AES256 vs 3DES 256 key detection

Question

How would I be able to determine the encryption of a key (AES256 or 3DES 256)...Since both keys will be 32 characters (8 bits per char * 32 char)=256 bits and Mime encoded.

Example

MQAyAEgAOgA5ADUAMwA3AD8AQgBFAD4A --->AES256 key

g1EOWGFb+JjCZ7BbH2RergtKUtDfXrNb --->3DES key

The AES keys were made in Openssl while the 3DES ones were made using Java with the following Apis.

javax.crypto.Cipher;
 javax.crypto.KeyGenerator;
 javax.crypto.SecretKey;
 javax.crypto.SecretKeyFactory;
 javax.crypto.spec.DESedeKeySpec;
 javax.crypto.spec.IvParameterSpec;

Answer 1

First of all, there is no such thing as 3DES 256. 3DES has a key size of 128 or 192 bits, of which 112 and 168 bits are effectively used. Note that the security margin of 3DES is even lower.

AES on the other hand can be used with 128, 192 and 256 bits, all of which are used.

Now base 64 (not SMIME, that's a higher level protocol) has 6 bits per character (not excluding spurious bits at the end). If I check your keys both of them are 192 bit in size, so that won't help you distinguish the keys. You can use the Apache Codec library to decode base 64 strings.

However, your 3DES key - the second one - seems to use odd parity bytes for the 3 single DES keys. That can be used to distinguish the keys from each other. Note that this is not foolproof, a randomly generated AES key may have the parity bits set correctly by chance alone. However, the chance of that happening is somewhere around the order of 2^24.

It is possible to use the method DESedeKeySpec.isParityAdjusted(byte[] key, int offset) to check if the parity is correctly set. It is required to decode the base 64 string first of course.

Note that sometimes 3DES keys are distributed without having the parity set correctly. In your case, you need to use the KeyFactory to generate the keys otherwise the parity may not be set.

Another way of checking if the key is of the correct type is to decrypt some known plaintext/ciphertext/secretkey pair using both algorithms.