Triple DES decryption in classic ASP?

Question

How can I decrypt a string in classic-ASP/VBScript? The string comes from a php application that uses 3DES encryption.

Answer 1

There's a TripleDES JavaScript implementation here: http://www.tero.co.uk/des/. It works as JScript (Microsoft's Classic ASP version of JavaScript, basically ECMAScript 3), is checked against PHP, supports EBC and CBC, padding (zeroes, PKCS7(buggy) or spaces) and also does plain DES. You can use it in a Classic ASP VBScript page like this:

<%@ Language=VBScript %>

<%
key = "this is a 24 byte key !!"
message = "This is a test message."
' Use TripleDES (24-byte key) in ECB mode (0, Null iv) with 0 padding
encrypted = des(key, message, 1, 0, Null, 0)
decrypted = des(key, encrypted, 0, 0, Null, 0)
Response.Write "
"
Response.Write "Key: " & key & vbCrLf
Response.Write "Message(length=" & Len(message) & "): " & message & vbCrLf
Response.Write "Encrypted 3DES ECB: " & stringToHex(encrypted) & vbCrLf
Response.Write "Decrypted 3DES ECB: " & decrypted
Response.Write "
"
%>

Resulting in:

Key: this is a 24 byte key !!
Message(length=23): This is a test message.
Encrypted 3DES ECB: 0x83af8c3f5507e100b182f90f5f5d834b085ca8439b35eee4
Decrypted 3DES ECB: This is a test message.

If you use PKCS7 padding, note that there's a bug in the JavaScript: padding code. The initial if (padding == block should be enclosed in an if (encrypt) {...} test, and the last two lines of des() should be replaced with:

  result += tempresult;

  //when decrypting, remove padding for PKCS7 but leave space/zero padding (cannot be distinguished from real trailing spaces/zeroes)
  if (!encrypt) {
    if (padding == 1) {temp = result.charCodeAt(result.length-1); result = result.substring(0,result.length-temp);} //PKCS7 padding
  }

  //return the result as an array
  return result;