Encrypt a string using Triple Data encryption standard(3DES) with PKCS7 padding

1
votes

Requirement:

I have a Ruby on rails application and i need to do the following.

The following string should be encrypted using 3DES algorithm and work key. Encrypted value for ABJGTU9 will be vV51P0OGXt0=

work key is A5157A0D77B24AEA868AD73288366826

The 3DES algorithm mentioned in following document uses below steps for data encryption : i. Encrypt data using left part of key with CBC cipher mode and PKCS7 padding. ii. Decrypt data using right part of key with CBC cipher mode and no padding. iii. Encrypt data using left part of key with CBC cipher mode and without padding.

I tried the following article This is what i did and my output is "hsYUuA/Mo6A=\n" Expected is vV51P0OGXt0=

  cipher = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC')
  cipher.encrypt # Must be called before anything else

  # Generate the key and initialization vector for the algorithm.
  # Alternatively, you can specify the initialization vector and cipher key
  # specifically using `cipher.iv = 'some iv'` and `cipher.key = 'some key'`
  # cipher.pkcs5_keyivgen('SOME_PASS_PHRASE_GOES_HERE')

  key = Digest::MD5.base64digest('A5157A0D77B24AEA')
  cipher.key = key
  data = "ABJGTU9"
  output = cipher.update(data)
  output << cipher.final
  output
end

I am not sure if i am going the right way.

1
ruby-on-railsencryptioncryptography
The work key you provide could very likely BE the key; i.e. you should not do the MD5 step. EDIT (more detail): The MD5 step is often used for converting a text passphrase into a byte-array of a certain size. The work-key you provide looks like 16 bytes encoded as hex.clausc
Additionally; your output may differ from the expected due to different IVs. I do not know the specific of Ruby; but make sure IVs match (I guess you miss a step specifying the IV)clausc
@clausc the key for the cipher should be of 24 byte so i used the MD5 base64 digest which gives me the expected size, But as you mentioned iv can be an issue, I will check thatAnbazhagan p
Please note that your description states: encrypt with left part; decrypt with right part. 3DES with EDE can use a 16 byte key for this - in fact that matches your description perfectly. See en.wikipedia.org/wiki/Triple_DES, keying option 2clausc
@clausc They key before even sent to encryption, it is done like this CryptoJS.enc.Hex.parse(sec.substr(0, len)); I have the entire encryption js nowAnbazhagan p

1 Answers

0
votes

There are many things wrong in the scheme mentioned in the question:

  1. the key is a two-key triple DES key, you need to hex decode it, not perform MD5 on it;
  2. if your code doesn't work with a 128 bit DES key as shown, you should copy the first 8 bytes and append them to the end of the key (so DES key 1 and DES key 3 are identical) - OpenSSL should however work fine with keys of 16 bytes;
  3. the method of encryption described in steps i, ii and iii only works for for each separate block that needs to be encrypted - you don't need it if you already use cipher 'DES-EDE3-CBC'.

OpenSSL already pads using PKCS#7 padding by default, so there is no reason to do anything special for that.

CBC requires a unique, unpredictable IV for each encryption operation with the same key, which seems to be missing from the scheme described.