrou ps.com...

Algorithm: 3DES
Cipher Mode: CBC

The source code of the routines is given at the end of this post.

Honestly, save yourself a lot of time, and effort in debugging, add a
standard MAC to the end of the data, this will detect tampering far better
than formatting, and your routines will be format agnostic, they accept a
series of octets, they output a series of octets.

Additionally, you forget the important factor in answering the length of the
encrypted output, which method of termination is being used? I suspect this
is a big part of your problem.

1. Does 3DES encryption in CBC mode work only in base64 strings?

No. 3DES works on 64-bits of data packed into 64-bits of storage. Passing it
base64 encoded data will simply result in wasted space.

Is it not possible to give 3DES in CBC mode a X length string, where X
is a multiple of 8, and get back exactly X bytes in the output as the
encrypted string?

It is a matter of the termination method in use. Most likely it is using
PKCS-style termination which requires a minimum of 1 byte, and a maximum of
BLOCK_LENGTH (8-bytes in this case).

My finding says it is NOT possible. However, the
other end which, in my case, is going to do the encryption says that,
for example, a 16-byte plain text that they are encrypting will spit
out a 16-byte encrypted output.

You need to check your settings for termination, in this case a padding
method, your decryptor is not trimming the padding off like it should.

ASCIIEncoding asc = new ASCIIEncoding();

....

byte[] bEncrypted = c.TransformFinalBlock(bClear, 0, bClear.Length);
return asc.GetString(bEncrypted);

That is most likely a problem. bEncrypted is a random series of bits, it
will not be ASCII compatible, and any semi-intelligent mapping to ASCII will
cause corruption in the value. In order to put it in an ASCII string you
will have to format it somehow.
Joe

Sep 5 '06 #2

Similar topics

Java CryptoAPI 3DES Key Compatibility

by: Michael Bebenita | last post by:

Hi, A Java application is encrypting a block of text using 3DES ECB mode and PKCS5 padding. I need to decrypt this text using C#. I've extracted the 192 bit key using the getEncoded() method of...

C# / C Sharp

CryptoStream makes encrypted data bigger than original string

by: Burke Atilla | last post by:

While encrypting data with DES through CryptoStream makes encrypted data bigger than original string. if we have 8 byte key and 8 byte of data then the mode is ECB. output encrypted data is 16 bytes...

C# / C Sharp

Decrypt string encrypted in Java

by: Carolyn Vo | last post by:

Hi there! I have a string that was encrypted in Java using the classes DESKeySpec, SecretKeyFactory, SecretKey, and Cipher. It looks like using the SecretKeyFactory puts a transparent layer on...

C# / C Sharp

Problem appending to an encrypted file

by: jasper | last post by:

How can this be done? Thanks

C# / C Sharp

Decrypting a .Net Encrypted string in VB6

by: KRoy | last post by:

I have a password stored in the Registry encrypted using System.Security.Cryptography DES Algorithm. I supplied it a password and a Initialization Vector. I am trying to decrypt it using the...

Visual Basic .NET

how to see the 'cipher' text from the output?

by: newbie | last post by:

i'm a newbie of c language. can anyone help me to implement the code so that I can get the ciphertext from the output. thanks. #ifndef _3DES_H #define _3DES_H #ifndef uint8 #define uint8 ...

C / C++

Using Python To Create An Encrypted Container

by: Michael Sperlle | last post by:

Is it possible? Bestcrypt can supposedly be set up on linux, but it seems to need changes to the kernel before it can be installed, and I have no intention of going through whatever hell that would...

Python

Length of the data to decrypt is invalid

by: Hannibal111111 | last post by:

I found this code on a site for doing string encryption/decryption. The string will encrypt fine, but I get this error when I try to decrypt. Any idea why? I posted the code below. The error...

ASP.NET

How to Store 3DES encrypted String in MySQL column

by: pradeepavelu | last post by:

plz tell me how to store a string encrypted by 3DES algorithm.i want to store password column to be stored by using this algorithm. Thanks.

MySQL Database

Benefits of Blockchain App Development for Enterprise Businesses

by: Kemmylinns12 | last post by:

Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and efficiency. While initially associated with cryptocurrencies...

General

Basic concepts of WebLogic Admin training?

by: Naresh1 | last post by:

What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge required to effectively administer and manage Oracle...

Oracle Database

HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computer

by: AndyPSV | last post by:

HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and...

General

PHP Curl Not wanting to connect to localhost.

by: Matthew3360 | last post by:

Hi, I have been trying to connect to a local host using php curl. But I am finding it hard to do this. I am doing the curl get request from my web server and have made sure to enable curl. I get a...

PHP

FPGA Question

by: Oralloy | last post by:

Hello Folks, I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA. My problem (spelled failure) is with the synthesis of my design into a bitstream, not the C++...

General

One of the easiest ways to set the background color of Excel documents in Java

by: Carina712 | last post by:

Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand. Background colors can be used to highlight important...

General

Join our open community on Discord to learn programming, SEO, and marketing

by: BLUEPANDA | last post by:

At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS starter kit that's not only easy to use but also...

General

Mastering Python: A Versatile Programming Language for All

by: Rahul1995seven | last post by:

Introduction: In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python has gained popularity among beginners and experts...

General

Hide Labels depending on checkbox value

by: ezappsrUS | last post by:

Hi, I wonder if someone knows where I am going wrong below. I have a continuous form and two labels where only one would be visible depending on the checkbox being checked or not. Below is the...

Microsoft Access / VBA