Encryption using DES-EDE2 and HMAC-SHA1

We have some C++ code that uses the crypto C++ library (www.cryptocpp.com).  That library uses a passphrase to generate an HMAC/SHA1 hash which feeds (somehow) into the DES-EDE2 algorithm as a key.

I need to reimplement this in C# but I don't completely understand the HMAC/SHA1 part and how such a hash is passed into the encryption/decryption functions.  

I know this is quite common, these libraries allow you to perforrm 3DES encryption using a passphrase, I just can't figure out how to tie it all together so i thought i would ask here.  

How do i take the output of the hmacsha1 class and feed it as input (key and IV) to the TripleDESCryptoProvider methods?  

The only values i have are the passphrase and the string to encrypt
Who is Participating?
craigsweetConnect With a Mentor Author Commented:
I'm generating the 3DES key like so:

            ASCIIEncoding encoding = new ASCIIEncoding();
            PasswordDeriveBytes pdb = new PasswordDeriveBytes(passPhrase, null);
            TripleDESCryptoServiceProvider t = new TripleDESCryptoServiceProvider();
            t.Key = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, t.IV);

That generates a 24-byte key.  It creates an IV of 8 bytes but i'm not sure it's correct.  I then encrypt the data:

            byte[] plaintext = encoding.GetBytes(input);
            MemoryStream m = new MemoryStream();
            CryptoStream c = new CryptoStream(m, t.CreateEncryptor(), CryptoStreamMode.Write);
            c.Write(plaintext, 0, plaintext.Length);
            byte[] encrypted = m.ToArray();

When i do this my encoded string is is 24-bytes long

I have sample data from the c++ library:
Plaintext:  03D78972DK647980F
Encrypted:  57EBCCF2E5D90CEF555AE8DEA33641FC2CE99B7A53E53770146CB4314EBA7A301390B1CBDBA043A47BA3125F6047AC6A68D2B051F25C7BEF

As you can see my encrypted string is a lot longer than 24-bytes so clearly something is wrong with my approach.  I'm just at a loss on where to even look.

I have also experiemented with the HMACSHA1 class:
            HMACSHA1 hmac = new HMACSHA1(encoding.GetBytes(passPhrase));

But i'm not sure what to do with that output.  That gives me a 16-byte key.  Even if i were to pass this into the TripleDESCryptoServiceProvider class i will not have an IV in this case.

See why i'm so confused? :-)
It should work just the same as it did in your C++ code.

HMAC/SHA1 simply takes the passpharse as a parameter, and generates a hash as the output.

With this output, you then feed it as a key into your encryption function. Which can be anything.

Why don't you post your code and I'll take a look at it.
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

It seems like you are no longer using the cryptocpp libraries which you mentioned in the earlier thread. You are now using the Microsoft crypto libraries instead.

So, your results will definitely be inconsistant from our initial C++ code.

Firstly, you'll need to generate the key using HMAC/SHA1 in C#, here's some info


Focus on the C# code sample:
byte[] key = new byte[KEY_SIZE];
byte[] data = new byte[DATA_SIZE];

HMACSHA1 hmac = new HMACSHA1(key);
CryptoStream cs = new CryptoStream(Stream.Null, hmac, CryptoStreamMode.Write);
cs.Write(data, 0, data.Length);

where Key is the Passphrase you will provide it with.

Then you'll use the TripleDESCSP like this:


Hope this help.
craigsweetAuthor Commented:
Yes, my goal is to replace my C++ library (Based on cryptC++) with a .Net assembly.  But since we've been using it for a while i have to be sure i'm using the same algorithm/keys/etc.

What you've given doesn't help me, it just restates the problem i'm trying to solve.  I know how to create an HMACSHA1 object and send in the passphrase.  I also know how to create a TripleDESCryptoServiceProvider object and pass in data to it.  

What i don't get is how to marry the two together.  What output from the HMACSHA1 call goes into the 3DES functions, etc?  Am i to create a hash of the input and pass that in somehow or is HMAC only used to create a key that the 3DES provider uses.

Also, does .Net even support EDE2 (i.e. 3DES using 2 keys)?

I know it's common to use password-based encryption using 3DES and HMAC/SHA1 together (whetgher it's a good idea or not i dont' know) but what i'm looking for is the "together" part.
>>What output from the HMACSHA1 call goes into the 3DES functions, etc?  Am i to create a hash of the >>input and pass that in somehow or is HMAC only used to create a key that the 3DES provider uses.

The idea of using a hashing function to create a strong key given a passphase.

Therefore, the resulting hash from the hashing function is to be used as the key in your encryption algorithm.

In the case of HMACSHA1: cs.Write(data, 0, data.Length);

the data buffer will be used as the key for your 3DES.

I'm not sure if .NET supports EDE2 mode. From their online API, I don't see it available.

Hope that helps.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.