Decrypting TripleDES (.Net to Golang)

[sc28]

I'm receiving a file encrypted with TripleDES by a .Net process.

The code they are using is:

    class TripleDES

    {

        private static System.Security.Cryptography.TripleDES CreateDES(string key)

        {

            MD5 md5 = new MD5CryptoServiceProvider();

            System.Security.Cryptography.TripleDES des = new TripleDESCryptoServiceProvider();

            des.Key = md5.ComputeHash(Encoding.UTF8.GetBytes(key));

            des.IV = new byte[des.BlockSize/8];

            return des;

        }

        public static byte[] Encryption(string PlainText, string key)

        {

            var des = CreateDES(key);

            var ct = des.CreateEncryptor();

            var input = Encoding.UTF8.GetBytes(PlainText);

            return ct.TransformFinalBlock(input, 0, input.Length);

        }

    }

   I've tried decrypting (with no success) using this:

   // key used to encrypt == "shfTbs.set" --> not padded to 8 bytes?

   func decryptIt(cryptoBytes []byte, key string) {

    triplekey := []byte(GetMD5Hash(key))  // "shfTbs.set"

    block, err := des.NewTripleDESCipher(triplekey)

if err != nil {

fmt.Printf("%s \n", err.Error())

os.Exit(1)

}

iv := triplekey[:des.BlockSize]

decrypter := cipher.NewCBCDecrypter(block, iv)

decrypted := make([]byte, len(cryptoBytes))

decrypter.CryptBlocks(decrypted, encrypted)

fmt.Printf("%s", decrypted) <-- Nope, doesn't successfully decrypt

   }

   func GetMD5Hash(text string) string {

hasher := md5.New()

hasher.Write([]byte(text))

return hex.EncodeToString(hasher.Sum(nil))

   }

   Any help would be greatly appreciated!

[Jakob Borg]

Some things to check:

- The .net code appears to use an IV of all zeroes, the Go code does something else.

- Is the key for at the same, in terms of being hex encoded or not, upper case vs lower case...?

- Does the .net code actually use CBC mode like your Go code?

- Is the input to your Go code the output from the .net code or has it been formatted or encoded somehow in between?

Apart from that, the system in general seems fairly horrible to be honest. Maybe there's something about this not visible to me but if it does what it looks like (md5 key derivation, all zeroes IV) then this is toy crypto that's trivially broken by an adversary. 

//jb

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.