> From: owner-openssl-us...@openssl.org On Behalf Of burtbick > Sent: Thursday, 23 February, 2012 14:13
> Hi, I'm working on a project where I need to interact with a > hardware device that is using Triple DES-ECB for encrypting keys. > > One of the first things that I'm trying to do is to generate > a 16 byte key to be uploaded to the device. > > Generating the 16 byte key is the easy part. > Is this to be (also) a "TripleDES" (actually 2-key TripleDES, or TDEA as Jeffrey Walton correctly notes) key? If so, are you generating just random, or random with parity? Some devices check parity (and reject if bad), some don't. (If it's to be AES -- or RC5 or IDEA etc. -- key, ignore.) > The device has a temporary master key which is 16 bytes. > > According to the poorly written documentation for the device > I'm supposed to encrypt my new 16 byte key using the temporary > master key and Triple DES-ECB [and upload it] > > But when I try using the openssl command line tool I wind up > with 24 bytes of cipher text for my encrypted 16 byte key value. > What exactly are you doing on commandline? Commandline enc by default does PKC5-padded encryption or decryption using the specified algorithm and if block mode 'defaulting' to CBC, using a key and IV PKCS5-derived from a given "password" with salt. Conventional key wraps use no padding, ECB mode and (here) an actual key. You need to specify -nopad, [-]des-ede (not [-]des-ede3) for 2TDEA, and -K and -iv for the actual nonderived key and some IV even though the IV is ignored for ECB. <snip rest> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
