<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><div class="">Thank you Matt!,</div><div class="">yes it odd, the component in C# is from a third an we don't know C#, we think that for a moment we could replace that using openssl command line.</div></div><div class=""><br class=""></div><div class="">Could show me how pass a key to the openssl?</div></div></div></blockquote><div class=""><div dir="ltr" class=""><div class=""><br class=""></div><div class="">To use a specific key instead of deriving it from a passphrase, use -K instead of -k, with the key in hex.</div><div class=""><br class=""></div><div class="">Simple example:</div><div class=""><div class=""><div class="">$ echo asdf | openssl enc -des-ede3 -K 0123456789abcdef0123456789abcdef | xxd</div><div class="">00000000: 216e eaf3 964d 11bf !n...M..</div><div class=""><br class=""></div></div></div><div class="">If ever you're using CBC mode you would also need to specify an IV (with -iv) but you said des-ede3 which is two-key 3DES in ECB, so no need.</div><div class=""><br class=""></div><div class=""> -Dave</div><div class=""><br class=""></div><div class=""><br class=""></div></div></div><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="">Thank you!</div><div class=""><br class=""></div><div class=""><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">El vie., 15 de jun. de 2018 a la(s) 10:53, Matt Caswell (<a href="mailto:matt@openssl.org" class="">matt@openssl.org</a>) escribió:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br class="">
<br class="">
On 15/06/18 14:34, Fernando A wrote:<br class="">
> Hi all,<br class="">
> <br class="">
> I am not an expert with openssl and I need replace a component in c#<br class="">
> that run algorithm Triple DES.<br class="">
> I tried in the command line something like this <br class="">
> "openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out<br class="">
> test.enc"<br class="">
> <br class="">
> but the result that I obtain is diferent of result launched by the c#<br class="">
> component.<br class="">
> Of course the passphrase is the same, and always file test.enc contain a<br class="">
> phrase<br class="">
> that start with "Salted__..." indifferent of the contain of file test.txt.<br class="">
> some idea?<br class="">
> thanks in advance!<br class="">
<br class="">
Is your c# component using a passphrase or a key? If a passphrase, how<br class="">
does it generate the key from that passphrase?<br class="">
<br class="">
By default the OpenSSL enc command uses its own key derivation function<br class="">
(KDF) to generate a key from a passphrase. That KDF uses a random salt<br class="">
value which it prepends to the beginning of the file. If the KDF in C#<br class="">
is different (which it almost certainly is), and it doesn't use the same<br class="">
file format as OpenSSL uses (which it almost certainly doesn't) then<br class="">
you're going to get different results.<br class="">
<br class="">
You can alternatively pass a key rather than a passphrase to the OpenSSL<br class="">
command line.<br class="">
<br class="">
It seems odd that you are using the command line to replace a c#<br class="">
component, rather than using the OpenSSL APIs.<br class="">
<br class="">
Matt<br class="">
-- <br class="">
openssl-users mailing list<br class="">
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank" class="">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br class="">
</blockquote></div>
-- <br class="">openssl-users mailing list<br class="">To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" class="">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br class=""></div></blockquote></div><br class=""></body></html>