Persits Software, Inc. Knowledge Base Articles

Do not specify key size when using DES or Triple-DES

Problem Description

When a DES or Triple-DES key is created and key size explicitly specified, inconsistent results are produced, and when decrypting, the following error may occur:

Bad Data


The DES cipher uses 56-bit keys, and Triple-DES 168-bit keys. However, CryptoAPI allocates 64 bits for DES keys and 192 bits for 3DES keys. An attempt to specify 56 or 168 for the Key Length argument of the GenerateKey or GenerateKeyFromPassword methods may produce inconsistent encrypted data. You should never specify key size explicitly when using DES or Triple-DES ciphers:

' Incorrect
Set Key = Context.GenerateKeyFromPassword("xxx", calgSHA, calg3DES, 168)

' Correct
Set Key = Context.GenerateKeyFromPassword("xxx", calgSHA, calg3DES)