问题
I've got a project which stipulates the following encryption rules for a 24 byte block of data.
1) Cryptography should be done using full triple DES MAC algorithm as defined in 9797-1 as MAC algorithm 3 with output transformation 3 without truncation and with DES in CBC mode as block cipher with ICV set to zeros. Last 8 bytes of encrypted data constitute the value we need.
The program is saying the encryption done is wrong. Are there any other things I need to do to match the above spec?
The data is a 24 byte value and output of the encryption should be 8 bytes, I guess (as per the spec). I am getting the whole 24 bytes as output :(
I wrote the following code to achieve the said specification:
des.KeySize = 128;
des.Key = ParseHex(key);
des.Mode = CipherMode.CBC;
des.Padding = PaddingMode.None;
ICryptoTransform ic = des.CreateEncryptor();
CryptoOutput = ic.TransformFinalBlock(CryptoOutput, 0, 24);
I tried this also:
MACTripleDES des = new MACTripleDES(ParseHex(key));
byte[] CDCryptp = des.ComputeHash(CryptoOutput);
回答1:
ISO 9797-1 MAC Algorithm 3 consists of using the first DES key to perform a CBC MAC and then only for the final block perform a full 3-DES operation.
Try this:
byte[] keybytes = ParseHex(key);
byte[] key1 = new byte[8];
Array.Copy(keybytes, 0, key1, 0, 8);
byte[] key2 = new byte[8];
Array.Copy(keybytes, 8, key2, 0, 8);
DES des1 = DES.Create();
des1.Key = key1;
des1.Mode = CipherMode.CBC;
des1.Padding = PaddingMode.None;
des1.IV = new byte[8];
DES des2 = DES.Create();
des2.Key = key2;
des2.Mode = CipherMode.CBC;
des2.Padding = PaddingMode.None;
des2.IV = new byte[8];
// MAC Algorithm 3
byte[] intermediate = des1.CreateEncryptor().TransformFinalBlock(data, 0, data.Length);
// Output Transformation 3
byte[] intermediate2 = des2.CreateDecryptor().TransformFinalBlock(intermediate, intermediate.Length - 8, 8);
byte[] result = des1.CreateEncryptor().TransformFinalBlock(intermediate2, 0, 8);
回答2:
For CBC-MAC mode you should encrypt the whole message in CBC mode with zero initialization vector (IV), and take only the last 8 bytes (for DES) of the output. Also, since you need to use DES, it should have 64 bit key, not 128. If you can quote the ISO (cannot find free copy), I can describe what you should do in more details.
回答3:
The question is perhaps not as well worded as it ought to be, and looks a lot like homework. So I'll point you at some links, which you may not have seen yet, so you can learn.
Someone else is doing 3DES MAC values at TripleDES: Specified key is a known weak key for 'TripleDES' and cannot be used although I would not recommend altering the behavior of .NET like some of the answers there.
If all you need is to just use 3DES, check this out: http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/b9239824-e8a1-4955-9193-d9f6993703f3/
来源:https://stackoverflow.com/questions/6055763/how-can-i-do-an-iso-9797-1-mac-with-triple-des-in-c