Blowfish Cipher Tutorials - Herong's Tutorial Examples - v2.03, by Herong Yang
"bf-ecb" Cipher with Salted Key
A tutorial example is provided to show you how to use the 'bf-ecb' cipher with Salted Key to encrypt and decrypt binary data files. The Secret Key and the IV will be derived from the given passphrase and the given salt.
After testing "enc -bf-ecb" command in the "Literal Way", let's follow the "Salted Key" way by running the OpenSSL "enc -bf-ecb" command with "-pass" and "-S" options:
According the "OpenSSL" documentation, the "-pass" option can take different types of arguments like:
Here is my first test using OpenSSL "enc -bf-ecb" command in the "Salted Key" way with "-pass pass:" and "-S" options.
C:\herong>perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ > 0000000000000000.txt C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -e \ -pass pass:MySecret -S 0000000000000000 -in 0000000000000000.txt \ -out cipher.txt -nopad -p salt=0000000000000000 key=0B90D83D1A281A744F4F340911D8E0A6 iv =6FF60FCD91D7F34E C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < cipher.txt 53616c7465645f5f 0000000000000000 0c7af7c3f7f4d1f2 ---------------- ---------------- ---------------- "Salted__" Salt Cipher C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -d \ -pass pass:MySecret -in cipher.txt \ -out decrypted.txt -nopad -p salt=0000000000000000 key=0B90D83D1A281A744F4F340911D8E0A6 iv =6FF60FCD91D7F34E C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < decrypted.txt 0000000000000000
The output confirms that:
Since OpenSSL is showing me the secret key and the IV derived from the passphrase and the salt, we should be able verify the ciphertext by performing the encryption again with the secret key and IV directly:
C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -e \ -pass pass:MySecret -S 0000000000000000 -in 0000000000000000.txt \ -out cipher.txt -nopad -p salt=0000000000000000 key=0B90D83D1A281A744F4F340911D8E0A6 iv =6FF60FCD91D7F34E C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < cipher.txt 53616c7465645f5f 0000000000000000 0c7af7c3f7f4d1f2 ---------------- ---------------- ---------------- "Salted__" Salt Cipher C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e \ -K 0B90D83D1A281A744F4F340911D8E0A6 -iv 6FF60FCD91D7F34E \ -in 0000000000000000.txt -out verify.txt -nopad -p salt=0200000028264C01 key=0B90D83D1A281A744F4F340911D8E0A6 iv =6FF60FCD91D7F34E C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < verify.txt 0c7af7c3f7f4d1f2
Perfect, the secret key and the IV in the output are those really used in by the Blowfish ECB algorithm.
Table of Contents
►OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
Installing OpenSSL for Windows
OpenSSL "enc" Blowfish Ciphers
Ways to Control Secret Key and IV
"bf-ecb" Cipher with Literal Key
"bf-ecb" Cipher on Multiple Blocks
Secret Key Padding and Truncation
►"bf-ecb" Cipher with Salted Key
Salted Key Generation Algorithm
"bf-ecb" Cipher with Random Salt
OpenSSL Default Padding - PKCS#5
OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption