"bf-cbc" Cipher with Literal Key

A tutorial example is provided to show you how to use the 'bf-cbc' (Blowfish in CBC mode) cipher with Literal Key to encrypt and decrypt binary data files.

I think we have learned enough on the OpenSSL "enc -bf-ecb" command to perform Blowfish encryption in ECB (Electronic CodeBook) operation mode. Let's move on to the "enc -bf-cbc" command for Blowfish encryption in CBC (Cipher Block Chaining) operation mode.

In case you forgot how CBC (Cipher Block Chaining) works, here a shortest version of the CBC algorithm:

 
Input:
   P: The plaintext in multiple blocks
   K: The secret key
   IV: The Initialization Vector
   E(K,B): The block encryption function 

Output:
   C: The ciphertext in multiple blocks

Algorithm - CBC (Cipher Block Chaining) Operation Mode: 
   (P[1], P[2], P[3},...) = P    : Split plaintext into blocks

   C[1] = E(K, P[1] XOR IV)
   Loop i over 2,3,...
      C[i] = E(K, P[i] XOR C[i-1])
   End Loop

   C = (C[1], C[2], C[3},...)    : Concatenate ciphertext blocks

The CBC algorithm can also be illustrated by this simple diagram:

Algorithm - CBC (Cipher Block Chaining) Operation Mode: 

IV ----->|       ----->|       ----->|
         |     /       |     /       | 
  P[1]--XOR   / P[2]--XOR   / P[3]--XOR
         |   /         |   /         |
       E(K) /        E(K) /        E(K)
         | /           | /           | 
       C[1]          C[2]          C[3] ...

Comparing with the ECB mode we have discussed earlier, the CBC mode does use the IV (Initialization Vector). So we need to pay attention to how to control the IV with the OpenSSL "enc -bf-cbc" command.

Similar to ECB mode tutorials, let's follow the "Literal Key" way first by running the OpenSSL "enc -bf-cbc" command with "-K" and "-iv" options. In the example below, I am trying to perform encryption on a full block of 0x00:

C:\herong> \
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \
   > 0000000000000000.txt

C:\herong>\local\gnuwin32\bin\openssl enc -bf-cbc -e \
   -K 00000000000000000000000000000000 -iv 0000000000000000 \
   -in 0000000000000000.txt -out cipher.txt -nopad -p
   
salt=0200000000265101
key=00000000000000000000000000000000
iv =0000000000000000

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \
   < cipher.txt
   
4ef997456198dd78

C:\herong>\local\gnuwin32\bin\openssl enc -bf-cbc -d \
   -K 00000000000000000000000000000000 -iv 0000000000000000 \
   -in cipher.txt -out decrypted.txt -nopad -p
   
salt=0200000000264A01
key=00000000000000000000000000000000
iv =0000000000000000

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \
   < decrypted.txt
   
0000000000000000

Pretty cool, I have successfully encrypted a block of binary zeros with "bf-cbc" cipher, and decrypted it back.

The ciphertext, 0x4ef997456198dd78, is correct, because it matches the test vector published at https://www.schneier.com/code/vectors.txt. Not that if the IV is 0x0000000000000000, the first block of the ciphertext of CBC mode is identical to the original Blowfish encryption.

key bytes               clear bytes             cipher bytes
0000000000000000        0000000000000000        4EF997456198DD78

Last update: 2018.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

 OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

"bf-cbc" Cipher with Literal Key

 "bf-cbc" Cipher on Multiple Blocks

 "bf-cbc" Encryption Verification

 "bf-cbc" 2-Block Test Vectors

 "bf-cbc" Cipher with Salted Key

 "bf-cbc" Cipher with Random Salt

 "enc -bf-cbc" Command Summary

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 PHP Mcrypt Extension for Blowfish

 Blowfish 8-Bit Cipher in PHP

 References

 Full Version in PDF/EPUB