TripleDES Encrypting in C# and PHP not coming out the same (PKCS7, ECB)?

Question

I\'ve spent a couple hours now trying to figure this out, but I just can\'t get it to work. I\'ve got a C# encryption routine that I need to match in php. I can\'t change

Answer 1

The padding length in your PHP version is based on the length of the password. This is incorrect. It should be based on the length of your message instead.

Try replacing strlen($password) with strlen($data).

---

The second problem is that the mcrypt library requires 24-byte keys. Triple DES applies regular DES three times, so you can call the 8-byte key used in each round of DES K₁, K₂, and K₃. There are different ways to choose these keys. The most secure is to choose three distinct keys. Another way is to set K₃ equal to K₁. The least secure method (equivalent to DES) is to make K₁ = K₂ = K₃.

Most libraries are "smart" enough to interpret a 16-byte 3DES key as the second option above: K₃ = K₁. The .NET implementation is doing this for you, but the mcrypt library is not; instead, it's setting K₃ = 0. You'll need to fix this yourself, and pass mcrypt a 24-byte key.

After computing the MD5 hash, take the first 8 bytes of $key, and append them to the end of $key, so that you have a 24-byte value to pass to mcrypt_encrypt().