(20##) 10 9 8 7 6 5 4 3 2 1 0 <
DesktopWeb FormText   TripleDES KeyWrapFri, 18 Jun 2004 03:17:51 GMT # 

figured it out while pretending to listen to the TS on the phone :) the problem was that TripleDESKeyWrap uses the TripleDES algorithm with no padding. so that if i encrypt 16 bytes, then it returns 16 bytes. the .NET Framework provides an enum to turn off padding, while the CryptoAPI does not. to make the CryptoApi compatible while encrypting you just toss out the padding bytes. e.g. you encrypt 16 byes, it returns 24, and you just throw away the last 8 bytes. decrypting was not obvious to me, and led to the blog below. so i have the key, and the last encrypted block. to get the padding that was chopped off you set the last encrypted block as the IV. then you encrypt the padding bytes. for 8 bytes of padding this is: 0x08080808080808. encrypt that with the CryptoApi, and it returns 16 bytes with the 1st 8 bytes being the padding that i needed to derive. append that to the original cipher data, pass that to the CryptoApi to decrypt, and you've got a compatible implementation of TripleDES with no padding. now i can finish the TripleDESKeyWrap implementation, and then continue on with WS-SecureConversation