All geek questions in one place

How can I make an ISO 9797-1 MAC with triple DES in C #?

I have a project that provides the following encryption rules for a 24-byte data block.

1) Cryptography should be performed using the complete DES MAC algorithm, as defined in 9797-1 as MAC algorithm 3 with output conversion 3 without truncation and with DES in CBC mode as a block, the cipher with ICV is set to zero. The last 8 bytes of the encrypted data make up the value we need.

The program says that the encryption made is incorrect. Are there any other things I need to do to fit the above specification?

The data is a 24-byte value, and the encryption output should be 8 bytes, I suppose (according to the specification). I get all 24 bytes as output :(

I wrote the following code to achieve the specified specification:

des.KeySize = 128; des.Key = ParseHex(key); des.Mode = CipherMode.CBC; des.Padding = PaddingMode.None; ICryptoTransform ic = des.CreateEncryptor(); CryptoOutput = ic.TransformFinalBlock(CryptoOutput, 0, 24);

I also tried this:

 MACTripleDES des = new MACTripleDES(ParseHex(key)); byte[] CDCryptp = des.ComputeHash(CryptoOutput);
+6
source share
3 answers

ISO 9797-1 The MAC 3 algorithm consists of using the first DES key to execute the CBC MAC, and then only the final block performs the full 3-DES operation.

Try the following:

 byte[] keybytes = ParseHex(key); byte[] key1 = new byte[8]; Array.Copy(keybytes, 0, key1, 0, 8); byte[] key2 = new byte[8]; Array.Copy(keybytes, 8, key2, 0, 8); DES des1 = DES.Create(); des1.Key = key1; des1.Mode = CipherMode.CBC; des1.Padding = PaddingMode.None; des1.IV = new byte[8]; DES des2 = DES.Create(); des2.Key = key2; des2.Mode = CipherMode.CBC; des2.Padding = PaddingMode.None; des2.IV = new byte[8]; // MAC Algorithm 3 byte[] intermediate = des1.CreateEncryptor().TransformFinalBlock(data, 0, data.Length); // Output Transformation 3 byte[] intermediate2 = des2.CreateDecryptor().TransformFinalBlock(intermediate, intermediate.Length - 8, 8); byte[] result = des1.CreateEncryptor().TransformFinalBlock(intermediate2, 0, 8);
+4
source

In CBC-MAC mode you should encrypt the entire message in CBC mode with a zero initialization vector (IV) and take only the last 8 bytes (for DES) of the output. Also, since you need to use DES, it should have a 64-bit key, not 128. If you can quote the ISO (can't find a free copy), I can describe what you should do in more detail.

+1
source

The question may not be as well formulated as it should be, and is very similar to homework. Therefore, I will point you to some links that you may not have seen so that you can find out.

Someone else is making 3DES MAC values ​​in TripleDES: The specified key is a known weak key for "TripleDES" and cannot be used , although I would not recommend changing the .NET behavior, as some of the answers there.

If you just need to use 3DES, check this out: http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/b9239824-e8a1-4955-9193-d9f6993703f3/

-1
source

Source: https://habr.com/ru/post/888510/

More articles:


All Articles