[openssl-users] I need help to implement triple des algorithm with openssl

Dave Coombs dcoombs at carillon.ca
Sat Jun 16 12:45:58 UTC 2018

> Thank you Matt!,
> yes it odd, the component in C# is from a third an we don't know C#, we think that for a moment we could replace that using openssl command line.
> Could show me how pass a key to the openssl?

To use a specific key instead of deriving it from a passphrase, use -K instead of -k, with the key in hex.

Simple example:
$ echo asdf | openssl enc -des-ede3 -K 0123456789abcdef0123456789abcdef | xxd
00000000: 216e eaf3 964d 11bf                      !n...M..

If ever you're using CBC mode you would also need to specify an IV (with -iv) but you said des-ede3 which is two-key 3DES in ECB, so no need.


> Thank you!
> El vie., 15 de jun. de 2018 a la(s) 10:53, Matt Caswell (matt at openssl.org <mailto:matt at openssl.org>) escribió:
> On 15/06/18 14:34, Fernando A wrote:
> > Hi all,
> > 
> > I am not an expert with openssl and I need replace a component in c#
> > that run algorithm Triple DES.
> > I tried in the command line something like this 
> > "openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out
> > test.enc"
> > 
> > but the result that I obtain is diferent of result launched by the c#
> > component.
> > Of course the passphrase is the same, and always file test.enc contain a
> > phrase
> > that start with "Salted__..." indifferent of the contain of file test.txt.
> > some idea?
> > thanks in advance!
> Is your c# component using a passphrase or a key? If a passphrase, how
> does it generate the key from that passphrase?
> By default the OpenSSL enc command uses its own key derivation function
> (KDF) to generate a key from a passphrase. That KDF uses a random salt
> value which it prepends to the beginning of the file. If the KDF in C#
> is different (which it almost certainly is), and it doesn't use the same
> file format as OpenSSL uses (which it almost certainly doesn't) then
> you're going to get different results.
> You can alternatively pass a key rather than a passphrase to the OpenSSL
> command line.
> It seems odd that you are using the command line to replace a c#
> component, rather than using the OpenSSL APIs.
> Matt
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users <https://mta.openssl.org/mailman/listinfo/openssl-users>
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180616/c65fb643/attachment.html>

More information about the openssl-users mailing list