Blowfish Cipher Tutorials - Herong's Tutorial Examples - Version 1.21, by Dr. Herong Yang
"bf-cfb" Cipher with Random Salt
A tutorial example is provided to show you how to use the 'bf-cfb' cipher with Random Salt to encrypt and decrypt binary data files. The Secret Key and the IV will be derived from the given passphrase and a random salt.
In previous tutorials, we learned how to control the Secrete Key and the IV in two ways: Literal Key and Salted Key. In this tutorial, we will look at the third way, Random Salt, running the OpenSSL "enc -bf-cfb" command with "-pass" and "-salt" options:
Here is my first test using OpenSSL "enc -bf-cfb" command in the "Random Salt" way with "-pass pass:" and "-salt" options.
C:\herong>
perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')"
> 2-block.txt
C:\herong>
perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')"
>> 2-block.txt
C:\herong>\local\gnuwin32\bin\openssl enc -bf-cfb -e
-pass pass:MySecret -salt -in 2-block.txt -out cipher.txt -nopad -p
salt=F00F58593EB1C7CE
key=362047F47E13F0714920AEBA006CE211
iv =4B1D1C81F500C259
C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}"
< cipher.txt
53616c7465645f5f f00f58593eb1c7ce c07a5e0e80e070350931646f0a6c12ce
---------------- ---------------- --------------------------------
"Salted__" Salt Cipher blocks
C:\herong>\local\gnuwin32\bin\openssl enc -bf-cfb -d
-pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p
salt=F00F58593EB1C7CE
key=362047F47E13F0714920AEBA006CE211
iv =4B1D1C81F500C259
C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}"
< decrypted.txt
00000000000000000000000000000000
The output confirms that OpenSSL did generate a salt 0xF00F58593EB1C7CE for me. And it was prepended to the ciphertext as the second block.
When I ran the same test again, I got this output:
C:\herong>\local\gnuwin32\bin\openssl enc -bf-cfb -e
-pass pass:MySecret -salt
-in 2-block.txt -out cipher.txt -nopad -p
salt=AB2BF6FAAD02F48C
key=EEE01FE037701D87F87121B2D74B4C00
iv =4A851D11D46828A8
C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}"
< cipher.txt
53616c7465645f5f ab2bf6faad02f48c f0b49d9731f92e33e38c769e2f12cef7
---------------- ---------------- --------------------------------
"Salted__" Salt Cipher blocks
C:\herong>\local\gnuwin32\bin\openssl enc -bf-cfb -d
-pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p
salt=AB2BF6FAAD02F48C
key=EEE01FE037701D87F87121B2D74B4C00
iv =4A851D11D46828A8
C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}"
< decrypted.txt
00000000000000000000000000000000
The output confirms that OpenSSL does generate new salt randomly each time.
Note that you don't need to pass the salt value to the receiver of the ciphertext separately, because it is already included in the ciphertext header blocks. The receiver needs to use OpenSSL or other tools that are compatible with OpenSSL to decrypt the ciphertext with the passphrase.
If the receiver is using a tool that does not know how to read the "Salted__" header blocks, you can pass him/her the derived secret key and the IV to decrypt the ciphertext after removing the first 2 blocks.
Last update: 2015.
Table of Contents
OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
►OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
"bf-cfb" Cipher with Literal Key
"bf-cfb" Cipher on Multiple Blocks
"bf-cfb" Encryption Verification
"bf-cfb" Cipher with Salted Key
►"bf-cfb" Cipher with Random Salt