OpenSSL "enc" Blowfish Ciphers

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

∟OpenSSL "enc" Blowfish Ciphers

A tutorial example is provided to show how to use OpenSSL 'enc' command to invoke cipher functions for Blowfish algorithm. 4 Blowfish cipher functions are supported: bf-cbc, bf-cfb, bf-ecb, and bf-ofb.

One nice feature about OpenSSL is that it offers a single standard command called "enc" to invoke any symmetric cipher routines supported in the OpenSSL library.

If you want to know how to use the "enc" command, you can try the following command:

C:\herong>\local\gnuwin32\bin\openssl enc -help
unknown option '-help'

options are
-in <file>     input file
-out <file>    output file
-pass <arg>    pass phrase source
-eencrypt
-d             decrypt
-a/-base64     base64 encode/decode, depending on encryption flag
-k             passphrase is the next argument
-kfile         passphrase is the first line of the file argument
-md            the next argument is the md to use to create a key
               from a passphrase.  One of md2, md5, sha or sha1
-K/-iv         key/iv in hex is the next argument
-[pP]          print the iv/key (then exit if -P)
-bufsize <n>   buffer size
-engine e      use engine e, possibly a hardware device.

Cipher Types
-aes-128-cbc    -aes-128-cfb    -aes-128-cfb1
-aes-128-cfb8   -aes-128-ecb    -aes-128-ofb
-aes-192-cbc    -aes-192-cfb    -aes-192-cfb1
-aes-192-cfb8   -aes-192-ecb    -aes-192-ofb
-aes-256-cbc    -aes-256-cfb    -aes-256-cfb1
-aes-256-cfb8   -aes-256-ecb    -aes-256-ofb
-aes128         -aes192         -aes256
-bf             -bf-cbc         -bf-cfb
-bf-ecb         -bf-ofb         -blowfish
-cast           -cast-cbc       -cast5-cbc
-cast5-cfb      -cast5-ecb      -cast5-ofb
-des            -des-cbc        -des-cfb
-des-cfb1       -des-cfb8       -des-ecb
-des-ede        -des-ede-cbc    -des-ede-cfb
-des-ede-ofb    -des-ede3       -des-ede3-cbc
-des-ede3-cfb   -des-ede3-ofb   -des-ofb
-des3           -desx           -desx-cbc
-idea           -idea-cbc       -idea-cfb
-idea-ecb       -idea-ofb       -rc2
-rc2-40-cbc     -rc2-64-cbc     -rc2-cbc
-rc2-cfb        -rc2-ecb        -rc2-ofb
-rc4            -rc4-40

As you can see from the "enc" help text, OpenSSL supports 4 cipher variations of Blowfish algorithm with 6 aliases:

"bf" - Alias for "bf-cbc"
"blowfish" - Alias for "bf-cbc"
"bf-cbc" - Blowfish in CBC mode
"bf-cfb" - Blowfish in CFB mode
"bf-ecb" - Blowfish in ECB mode
"bf-ofb" - Blowfish in OFB mode

One thing is not very clear in the help text is how to specify the cipher type with "enc" command. OpenSSL actually support two syntaxes:

"openssl enc -<ciphername> <options>" - Cipher name is specified as an option to the "enc" command.
"openssl <ciphername> <options>" - Cipher name is specified as the OpenSSL command.

For example, the following command will run the "enc" command with "bf-cbc" (Blowfish in CBC mode) cipher. It will prompt you for the password, take plaintext from the keyboard and display ciphertext on the screen>