"bf-ecb" Cipher with Literal Key

A tutorial example is provided to show you how to use the 'bf-ecb' (Blowfish in ECB mode) cipher with Literal Key to encrypt and decrypt binary data files. The IV is not used in 'bf-ecb' cipher.

Out of 4 Blowfish ciphers, "bf-ecb" is the simplest cipher. It implements the ECB (Electronic CodeBook) operation mode with the Blowfish block encryption algorithm.

In case you forgot how ECB (Electronic CodeBook) works, here a shortest version of the ECB algorithm:

   P: The plaintext in multiple blocks
   K: The secret key
   E(K,B): The Blowfish block encryption function 

   C: The ciphertext in multiple blocks

Algorithm - ECB (Electronic CodeBook) Operation Mode: 
   (P[1], P[2], P[3},...) = P    : Split plaintext into blocks

   Loop i over 1,2,3,...
      C[i] = E(K, P[i])
   End Loop
   C = (C[1], C[2], C[3},...)    : Concatenate ciphertext blocks

The ECB algorithm can also be illustrated by this simple diagram:

Algorithm - ECB (Electronic CodeBook) Operation Mode: 

   P[1]   P[2]   P[3] ...
     |      |      |
   E(K)   E(K)   E(K)
     |      |      | 
   C[1]   C[2]   C[3]

As you can see from the ECB algorithm, it is simpler than other operation modes, because it does not need the IV block. So using Blowfish in ECB mode is equivalent to use Blowfish algorithm directly.

From the previous tutorial, we learned that there 3 ways to control the secret key and the IV: Literal Key, Salted Key and Random Salt.

Now let's follow the "Literal Key" way first by running the OpenSSL "enc -bf-ecb" command with "-K" and "-iv" options. In the example below, I am trying to perform encryption on a full block of 0x00:

   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')"
   > 0000000000000000.txt

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e 
   -K 00000000000000000000000000000000 -iv 0000000000000000 
   -in 0000000000000000.txt -out cipher.txt -nopad

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < cipher.txt
C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -d 
   -K 00000000000000000000000000000000 -iv 0000000000000000 
   -in cipher.txt -out decrypted.txt -nopad

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < decrypted.txt

Cool, I have successfully encrypted a block of binary zeros with "bf-ecb" cipher, and decrypted it back.

The ciphertext, 0x4ef997456198dd78, is correct, because it matches the test vector published at https://www.schneier.com/code/vectors.txt:

key bytes               clear bytes             cipher bytes
0000000000000000        0000000000000000        4EF997456198DD78

Note that I have used Perl to convert hex digits to binary data and vise versa. But you can use any other tools like a hex editor to do the same job.

Last update: 2015.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 What is OpenSSL?

 Installing OpenSSL for Windows

 OpenSSL "enc" Blowfish Ciphers

 Ways to Control Secret Key and IV

"bf-ecb" Cipher with Literal Key

 "bf-ecb" Cipher on Multiple Blocks

 Secret Key Padding and Truncation

 "bf-ecb" Cipher with Salted Key

 Salted Key Generation Algorithm

 "bf-ecb" Cipher with Random Salt

 OpenSSL Default Padding - PKCS#5

 "enc -bf-ecb" Command Summary

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption


 PDF Printing Version