Hi David, The confusion here arises from the fact that DES uses a 56-bit key value that is passed as a 64-bit value with 8 parity bits. CryptoAPI's DES implementation uses 64-bit keys and ignores the parity bits (per the spec). TripleDES thus uses 112 or 168 bits of key value (in two-key and three-key modes, respectively), passed as 128- or 129-bit values with parity. The DES & TripleDES crypto classes in System.Security.Cryptography follow the same pattern; they accept key values with parity.
You should have no problem exchanging encrypted data between a non-.NET app using CryptoAPI and a .NET app using the managed crypto classes. In fact, System.Security.Cryptography.TripleDESCryptoServiceProvider is a wrapper on top of CryptoAPI's TripleDES implementation (in the Microsoft Enhanced or Strong CSP). Just make sure that you use the same padding mode, chaining mode, key and IV on both ends. By default, TripleDESCryptoServiceProvider uses PKCS-style padding and cipher-block chaining (CBC). Hope this helps, --Brian LaMacchia Co-author, ".NET Framework Security" -----Original Message----- From: Buksbaum, David [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 7:16 AM To: [EMAIL PROTECTED] Subject: [DOTNET] 3DES Compatibility I have noticed that the docs for the CryptoAPI states key sizes for 3DES as 2-key (112 bit) and 3-key (168 bit), and the key sizes in .NET are 128 and 192. I am wondering how I can have a non-.NET app using the CryptoAPI exchanged encrypted data with a .NET app using 3DES. Thanks David Buksbaum You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
