Hi Valentina, Answering your questions in order:
1. Each TripleDESCryptoServiceProvider object represents a single 128-bit or 192-bit encryption/decryption key. If you have two different keys that you want to use just create two objects (one per key), or specify the keys you want to use when you call the CreateEncryptor/CreateDecryptor methods. 2. TripleDES, by definition, works only with a 128- or 192-bit key (counting the parity bits, see my previous posting for details on that). If you want to encrypt some data sequentially using two 128-bit keys, you can do that by creating two ICryptoTransforms (one per encryption), and sequentially wrapping one CryptoStream around another CryptoStream around the source/target plaintext/ciphertext. 3. By default DES/TripleDESCryptoServiceProvider and RijndaelManaged (there isn't a RijndaelCryptoServiceProvider) are initialized to largest key size available (64 for DES, 192 for TripleDES, 256 for Rijndael), CBC chaining mode, PKCS-style padding mode. Since number of rounds & S-box design are defined by the algorithm specifications, we do not expose mechanisms for changing those values. If you want to implement your own variant algorithm you'll need to subclass SymmetricAlgorithm and implement the S-boxes you like. (CryptoAPI doesn't let you changes rounds/S-boxes either.) Strong caution: good S-box design is an art. It is very easy to design poor S-boxes that are cryptographically weak. Don't roll your own crypto algorithm unless you're doing it strictly for educational purposes. 4. CryptoAPI (depending on platform) supports 128-bit keys. You need to have the "high encryption pack" installed if you're running Win2K or earlier. See the FAQ at http://www.gotdotnet.com/compare/clr/cryptofaq.htm for more details. Hope this helps, --Brian LaMacchia Co-author, ".NET Framework Security" -----Original Message----- From: Valentina Shkolnikov [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 5:41 PM To: [EMAIL PROTECTED] Subject: [DOTNET] Customizing .NET Symmetric Algorithms wrappers ? Does anybody know: 1. How to specify two different keys, which I want to use with 'TripleDESCryptoServiceProvider' wrapper? 2. If they should be concatenated in one 'Key' property, is it possible to use two separate 128-bit keys, despite there are legal lengths for a key as 128 and 192 bits only? 3. Where I can find more information about the Microsoft's implementation of 'DES/TripleDES/RijndaelCryptoServiceProvider' wrappers (like defaults and possibility to set the Number of Rounds, S-boxes design etc)? 4. If this is impossible, I'd need, probably, use CryptoAPI instead of the .NET classes. But I doubt it supports 128-bit keys ... Thanks in advance, Valentina You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
