"bf-ecb" Cipher with Salted Key

A tutorial example is provided to show you how to use the 'bf-ecb' cipher with Salted Key to encrypt and decrypt binary data files. The Secret Key and the IV will be derived from the given passphrase and the given salt.

After testing "enc -bf-ecb" command in the "Literal Way", let's follow the "Salted Key" way by running the OpenSSL "enc -bf-ecb" command with "-pass" and "-S" options:

According the "OpenSSL" documentation, the "-pass" option can take different types of arguments like:

Here is my first test using OpenSSL "enc -bf-ecb" command in the "Salted Key" way with "-pass pass:" and "-S" options.

C:\herong>perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" 
   > 0000000000000000.txt

C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -e 
   -pass pass:MySecret -S 0000000000000000 -in 0000000000000000.txt
   -out cipher.txt -nopad -p 
salt=0000000000000000
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < cipher.txt
53616c7465645f5f 0000000000000000 0c7af7c3f7f4d1f2
---------------- ---------------- ----------------
   "Salted__"          Salt           Cipher

C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -d 
   -pass pass:MySecret -in cipher.txt 
   -out decrypted.txt -nopad -p
salt=0000000000000000
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < decrypted.txt
0000000000000000

The output confirms that:

Since OpenSSL is showing me the secret key and the IV derived from the passphrase and the salt, we should be able verify the ciphertext by performing the encryption again with the secret key and IV directly:

C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -e 
   -pass pass:MySecret -S 0000000000000000 -in 0000000000000000.txt
   -out cipher.txt -nopad -p 
salt=0000000000000000
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < cipher.txt
53616c7465645f5f 0000000000000000 0c7af7c3f7f4d1f2
---------------- ---------------- ----------------
   "Salted__"          Salt           Cipher

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e 
   -K 0B90D83D1A281A744F4F340911D8E0A6 -iv 6FF60FCD91D7F34E 
   -in 0000000000000000.txt -out verify.txt -nopad -p
salt=0200000028264C01
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < verify.txt
0c7af7c3f7f4d1f2

Perfect, the secret key and the IV in the output are those really used in by the Blowfish ECB algorithm.

Last update: 2015.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 What is OpenSSL?

 Installing OpenSSL for Windows

 OpenSSL "enc" Blowfish Ciphers

 Ways to Control Secret Key and IV

 "bf-ecb" Cipher with Literal Key

 "bf-ecb" Cipher on Multiple Blocks

 Secret Key Padding and Truncation

"bf-ecb" Cipher with Salted Key

 Salted Key Generation Algorithm

 "bf-ecb" Cipher with Random Salt

 OpenSSL Default Padding - PKCS#5

 "enc -bf-ecb" Command Summary

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 References

 PDF Printing Version