Re: DES Encryption and Decryption using different keys gives 'Bad Data' exception

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 06/03/03 

Date: Tue, 3 Jun 2003 13:16:09 -0700

Dean -
please check that you are feeding to the decryptor all the data you have
received on the encryption phase. Normally a cipher text is skightly longer
that the plain text and it is a very common mistake when people are feeding
the number of bytes the plaintext had to the decryptor. If this is not the
case in your implementation please post some code.
Thanks,
--Ivan
This posting is provided "AS IS" with no warranties, and confers no rights.

"dean" <abc@def.com> wrote in message
news:eL%23H1ZFJDHA.1732@TK2MSFTNGP11.phx.gbl...
> Hi all,
>
> Is anyone familiar with the AnsiX9.19 document which handles the
generation
> of Key Encryption Keys (KEK) and Key Check Vaues (KCV). A rough overview
of
> the process is as follows:
>
> Step 1 : Take a given 128bit key, and divide it into 2 - to generate key
> parts KL equals the left 64 bits and KR the right.
> Step 2 : Then encrypt the number zero "0" using the left hand key part
(KL)
> and DES.
> Step 3 : The output of step 2 is then decrypted using the right hand key
> part (KR).
> Step 4 : The final step is to re-encrypt this output using the left hand
key
> part once again.
>
> According to the ANSI doc this yields a Key Check Value which can be used
> for message authentication.
>
> The Step 1 encryption part works fine but Step 2 decrypting using the
right
> hand key part fails with the infamous 'Bad Data' cryptographic exception.
> When I reran the process using the the left hand key part (KL) for both
> encryption, decryption and the re-encryption it works fine. This leads me
to
> beleive that the code is ok but the decryption process doesn't like a
> different key.
>
> Does any one have any ideas on this. Help would be greatly appreciated.
>
> Best regards
>
> Dean
>
> PS I can attach some code samples if that would help.
>
>

Quantcast