I need help to implement triple des algorithm with openssl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

I need help to implement triple des algorithm with openssl

Fernando A
Hi all,

I am not an expert with openssl and I need replace a component in c# that run algorithm Triple DES.
I tried in the command line something like this 
"openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out test.enc"

but the result that I obtain is diferent of result launched by the c# component.
Of course the passphrase is the same, and always file test.enc contain a phrase
that start with "Salted__..." indifferent of the contain of file test.txt.
some idea?
thanks in advance!

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: I need help to implement triple des algorithm with openssl

Matt Caswell-2


On 15/06/18 14:34, Fernando A wrote:

> Hi all,
>
> I am not an expert with openssl and I need replace a component in c#
> that run algorithm Triple DES.
> I tried in the command line something like this 
> "openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out
> test.enc"
>
> but the result that I obtain is diferent of result launched by the c#
> component.
> Of course the passphrase is the same, and always file test.enc contain a
> phrase
> that start with "Salted__..." indifferent of the contain of file test.txt.
> some idea?
> thanks in advance!

Is your c# component using a passphrase or a key? If a passphrase, how
does it generate the key from that passphrase?

By default the OpenSSL enc command uses its own key derivation function
(KDF) to generate a key from a passphrase. That KDF uses a random salt
value which it prepends to the beginning of the file. If the KDF in C#
is different (which it almost certainly is), and it doesn't use the same
file format as OpenSSL uses (which it almost certainly doesn't) then
you're going to get different results.

You can alternatively pass a key rather than a passphrase to the OpenSSL
command line.

It seems odd that you are using the command line to replace a c#
component, rather than using the OpenSSL APIs.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: I need help to implement triple des algorithm with openssl

Fernando A
Thank you Matt!,
yes it odd, the component in C# is from a third an we don't know C#, we think that for a moment we could replace that using openssl command line.

Could show me how pass a key to the openssl?

Thank you!



El vie., 15 de jun. de 2018 a la(s) 10:53, Matt Caswell ([hidden email]) escribió:


On 15/06/18 14:34, Fernando A wrote:
> Hi all,
>
> I am not an expert with openssl and I need replace a component in c#
> that run algorithm Triple DES.
> I tried in the command line something like this 
> "openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out
> test.enc"
>
> but the result that I obtain is diferent of result launched by the c#
> component.
> Of course the passphrase is the same, and always file test.enc contain a
> phrase
> that start with "Salted__..." indifferent of the contain of file test.txt.
> some idea?
> thanks in advance!

Is your c# component using a passphrase or a key? If a passphrase, how
does it generate the key from that passphrase?

By default the OpenSSL enc command uses its own key derivation function
(KDF) to generate a key from a passphrase. That KDF uses a random salt
value which it prepends to the beginning of the file. If the KDF in C#
is different (which it almost certainly is), and it doesn't use the same
file format as OpenSSL uses (which it almost certainly doesn't) then
you're going to get different results.

You can alternatively pass a key rather than a passphrase to the OpenSSL
command line.

It seems odd that you are using the command line to replace a c#
component, rather than using the OpenSSL APIs.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: I need help to implement triple des algorithm with openssl

Dave Coombs
Thank you Matt!,
yes it odd, the component in C# is from a third an we don't know C#, we think that for a moment we could replace that using openssl command line.

Could show me how pass a key to the openssl?

To use a specific key instead of deriving it from a passphrase, use -K instead of -k, with the key in hex.

Simple example:
$ echo asdf | openssl enc -des-ede3 -K 0123456789abcdef0123456789abcdef | xxd
00000000: 216e eaf3 964d 11bf                      !n...M..

If ever you're using CBC mode you would also need to specify an IV (with -iv) but you said des-ede3 which is two-key 3DES in ECB, so no need.

  -Dave


Thank you!



El vie., 15 de jun. de 2018 a la(s) 10:53, Matt Caswell ([hidden email]) escribió:


On 15/06/18 14:34, Fernando A wrote:
> Hi all,
>
> I am not an expert with openssl and I need replace a component in c#
> that run algorithm Triple DES.
> I tried in the command line something like this 
> "openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out
> test.enc"
>
> but the result that I obtain is diferent of result launched by the c#
> component.
> Of course the passphrase is the same, and always file test.enc contain a
> phrase
> that start with "Salted__..." indifferent of the contain of file test.txt.
> some idea?
> thanks in advance!

Is your c# component using a passphrase or a key? If a passphrase, how
does it generate the key from that passphrase?

By default the OpenSSL enc command uses its own key derivation function
(KDF) to generate a key from a passphrase. That KDF uses a random salt
value which it prepends to the beginning of the file. If the KDF in C#
is different (which it almost certainly is), and it doesn't use the same
file format as OpenSSL uses (which it almost certainly doesn't) then
you're going to get different results.

You can alternatively pass a key rather than a passphrase to the OpenSSL
command line.

It seems odd that you are using the command line to replace a c#
component, rather than using the OpenSSL APIs.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users