How do I use 3DES decryption in C# in OFB mode?

Question

I need to decrypt a message that was encrypted using 3DES in OFB mode.

I have an encrypted message. I have a key. I have an IV.

I'm on a .Net platform

The encrypted message is 24 chars long in base64. The key is 24 chars long in base64. and the IV is a 64-bit binary number.

Because of the lack of examples I tried using an ECB mode example, as follows:

   public static string DecryptTextFromMemory(byte[] Data, byte[] Key, byte[] IV)
    {
        try
        {
            // Create a new MemoryStream using the passed 
            // array of encrypted data.
            MemoryStream msDecrypt = new MemoryStream(Data);

            // Create a CryptoStream using the MemoryStream 
            // and the passed key and initialization vector (IV).
            CryptoStream csDecrypt = new CryptoStream(msDecrypt,
                new TripleDESCryptoServiceProvider().CreateDecryptor(Key, IV),
                CryptoStreamMode.Read);

            // Create buffer to hold the decrypted data.
            byte[] fromEncrypt = new byte[Data.Length];

            // Read the decrypted data out of the crypto stream
            // and place it into the temporary buffer.
            csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);

            //Convert the buffer into a string and return it.
            return new ASCIIEncoding().GetString(fromEncrypt);
        }
        catch (CryptographicException e)
        {
            Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
            return null;
        }
    }

This is the error I get:

A Cryptographic error occurred: Specified key is not a valid size for this algorithm.

I've tried other code examples where I've changed the algorithm to OFB and it says it's not supported.

Can anyone please help me? I'm obviously out of my depth with this stuff so please be patient if I'm messing up somthing obvious.

There are loads of examples of 3DES decryption in ECB mode but little or nothing I can find about OFB mode.

Answer 1

The error message tells you precisely what the problem is: "Specified key is not a valid size for this algorithm."

You say that "The key is 24 chars long in base64". Base64 encodes 6 bits per char, so that's 144 bits in total. But a 3DES key should be 64 bits (==DES), 128 bits, or 196 bits. You have to either use a key of the appropriate length or work out what the library on the other end is doing to convert the key to an appropriate length.

Answer 2

The third-party CryptoSys API says it specifically supports Triple-DES in OFB mode. Dunno why the .NET implementation wouldn't, though a good reason may be to discourage its use in new development in favor of the much-faster Rijndael and AES ciphers.

EDIT: Just to explain, a "mode" of the algorithm is a defined way that the basic Triple-DES ciphering algorithm is leveraged to produce encrypted text. These have become standardized over most symmetric-key algorithms. OFB mode is one of two standard "stream cipher" modes, which use the base algorithm to create a "shift register" based on text it has already encrypted, allowing text after the first "block" to be encrypted one byte at a time instead of in larger "blocks".

Anyway, the "key size" error points to a specific type of problem. Triple-DES algorithms (ALL of them; this isn't implementation-specific) require a key that is exactly either 128 or 192 bits long. You're getting the key as a byte array, so you need an array that is exactly 16 or 24 elements long. This should be one of your first checks; throw an ArgumentException if the key isn't the right size. Trace the problem down the call stack until you find where the key is generated and fix the problem at its source.

Next, if you set the Mode property of the TripleDesCryptoServiceProvider to OFB, and it gives you a CryptoException either right then or when you start decrypting that the mode isn't supported, then that's a .NET limitation; the .NET developer team didn't bother to implement that mode of that algorithm in the provider. It'll be more trouble than its worth to try to roll your own; you'll have to look for a third-party implementation that can be used by .NET code. Pretty much any library registered for COM interop will do the trick, doesn't have to be written in a .NET language. There are dozens; I'd do a search for CryptoSys as, like I said, the documentation says it supports TripleDES OFB by name.