Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Need to decrypt 3DES-encrypted text

Posted on 2011-09-16
12
Medium Priority
?
1,969 Views
Last Modified: 2012-05-12
I have a 1024-bit 3DES key and a text file that has been encrypted using that key.  I need to decrypt the text file.  Is there a free/inexpensive simple application available into which I can enter the key and the text (or point it to the key & encrypted text files) to accomplish this?
I don't need to save the decrypted plain-text file to disk; I just need to be able to view the plain-text contents.

Does such an application exist?  Is this even possible?

I do not have any coding experience, so writing something is out of the question for me.  I'm really looking for something turnkey.  Anyone point me in the right direction?  My OS is Windows.
0
Comment
Question by:dstrzemienski
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 6

Expert Comment

by:effes
ID: 36552050
You could give jFileCrypt a try.

Btw.: are you sure it's 3DES? I thought the maximum length of a 3DES key is 168 or 192 bit (depending on how you count).
0
 
LVL 65

Expert Comment

by:btan
ID: 36553365
Agree with effes, 3DES key does not have such. The 1024bits looks more like asymmetric keys (pub and private key pair). Probably you are meaning a symmetric key encrypting a 3DES symmetric key. The latter key is in turn used to encrypt the text file. Note that messages encrypted with the public key can only be decrypted using the private key.

There is online version for 3DES @ http://textop.us/Encryption/Triple-DES

Openssl is a useful tool @ http://www.openssl.org/docs/apps/enc.html
0
 

Author Comment

by:dstrzemienski
ID: 36554329
The 1024-bit number was the value given to me by the vendor, but you may be right.  I will have to get further clarification from them.  (This whole exercise is a software audit to verify the accuracy of their information and to ensure they are not encrypting and saving information that shouldn't be saved.)

So the "key" that was exported from their software is more likely a public key or a private key?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Assisted Solution

by:effes
effes earned 332 total points
ID: 36556484
If you want to decrypt the information it has to be the private key. The public key can't be used for that, it is only used for encryption.
0
 
LVL 65

Expert Comment

by:btan
ID: 36557690
Strictly speaking the length is derived from the common modulus from the key pair which individually will have another set of parameter combined with it. since it is audit it is probably checking strength of crypto. RSA with a key size of 3,072 bits or ECC with 256 bits should be used. AES 128 bits is preferred. They are recommended in NIST suite b

 http://www.networkworld.com/news/tech/2009/052709-tech-update.html
0
 
LVL 15

Expert Comment

by:jrhelgeson
ID: 36876007
Effes: That is not entirely correct.
If data is encrypted with a public key, it must be decrypted by the private key.  If it was encrypted by the private key, it must be decrypted by the public key.  -- the key that is used to encrypt the file cannot be used to decrypt it.
0
 
LVL 6

Expert Comment

by:effes
ID: 36892959
jrhelgeson: That's an important thing to mention. You're right, of course. I didn't think of that when I wrote my reply.
0
 
LVL 65

Expert Comment

by:btan
ID: 36907602
Typically the pub key encrypt and private key decrypt, we call it encryption. But if use the other way round, it may be referred as signing. the encryption using asymmetric keys are more for crypto key or small size data and not the actual target file or like. The performance is the reason for it.
0
 

Author Comment

by:dstrzemienski
ID: 36932817
So I have more information from the software developer.  They are using the Windows Crypto API.  A Master Key (Key Encrypting Key in PCI parlance) is generated with password-protection and stored within a key container.  The Master Key is used to generate a symmetric Session Key (Data Encrypting Key) that is used to encrypt the data for the duration of a session.

The Master Key is exported and stored off-site.
The Session Key is stored in an ascii text file that also contains the encrypted data.

I guess the questions that I'm trying to figure out are
1. Does having the Session Key within the encrypted data file pose a security risk by itself?
2. If the Master Key were not exported, could the text file be decrypted locally on that PC?
3. Can the encrypted file be decrypted only by the application that encrypted it, or are there other applications that could decrypt it if both the encrypted data file (with Session Key) and the Master Key were available?
0
 
LVL 1

Accepted Solution

by:
eelkodegroot earned 336 total points
ID: 36939555
If I understand you correctly, you have encrypted data and the symmetric Session Key used to encrypt this data. By having the key you can decrypt the data. Tools for that already given by the other experts.

Note: a symmetric key means you can encrypt and decrypt with the same key.
If M is the message, X is the encrypted message and K is the symmetric key then:
Encrypt M with K => X
Decrypt X with K => M

1. Does having the Session Key within the encrypted data file pose a security risk by itself?
Yes, this is probably a security risk. When you want to keep data secret you should not store the (decryption) key next to the encrypted data

2. If the Master Key were not exported, could the text file be decrypted locally on that PC?
As you said the Master Key is used to generate the Session Key. So both sender and receiver should have access to the Master Key and use the same algorithm (and parameters) to generate the Session Key. (This is called key derivation. There are numerous ways to agree on a session key.) To decrypt the data the receiver must have the Session Key, but to generate the Session Key the Master Key and the key derivation method are required.
When you say the Master Key is exported and stored off-site, don't you mean that a copy of the Master Key is stored safely so in case of loss you can restore the Master Key? Then you still have the Master Key in your key container to used for derivation of Session Keys.

3. Can the encrypted file be decrypted only by the application that encrypted it, or are there other applications that could decrypt it if both the encrypted data file (with Session Key) and the Master Key were available?
When using standard encryption algorithms like for instance  DES3, AES or RSA then you can use several applications (like the ones mentioned by other experts) to decrypt the data, if and only if you have the decryption key too.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 332 total points
ID: 36940109
1. I understand that the key is within encrypted data, but I suppose it is encrypted and either appended or in some way attached to the encrypted data. It wouldnt be really within the plain data. This is security by obscurity knowing where is the data and key format structure. Still ok provided if you have also some digital signature that the data and key is not tampered. In other able to check integrity of data and key.

2. Ideally the master key is the asymmetric keys where the private keys are the one ussr have it either in smartcard or token. That will be secure than simply having it residing in the same machine. Yes, as long as the master key is available locally it would be able to go thru the decryption but master key need to be protected if in same machine ... Who then protect the master key...the asymmetric algo work fine here.

3. It is indepenedent of the application, important factor is being aware of the crypto algo, key length, data ciphering block or stream, existence of the keys and user inputs such as password to open up the encrypted key. Also the encoding format such as base 64, der format prior to encryption etc is critical as well. The crypto package used may impact the application api used.
0
 

Author Closing Comment

by:dstrzemienski
ID: 37020936
I am splitting the points among you, as each of you I believe has helped guide me toward the true answer which is that I need a deeper understanding of encryption fundamentals before it all makes sense to me.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question