Thanks, Per the device specification they are saying that they are using Triple DES-ECB, since the keys they are using are 16 bytes I'm assuming that it is 2-key Triple DES but they do not clearly state that in the specifications. I have asked them to confirm that it is 2-key.
Here's the command line I was testing with: openssl enc -des-ede -in test16.txt -out foo2a.enc -K ABCB6BCE86FDF833A9B0DDF5A5113FC2 -iv 010203040506 I chose des-ede since the description in the docs says that it is Two key triple DES EDE in ECB mode, but I don't know for sure if the target device is using EDE since all they say is Triple DES-ECB and the key is 16 bytes. test16.txt is a 16 byte file that would be the key that I am attempting to encrypt. foo2a.enc would of course be the cipher text from the encryption. I have specified the 16 byte key as hex digits and I have specified a dummy IV. This encrypts with no errors but yields 24 bytes of cipher text instead of the 16 bytes that I need. If I add -nopad then I get the following error: bad decrypt 2618:error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length:evp_enc.c:228: But I do get a 16 byte cipher text output file. So the new questions are: Is des-ede the proper choice for "Triple DES-ECB" as the target device specification requires? If not then is there another viable option? If des-ede is the proper choice what am I missing for the openssl command line to generate the 16 bit cipher text from the encryption? How do I solve the error condition when using -nopad? Thanks again, Burt Dave Thompson-5 wrote: > >> From: owner-openssl-us...@openssl.org On Behalf Of burtbick >> Sent: Thursday, 23 February, 2012 14:13 > >> > Is this to be (also) a "TripleDES" (actually 2-key TripleDES, > or TDEA as Jeffrey Walton correctly notes) key? If so, > are you generating just random, or random with parity? > Some devices check parity (and reject if bad), some don't. > (If it's to be AES -- or RC5 or IDEA etc. -- key, ignore.) > >> >> > What exactly are you doing on commandline? > <snip> > > <snip rest> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Triple-DES-ECB-question-tp33378100p33382707.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
