"enc -bf-cbc" Command Summary

A quick summary is provided to list major features of the OpenSSL 'enc -bf-cbc' command. Blowfish algorithm in CBC operation mode with a random salt and PKCS#5 padding, or Blowfish/CBC/Salted/PKCS5Padding, is the recommended way to use Blowfish in CBC mode.

As a summary, we should remember the following about the OpenSSL "enc -bf-cnc" command:

OpenSSL "enc -bf-cbc" command allows us to run Blowfish algorithm in CBC (Cipher Block Chaining) operation mode.

CBC (Cipher Block Chaining) operation mode takes each plaintext block from the input stream, XOR it with the previous ciphertext block, and encrypt the XOR result to give the ciphertext. In other words, the previous ciphertext block is chained to be mixed with current plaintext block.

CBC (Cipher Block Chaining) operation mode uses the IV value as the "previous" ciphertext block for the first block operation.

OpenSSL allows us to run cipher operations in 3 ways: Literal Key, Salted Key and Random Salt.

"Literal Key" means the secret key and the IV are specified literally using "-K" and "-iv" options.

"Salted Key" means the secret key and the IV are derived from a passphrase and a salt given in "-pass" and "-S" options.

"Random Key" means the secret key and the IV are derived from a passphrase and a random salt using "-pass" and "-salt" options.

OpenSSL allows us to pad plaintext with the standard PKCS#5 padding algorithm, which uses an integer byte as the padding byte with value equal to the number of bytes to be padded.

With all options mentioned above, we have many choices to run Blowfish CBC mode encryption. But the recommended way is to:

Note that some of these points are not discussed in this chapter directly. But they are covered in the OpenSSL "enc -bf-ecb" command chapter.

By the way, CBC is the most commonly used operation mode comparing to ECB, CFB, and OFB.

Last update: 2015.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

 OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 "bf-cbc" Cipher with Literal Key

 "bf-cbc" Cipher on Multiple Blocks

 "bf-cbc" Encryption Verification

 "bf-cbc" 2-Block Test Vectors

 "bf-cbc" Cipher with Salted Key

 "bf-cbc" Cipher with Random Salt

"enc -bf-cbc" Command Summary

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 References

 PDF Printing Version