Microsoft Windows XP and Later Versions
In Windows XP and later versions, the DES session key always uses the full key length as follows:
CALG_DES - 64 bits
CALG_3DES_112 - 128 bits
CALG_3DES - 192 bits
Versions Earlier than Windows XP
On platforms earlier than Windows XP (Microsoft Windows 2000, Windows NT 4.0, Windows 95, Windows 98, and Windows Millennium Edition), if the application does not specify a key length in the upper 16 bits of
dwFlags, the DES session key size is as follows:
CALG_DES - 64 bits
CALG_3DES_112 - 128 bits
CALG_3DES - 192 bits
On platforms earlier than Windows XP,
CryptDeriveKey() and
CryptGenKey() calls accept the following key size without parity bits for DES algorithms:
CALG_DES - 64 - 8 bits (Parity) = 56 bits
CALG_3DES_112 - 128 - 16 bits (Parity) = 112 bits
CALG_3DES - 192 - 24 bits (Parity) = 168 bits
If the application specifies this key size without the parity bits in the upper 16 bits of
dwFlags, the decryption does not succeed between Windows XP and pre-Windows XP operating systems. Specifically,
CryptDecrypt() does not succeed and generates the 0x80090005 (NTE_BAD_DATA) error.
To encrypt and decrypt across Windows platforms, explicitly specify the key size that corresponds to the Windows XP implementation in either the
CryptDeriveKey() function or the
CryptGenKey() function (or in both functions). You can specify the Windows XP key sizes for DES algorithms if you have the high encryption pack installed on the earlier versions of the operating system.