KCV Value – 3DES Encryption

What is KCV (Key Check Value) in the context of 3-DES Encryption? Is there good documentation on what is KCV and how it can be used in 3-DES Encryption?

Calculating KCV with DES Key

I’m having a problem with generating a KCV for a DES key in C#.NET In reference to this answer, the KCV for the DES key 0123456789ABCDEF is D5D44F (as only the first 3 bytes are considered) and it

3DES Encryption / Decryption using ECB in iOS

i’m making an application , in which i have to encrypt a string using 3DES encryption in ECB mode. i m using mykey as a key. + (NSData *)tripleDesEncryptData:(NSData *)inputData key:(NSData *)keyDat

3des encryption and decryption in iOS

I am working on 3DES encryption and decryption. I have done encryption successfully. For decryption, I am using this code but not getting exact result. My encryption string is CHc3TsfJgYs= and key i



Encryption in iPhone with 3DES

I need encrypt a NSString with 3DES and i cant do it. Its return me a big NSString in result: ccStatus = CCCrypt(kCCEncrypt, kCCAlgorithm3DES, kCCOptionECBMode | kCCOptionPKCS7Padding , vkey, //12345

3DES encryption with CBC mode in objective c

I am trying to encrypt a NSString using 3DES with CBC mode encryption on iOS. Same encryption method is being used on ASP.NET as well and the encrypted string they are getting works with the webservic

C# 3DES encryption to C decryption

I have created a C# assembly that does 3DES encryption/encryption and tested it. I now need to decrypt the data on a remote machine for an install. .NET is not guaranteed to be present when my native

3des encryption in iPhone padding issue

I have a problem using 3DES encryption in my iPhone app. I have 9 byte message to be encrypted. When I use kCCOptionECBMode, the first 8 byte block is encrypted correctly (I have a sample result produ

Image Encryption using 3DES

I am doing encryption and decryption of an image using 3DES. After encrypting an image I am not able to see an encrypted image. Can any one please tell me why is this happening? I am using a jpeg imag

3DES encryption in iPhone app always produces different result from 3DES encryption in Java

I have to encrypt a string in my iPhone app. The encryption scheme is 3DES/CBC/PKCS5 padding and I have to convert in objective-c this Java code: public class MessageEncrypt { public String encryptStr

3des encryption in iphone

i am fairly new to iOS development and objective c. I am developing an application which will send encrypted data to a server. The server uses 3des with cbc and no padding. I have read most of the rel

Answers

“6.15 Key Check Value
Purpose: The data is used to prove that a card/processor has access to aspecific DES key value.
Format: Binary, 3 bytes
Contents: The three leftmost bytes of the result of encrypting eight bytes of zeros by the DES key concerned” (source)
_
“The Key Check Value for any DES key will be computed by encrypting 8 bytes of ’00’ using ECB 3DES with the key concerned” (source)
_

“The key check value (abbreviated KCV or CV) of a DES/3DES key is the result of encrypting 16 hexadecimal zeroes using the key. For example, the key check value of the single-length DES key 0123456789ABCDEF is equal to D5D44FF720683D0D. This information is useful when transmitting DES/3DES keys in an encrypted fashion and is usually send by the sender to ensure that the recipient has correctly received the key.” (source)
__
To me, it seems this is some sort of checksum.

KCV’s are used within e.g. the PKCS#11 standard for hardware security devices. Imagine you need to import secret keys, possibly in multiple parts. Then you need to verify that the import succeeded. You simply check a block encrypt of all zeros (or the leftmost part of it) against a previously calculated KCV value. As symmetric algorithms are supposed to be invulnerable against known plain text/cipher text attacks, you don’t leak any information about the key.

For hardware security devices the keys are normally not extractable; they may therefore not be available for hash methods, or the hash method itself may not even be available. So performing a key encryption on all zero’s is a nice method of creating a secure checksum. For other keys, such as RSA keys, hashing (SHA-1) is normally used instead of encryption to identify the (value of the) key.

In software you can simply create a block containing only zero’s and then perform ECB encryption or CBC encryption with an IV set to all zero’s. Then take x bytes as the KCV. The number of bytes in the KCV depends on the standard used. If you use less than 3 bytes you may run into keys with the same value even by accident.

Note that a KCV does leak a bit of information; it shows what a ciphertext encryption a block of all zero’s looks like. If you perform CBC encryption with a random IV, that should not matter much.

Lets keep in line with RobIII: source (note: FTP)