Capicom 3des: 2 key or 3 key?

Question

Much searching and reading has not told me whether the capicom.encrypteddata class module (it's VB6, but that shouldn't matter in answering this question) is using 2-key 3DES or 3-key 3DES. (.Algorithm.Name = CAPICOM_ENCRYPTION_ALGORITHM_3DES) Anyone know which one it is using? A source of this information would also be helpful. I suspect, since I don't think high enough key lengths are supported, that it is 2DES. But I haven't found acceptable confirmation.

Answer 1

CAPICOM is a thin wrapper on top of CryptoAPI. If you decode the output from EncryptedData.Encrypt() you will see something like this (it is ASN.1 encoded in a proprietary format):

SEQUENCE {
  OBJECT IDENTIFIER '1 3 6 1 4 1 311 88 3'
  [0] {
    SEQUENCE {
      OBJECT IDENTIFIER '1 3 6 1 4 1 311 88 3 1'
      [0] {
        SEQUENCE {
          INTEGER 131073
          INTEGER 26115
          INTEGER 192
          OCTET STRING
            AA A6 05 4E FA AF 4C 0B
          OCTET STRING
            3A 22 58 C3 51 D8 91 C8 7B 3C C9 51 9B E7 BA B7
          OCTET STRING
            84 FA 56 AF 01 FE C9 74
          }
        }
      }
    }
  }

Note the 26115. That is the value for CALG_3DES, which is the CryptoAPI identifier for 3DES with three keys (3DES with two keys is called CALG_3DES_112). The 192 is the key-length, also match three-key 3DES: