What would be “openssl enc -a -e -salt -des3 -pass pass:abc123” equivalent in .NET?

Question

My .Net application need to communicate with Linux based system which is using following command line to encrypt their messages:

openssl enc -a -e -salt -des3 -pass pass:abc123

How would be equivalent code to encrypt/decrypt messages in c# look like?

I understand that I should use TripleDES in CBC mode with PKCS7 padding. What I don't know is what block size and initialization vector (IV) should I use.

Also I am confused how should I derive key from password. Should I use PBKDF1 or PBKDF2 and what salt should I use?

So what seems to be a quite standard job ends for me with all night puzzle. Can anybody help me?

Answer 1

So here is the trick:

> openssl enc -a -e -salt -des3 -P -pass pass:abc123
salt=17685C0658F85BA4
key=1CB6E5A0AA4953EC2323CBA021EF008C9193F5F29990DE87
iv =9148EB5B2BF2E9B2

If I feed TripleDES algorithm the output is almost same as openssl output. Only difference is extra 16 bytes at the beginning of the openssl output. The first eight of these bytes is "Salted__" text and the second eight is the salt.

Salt is random. So how should I derive key and iv from password and salt? PBKDF1 nor PBKDF2 doesn't qualify.

So here is the second trick:

A = MD5(pwd + SALT)
B = MD5(A + PWD + SALT)
KEY + IV = A + B

Plus sign stands for concatenation, Key is 24 bytes long and IV is 8 bytes long.

I learned these trick from Deusty blog where he do similar stuff with AES.