OpenSSL "enc" Blowfish Ciphers

A tutorial example is provided to show how to use OpenSSL 'enc' command to invoke cipher functions for Blowfish algorithm. 4 Blowfish cipher functions are supported: bf-cbc, bf-cfb, bf-ecb, and bf-ofb.

One nice feature about OpenSSL is that it offers a single standard command called "enc" to invoke any symmetric cipher routines supported in the OpenSSL library.

If you want to know how to use the "enc" command, you can try the following command:

C:\herong>\local\gnuwin32\bin\openssl enc -help
unknown option '-help'

options are
-in <file>     input file
-out <file>    output file
-pass <arg>    pass phrase source
-d             decrypt
-a/-base64     base64 encode/decode, depending on encryption flag
-k             passphrase is the next argument
-kfile         passphrase is the first line of the file argument
-md            the next argument is the md to use to create a key
               from a passphrase.  One of md2, md5, sha or sha1
-K/-iv         key/iv in hex is the next argument
-[pP]          print the iv/key (then exit if -P)
-bufsize <n>   buffer size
-engine e      use engine e, possibly a hardware device.

Cipher Types
-aes-128-cbc    -aes-128-cfb    -aes-128-cfb1
-aes-128-cfb8   -aes-128-ecb    -aes-128-ofb
-aes-192-cbc    -aes-192-cfb    -aes-192-cfb1
-aes-192-cfb8   -aes-192-ecb    -aes-192-ofb
-aes-256-cbc    -aes-256-cfb    -aes-256-cfb1
-aes-256-cfb8   -aes-256-ecb    -aes-256-ofb
-aes128         -aes192         -aes256
-bf             -bf-cbc         -bf-cfb
-bf-ecb         -bf-ofb         -blowfish
-cast           -cast-cbc       -cast5-cbc
-cast5-cfb      -cast5-ecb      -cast5-ofb
-des            -des-cbc        -des-cfb
-des-cfb1       -des-cfb8       -des-ecb
-des-ede        -des-ede-cbc    -des-ede-cfb
-des-ede-ofb    -des-ede3       -des-ede3-cbc
-des-ede3-cfb   -des-ede3-ofb   -des-ofb
-des3           -desx           -desx-cbc
-idea           -idea-cbc       -idea-cfb
-idea-ecb       -idea-ofb       -rc2
-rc2-40-cbc     -rc2-64-cbc     -rc2-cbc
-rc2-cfb        -rc2-ecb        -rc2-ofb
-rc4            -rc4-40

As you can see from the "enc" help text, OpenSSL supports 4 cipher variations of Blowfish algorithm with 6 aliases:

One thing is not very clear in the help text is how to specify the cipher type with "enc" command. OpenSSL actually support two syntaxes:

For example, the following command will run the "enc" command with "bf-cbc" (Blowfish in CBC mode) cipher. It will prompt you for the password, take plaintext from the keyboard and display ciphertext on the screen>

\local\gnuwin32\bin\openssl bf-cbc

Last update: 2015.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 What is OpenSSL?

 Installing OpenSSL for Windows

OpenSSL "enc" Blowfish Ciphers

 Ways to Control Secret Key and IV

 "bf-ecb" Cipher with Literal Key

 "bf-ecb" Cipher on Multiple Blocks

 Secret Key Padding and Truncation

 "bf-ecb" Cipher with Salted Key

 Salted Key Generation Algorithm

 "bf-ecb" Cipher with Random Salt

 OpenSSL Default Padding - PKCS#5

 "enc -bf-ecb" Command Summary

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption


 PDF Printing Version