CryptAPI: CryptEncrypt returns 16 times bigger block with 3DES

From: Szomraky Stefan (
Date: 09/30/03

Date: 30 Sep 2003 09:15:03 -0700

When I use CryptEncrypt to encrypt 8 bytes of plaintext, CryptEncrypt
returns 128 and indeed modifies 128 bytes of input buffer. (Regardless
of setting the "Final Block" parameter to TRUE or FALSE)

How can this be? I know that the returned data is aligned to return a
full block, but CryptGetKeyParam with KP_BLOCKLEN returned 64 (-> 8
bytes), so I suppose everything I send to CryptEncrypt has to be
padded at 8 byte boundaries (and NOT 128) ....

I even tried sending 128 byte blocks to CryptEncrypt, but I got the
NTE_BAD_LEN error (invalid length). (Tried it with "Final Block" set
to TRUE and FALSE)...

It worked up to 112 bytes (always got 128 bytes back), but neither 120
nor 128 works !!

I am setting a 24 bytes key and a custom 8 byte IV, and using
ZERO_PADDING, etc...)...

What am I missing here?

Szomraky Stefan

PS: I am using CreatePrivateExponentOneKey to import a custom key.
PPS: Unfortunately, .NET will not be an option. Ahh.. The crypto
framework for .NET is so simple.. so clear... *dreams*