TripleDes的:指定的关键是一种已知的弱密钥关于'TripleDes的'和不能用 [英] TripleDES: Specified key is a known weak key for 'TripleDES' and cannot be used
问题描述
我使用了.NET 3.0类 System.Security.Cryptography.MACTripleDES
类生成MAC值。不幸的是,我的工作与使用 1111111111111111
(十六进制)作为单长度DES密钥的硬件设备。钥匙上的 System.Security.Cryptography
图书馆里一些理智检查,并返回一个异常,如果您尝试使用加密的弱密钥。
I'm using the .NET 3.0 class System.Security.Cryptography.MACTripleDES
class to generate a MAC value. Unfortunately, I am working with a hardware device that uses "1111111111111111
" (as hex) as a single-length DES key. The System.Security.Cryptography
library does some sanity checking on the key and returns a Exception if you try to use a cryptographically weak key.
例如:
byte[] key = new byte[24];
for (int i = 0; i < key.Length; i++)
key[i] = 0x11;
byte[] data = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte[] computedMac = null;
using (MACTripleDES mac = new MACTripleDES(key))
{
computedMac = mac.ComputeHash(data);
}
抛出一个异常
throws an exception
System.Security.Cryptography.CryptographicException : Specified key is a known weak key for 'TripleDES' and cannot be used.
我知道这是不是一个安全的关键。在生产中,该装置将被闪蒸以一个新的,安全的密钥。与此同时,有没有什么办法来抑制这种异常被抛出?也许一个的app.config
或注册表设置?
编辑:关键实际上是101010 ......由于算法迫使奇校验。我不知道这是否是普遍在支付处理的工作,我做了DES算法或只是一个必要条件。
The key would actually be 101010... due to the algorithm forcing odd parity. I'm not sure if this is universal to the DES algorithm or just a requirement in the payment processing work I do.
编辑2:下面丹尼尔的回答大约有黑客.NET一些非常好的信息。不幸的是,我无法使用这种技术来解决我的问题,但仍有一些有趣的阅读那里。
Edit 2: Daniel's answer below has some very good information about hacking .NET. Unfortunately, I wasn't able to solve my problem using this technique, but there is still some interesting reading there.
推荐答案
而不是使用MACTripleDES具有DES密钥重复假单DES CBC-MAC的,你可以只实现CBC-MAC自己在<顶href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.descryptoserviceprovider.aspx"相对=nofollow> DESCryptoServiceProvider 。
Instead of using MACTripleDES with the DES key repeated to fake a single DES CBC-MAC, you could just implement CBC-MAC yourself on top of DESCryptoServiceProvider.
&LT; 1111111111111111>不是弱DES密钥
<1111111111111111> is not a weak DES key.
这将计算DES CBC-MAC:
This will calculate a DES CBC-MAC:
public static byte[] CalcDesMac(byte[] key, byte[] data){
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
des.Key = key;
des.IV = new byte[8];
des.Padding = PaddingMode.Zeros;
MemoryStream ms = new MemoryStream();
using(CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)){
cs.Write(data, 0, data.Length);
}
byte[] encryption = ms.ToArray();
byte[] mac = new byte[8];
Array.Copy(encryption, encryption.Length-8, mac, 0, 8);
PrintByteArray(encryption);
return mac;
}
这篇关于TripleDes的:指定的关键是一种已知的弱密钥关于'TripleDes的'和不能用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!