Archived Forum Post

Index of archived forum posts


Crypto++ DefaultEncryptorWithMAC

Dec 03 '14 at 09:07

I'm trying to replicate this .....

DefaultEncryptorWithMAC uses 2-key Triple DES as the default encryptor, and SHA1 as the default hash for the MAC. The block ciper is operated in CBC Mode. The password is mashed rather than derived using a Password Based Key Derivation Function. Each run through the DefaultEncryptorWithMAC produces a different result due to the use of a salt based on time and clock.

So how do I use Pbkdf1 with 2-key Triple DES ?

I understand using a salt based on time produces a different key each time but how on earth can it be decrpted again ? Obviously it can because there is a DefaultDecryptorWithMAC in the thing I'm trying to replicate



The issue boils down to both sides using the same binary secret key and IV for the encryption/decryption. If, for example, the encryption is 128-bit encryption, then the binary secret key is exactly 16 bytes. (The length in bytes of the secret key is equal to the bit-strength of the encryption algorithm divided by 8. The IV length is equal to the block-size of the algorithm itself, which for 3DES is 8 bytes.

If using an arbitrary-length password, then it must be transformed into a binary secret key of the correct length. Both sides must perform the exact same transformation.

(1) If Crypto++ is using a standard function such as PBKDF1 or PBKDF2, and if it is implemented correctly, then you should be able to match by using Chilkat's PBKDF1/2 functions. (Make sure to test using the latest versions of Chilkat -- there were issues in PBKDF1/2 in years past.) There should be published test vectors for PBKDF1/2 such that you can test exact inputs with specific settings to see if the function is producing the correct results. In other words, rather than trying to match Chilkat's PBKDF1/2 with Crypto++, verify that each produces results that agree with a published test vector.

(2) If Crypto++ is NOT using a standard function to transform the password into a binary secret key, then you would need to delve into the Crypto++ source code and duplicate what it does using Chilkat. All of the operatives required (hash functions, etc.) are likely already present in Chilkat to do whatever Crypto++ is doing.

I don't think the issue is with the 2-key Triple DES -- I think the issue is to get the matching secret key and IV.