TripleDES Decryption truncating last character
https://stackoverflow.com/questions/9519291
-
14-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a .NET class that implements TripleDES encryption and decryption. The code is too much to post here. However, the problem is that while encryption is OK, decryption is inconsistent depending on the length of the original plaintext. I know that encryption is OK since other triple DES tools also give same value.
Specifically, the last character is being cut off from the resulting plain text if the Length of the original Plaintext was 8,16,24,32,40 etc i.e 8n.
The encryption mode is CBC The key size is 24 chars(192bits) The IV is 8 chars
Solution
The problem is because the (un)padding algorithm is not correct.
(3)DES encrypts/decrypts blocks of 8 bytes. As not all texts are precisely 8 bytes, the last block must contain bytes that are not original from the plain text. Now the trick is to find out which one is the last character of the plain text. Sometimes the length of the plain text is known beforehand - then the padding characters can be anything really.
If the length of the plain text is not known then a deterministic padding algorithm must be used, e.g. PKCS5Padding. PKCS5Padding always performs padding, even if the plaintext is N * blocksize in bytes. The reason for this is simple: otherwise it doesn't know if the last byte is plain text or padding: 41 41 41 41 41 41 41 41 08 08 08 08 08 08 08 08 would be 8 'A' characters, with 8 padding bytes.
It seems that either the unpadding algorithm is not well implemented, or that a non-deterministic padding algorithm is deployed.
