PKCS11 deriveKey() and encrypt() returning different results for 3DES

Question

I am working on a key derivation problem using an HSM and PKCS11 and currently I can\'t understand why I see completely different results depending on whether I use the deri

Answer 1

Turns out that the key generated in the HSM using DeriveKey and the key bytes I generated using session.encrypt() are essentially the same if one considers how DES parity works.

The least significant bit of each byte in a DES key is the parity bit, which is ignored in many implementations and is not used as part of the key, thus if I properly set the parity bits on my encrypt result then both results match.

0x3efe0eab6d3db397 <--- HSM generated value with correct odd parity
00111110 11111110 00001110 10101011 01101101 00111101 10110011 10010111

0x3fff0faa6c3cb297 <--- encryption result without parity bits set properly
00111111 11111111 00001111 10101010 01101100 00111100 10110010 10010111