On Thu, Feb 23, 2012 at 2:12 PM, burtbick <l...@burtbicksler.com> wrote: > > Hi, I'm working on a project where I need to interact with a hardware device > that is using Triple DES-ECB for encrypting keys. > > One of the first things that I'm trying to do is to generate a 16 byte key > to be uploaded to the device. > > Generating the 16 byte key is the easy part. > > The device has a temporary master key which is 16 bytes. > > According to the poorly written documentation for the device I'm supposed to > encrypt my new 16 byte key using the temporary master key and Triple > DES-ECB. > > According to the documentation for the device I should then upload the 16 > byte encrypted new custom key to the device. > > But when I try using the openssl command line tool I wind up with 24 bytes > of cipher text for my encrypted 16 byte key value. > > There are other 16 byte keys that I will need to encrypt using DES-ECB and > at the end of the long tunnel I'll need to be able to decrypt data using > DES-CBC, but I need to get the key encryption part working before I get to > that. > > What am I missing as far as using OpenSSL to encrypt my new 16 byte key and > wind up with a 16 byte encrypted key to send to the device as the device > documentation indicates is required? It sounds like the device wants a '2-key TripleDES' key, and OpenSSL is generating a '3-key TripleDES' key.
The 2-key variant provides about 80 bits of security and is considered to be weak by some folks. Thos folks who use the stronger variant as recommended by NIST, ECRYPT, et al use 3-key TripleDES (112 bits) and AES (128 bits). You might also se TDEA instead of TripleDES: 2-key TDEA and 3-key TDEA. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
