Thank you. This helped. David
-----Original Message----- From: Brian LaMacchia [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 11:26 AM To: [EMAIL PROTECTED] Subject: Re: [DOTNET] 3DES Compatibility Hi David, The confusion here arises from the fact that DES uses a 56-bit key value that is passed as a 64-bit value with 8 parity bits. CryptoAPI's DES implementation uses 64-bit keys and ignores the parity bits (per the spec). TripleDES thus uses 112 or 168 bits of key value (in two-key and three-key modes, respectively), passed as 128- or 129-bit values with parity. The DES & TripleDES crypto classes in System.Security.Cryptography follow the same pattern; they accept key values with parity. You should have no problem exchanging encrypted data between a non-.NET app using CryptoAPI and a .NET app using the managed crypto classes. In fact, System.Security.Cryptography.TripleDESCryptoServiceProvider is a wrapper on top of CryptoAPI's TripleDES implementation (in the Microsoft Enhanced or Strong CSP). Just make sure that you use the same padding mode, chaining mode, key and IV on both ends. By default, TripleDESCryptoServiceProvider uses PKCS-style padding and cipher-block chaining (CBC). Hope this helps, --Brian LaMacchia Co-author, ".NET Framework Security" -----Original Message----- From: Buksbaum, David [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 7:16 AM To: [EMAIL PROTECTED] Subject: [DOTNET] 3DES Compatibility I have noticed that the docs for the CryptoAPI states key sizes for 3DES as 2-key (112 bit) and 3-key (168 bit), and the key sizes in .NET are 128 and 192. I am wondering how I can have a non-.NET app using the CryptoAPI exchanged encrypted data with a .NET app using 3DES. Thanks David Buksbaum You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
