I need Tripple DES encryption algorithm in C

D

Dave Cullen

Hello C

I have a project that requires a calculated "key" to be used in a security
access application. The customer supplies a secret 8 byte number that gets
combined with the serial number of the access card to provide a unique
access key for that card.

They've specified that the encryption method (called "diversification") is
something called Tripple DES. I'm not a crypto weenie, just a software guy.
My research on this has led me to block diagrams of the process but no code
examples on how to impliment Tripple DES.

Does anybody know of public domain code for Tripple DES in C?

Thanks
 
B

bytebro

They've specified that the encryption method (called "diversification") is
something called Tripple DES. I'm not a crypto weenie, just a software guy.
My research on this has led me to block diagrams of the process but no code
examples on how to impliment Tripple DES.

Does anybody know of public domain code for Tripple DES in C?

The correct place for this would be sci.crypt, but here's the basics.

The underlying encryption algorithm is called "DES", or "Data
Encryption Standard" - see http://en.wikipedia.org/wiki/Data_Encryption_Standard.

Triple DES is simply DES applied three times - see http://en.wikipedia.org/wiki/Triple_DES.

You need three keys; the normal way of doing 3DES is:

C = E(K3, D(K2, E(K1, P)))

which means encrypt the plaintext using key 1, then decrypt the result
using key 2, then encrypt the result of that using key 3

The main reason for the middle step being a decryption, by the way, is
that if you used the same key for K1, K2, and K3, the result would be
identical to normal single DES encryption, which makes it a doddle to
implement both in the same hardware.

The usually accepted method for obtaining the keys is to hash the
passphrase (or in your case the generated access key) using the
algorithm specified in RFC2898 (see http://tools.ietf.org/html/rfc2898).

To be perfectly honest, if the data you are protecting is important or
valuable, you _really_ should get someone experienced in cryptography
to do this stuff for you; it can be extraordinarily difficult to do
crypto correctly and securely. And if the data is not that important
or valuable, why on earth are you using 3DES?!

Best of luck :)
 
T

Tor Rustad

Dave said:
Hello C

I have a project that requires a calculated "key" to be used in a security
access application. The customer supplies a secret 8 byte number that gets
combined with the serial number of the access card to provide a unique
access key for that card.

They've specified that the encryption method (called "diversification") is
something called Tripple DES. I'm not a crypto weenie, just a software guy.
My research on this has led me to block diagrams of the process but no code
examples on how to impliment Tripple DES.

Does anybody know of public domain code for Tripple DES in C?

For starters, get a crypto book (include lot of C code):

http://www.schneier.com/book-applied.html

"just a software guy" is hardly the right person to implement this. If
you have DES source code, it's trivial to implement 3DES.

The point about key diversification, is that the whole system will not
be broken if a card/token is cracked.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top