Figured it out .

Just in case anyone else runs into this:

1) The CryptoAPI uses CBC mode by default to set up the key. If you specify
"DES" for the key in Java, it automatically uses ECB. You have to explicitly
use the following algorithm: "DES/CBC/PKCS5Padding"

2) If you don't set the initialization vector (IV) in Java, it'll create
random output. Therefore, a Java program has to create a byte array of 8
elements all equal to 0 as its IV. This is what the CryptoAPI does by
default (see the documentation for CryptSetKeyParam).


Jason Bock