If by "heavy bit" you mean the most significant bit, that's backwards.
DES (and 3DES) keys put the parity bits in the least significant bit. The low-level DES_* API in OpenSSL has options to set a key with checking for parity and "weak" and "semi-weak" keys, or without, and also routines to check or set parity by itself. But the normal API by default does not check, and that's probably what you're using. In that case, yes, you get the same results regardless of parity. $ od -tx1 <y1 0000000 54 45 53 54 44 41 54 41 0000010 $ (path)/openssl version OpenSSL 1.0.1h 5 Jun 2014 # odd parity $ (path)/openssl des-ecb -K 0123456789ABCDEF -nopad <y1 | od -tx1 0000000 55 51 bb 7e 93 c0 d9 03 0000010 # wrong parity $ (path)/openssl des-ecb -K 0022446688AACCEE -nopad <y1 | od -tx1 0000000 55 51 bb 7e 93 c0 d9 03 0000010 (Older versions give the same results, but in some older versions the enc utility with -K requires -iv even for ECB, which was silly.) From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Laurent Broussy Sent: Thursday, July 31, 2014 07:41 To: openssl-users@openssl.org Subject: Use of parity bits on DES Hi, Like describe in the FIPS 46-3 a DES key must have it heavy bit as parity bit. I try to encipher with a key without no correct parity bits and with this key where I put the correct parity bits the same message using openssl. I obtain two different enciphered messages. My answers are : 1 Is-it normal that OpenSSL can use a DES key with no correct parity bits ? 2 Why the result with the two different key is not the same (normally only 56 bits are used and are the same in the two keys) Thank you for your response. Regards. L. Broussy
