Blowfish Cipher Tutorials - Herong's Tutorial Examples - v2.03, by Herong Yang
"bf-cbc" Cipher with Random Salt
A tutorial example is provided to show you how to use the 'bf-cbc' cipher with Random Salt to encrypt and decrypt binary data files. The Secret Key and the IV will be derived from the given passphrase and a random salt.
In previous tutorials, we learned how to control the Secrete Key and the IV in two ways: Literal Key and Salted Key. In this tutorial, we will look at the third way, Random Salt, running the OpenSSL "enc -bf-cbc" command with "-pass" and "-salt" options:
Here is my first test using OpenSSL "enc -bf-cbc" command in the "Random Salt" way with "-pass pass:" and "-salt" options.
C:\herong> \ perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ > 2-block.txt C:\herong> \ perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ >> 2-block.txt C:\herong>\local\gnuwin32\bin\openssl enc -bf-cbc -e \ -pass pass:MySecret -salt -in 2-block.txt -out cipher.txt -nopad -p salt=464797FE358BFE10 key=BB2A408C4A4F1E6919E9B255C205DE46 iv =A0B454D73535DFA5 C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < cipher.txt 53616c7465645f5f 464797fe358bfe10 8a157c10c1a8531dfe6aa7febb9e57e2 ---------------- ---------------- -------------------------------- "Salted__" Salt Cipher blocks C:\herong>\local\gnuwin32\bin\openssl enc -bf-cbc -d \ -pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p salt=464797FE358BFE10 key=BB2A408C4A4F1E6919E9B255C205DE46 iv =A0B454D73535DFA5 C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < decrypted.txt 00000000000000000000000000000000
The output confirms that OpenSSL did generate a salt 0x464797FE358BFE10 for me. And it was prepended to the ciphertext as the second block.
When I ran the same test again, I got this output:
C:\herong>\local\gnuwin32\bin\openssl enc -bf-cbc -e \ -pass pass:MySecret -S 0000000000000000 \ -in 2-block.txt -out cipher.txt -nopad -p salt=26DB2DB4CEDC4547 key=C0D7346F9BE3B9E5184B51236BD4C8B4 iv =AE56F3EDF48E5FE7 C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < cipher.txt 53616c7465645f5f 26db2db4cedc4547 68c1979bf319abe24637ca03b4c2ee8f ---------------- ---------------- -------------------------------- "Salted__" Salt Cipher blocks C:\herong>\local\gnuwin32\bin\openssl enc -bf-cbc -d \ -pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p salt=26DB2DB4CEDC4547 key=C0D7346F9BE3B9E5184B51236BD4C8B4 iv =AE56F3EDF48E5FE7 C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < decrypted.txt 00000000000000000000000000000000
The output confirms that OpenSSL does generate new salt randomly each time.
Note that you don't need to pass the salt value to the receiver of the ciphertext separately, because it is already included in the ciphertext header blocks. The receiver needs to use OpenSSL or other tools that are compatible with OpenSSL to decrypt the ciphertext with the passphrase.
If the receiver is using a tool that does not know how to read the "Salted__" header blocks, you can pass him/her the derived secret key and the IV to decrypt the ciphertext after removing the first 2 blocks.
Table of Contents
OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
►OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
"bf-cbc" Cipher with Literal Key
"bf-cbc" Cipher on Multiple Blocks
"bf-cbc" Encryption Verification
"bf-cbc" Cipher with Salted Key
►"bf-cbc" Cipher with Random Salt
OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption