Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I do an ISO 9797-1 MAC with triple DES in C#?

Tags:

c#

cryptography

hash

des

3des

I've got a project which stipulates the following encryption rules for a 24 byte block of data.

1) Cryptography should be done using full triple DES MAC algorithm as defined in 9797-1 as MAC algorithm 3 with output transformation 3 without truncation and with DES in CBC mode as block cipher with ICV set to zeros. Last 8 bytes of encrypted data constitute the value we need.

The program is saying the encryption done is wrong. Are there any other things I need to do to match the above spec?

The data is a 24 byte value and output of the encryption should be 8 bytes, I guess (as per the spec). I am getting the whole 24 bytes as output :(

I wrote the following code to achieve the said specification:

des.KeySize = 128;
des.Key = ParseHex(key);
des.Mode = CipherMode.CBC;
des.Padding = PaddingMode.None;

ICryptoTransform ic = des.CreateEncryptor();

CryptoOutput = ic.TransformFinalBlock(CryptoOutput, 0, 24);

I tried this also:

MACTripleDES des = new MACTripleDES(ParseHex(key));
byte[] CDCryptp = des.ComputeHash(CryptoOutput);
like image 988
logeeks Avatar asked May 19 '11 08:05

logeeks

2 Answers

ISO 9797-1 MAC Algorithm 3 consists of using the first DES key to perform a CBC MAC and then only for the final block perform a full 3-DES operation.

Try this:

byte[] keybytes = ParseHex(key);
byte[] key1 = new byte[8];
Array.Copy(keybytes, 0, key1, 0, 8);
byte[] key2 = new byte[8];
Array.Copy(keybytes, 8, key2, 0, 8);

DES des1 = DES.Create();
des1.Key = key1;
des1.Mode = CipherMode.CBC;
des1.Padding = PaddingMode.None;
des1.IV = new byte[8];

DES des2 = DES.Create();
des2.Key = key2;
des2.Mode = CipherMode.CBC;
des2.Padding = PaddingMode.None;
des2.IV = new byte[8];

// MAC Algorithm 3
byte[] intermediate = des1.CreateEncryptor().TransformFinalBlock(data, 0, data.Length);

// Output Transformation 3
byte[] intermediate2 = des2.CreateDecryptor().TransformFinalBlock(intermediate, intermediate.Length - 8, 8);
byte[] result = des1.CreateEncryptor().TransformFinalBlock(intermediate2, 0, 8);
like image 164
Rasmus Faber Avatar answered Nov 08 '22 17:11

Rasmus Faber

For CBC-MAC mode you should encrypt the whole message in CBC mode with zero initialization vector (IV), and take only the last 8 bytes (for DES) of the output. Also, since you need to use DES, it should have 64 bit key, not 128. If you can quote the ISO (cannot find free copy), I can describe what you should do in more details.

like image 35
Nickolay Olshevsky Avatar answered Nov 08 '22 17:11

Nickolay Olshevsky
Sign in to Comment

Related questions

Silverlight Toolkit - Create a chart like Google realtime
c# Uri loading non deterministic?
How to search through an Excel file in C#
Windows Azure Tables, querying using Contains
Gridview row clickable except for first column?
How to find performance hot spots in .Net application?
How do I hash two blocks of data with HashAlgorithm in C#?
How to load assembly into memory and execute it
Parsing Google calendar to DDay.iCal
Overloading with a class hierarchy - most derived not used
Using OleDbDataAdapter and DataSet to update Access.mdb
Splitting a rectangular image to polygons to simulate Breaking glass
Securely Handling Private Keys from Windows Key Store
URL references in namespaces, how do they work?
Enable ODP.Net logging
Error handling in UpdatePanel with <CustomErrors mode="On" />
Sending specific keys on the Numpad like +, -, / or Enter (simulating a keypress)
Maximum String Length of PrintArea in Excel
WPF Custom Control with different styles or templates?
How can I hot swap referenced DLL's without recompiling the Solution in VS2008?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!