"bf-ofb" Cipher with Random Salt

A tutorial example is provided to show you how to use the 'bf-ofb' cipher with Random Salt to encrypt and decrypt binary data files. The Secret Key and the IV will be derived from the given passphrase and a random salt.

In previous tutorials, we learned how to control the Secrete Key and the IV in two ways: Literal Key and Salted Key. In this tutorial, we will look at the third way, Random Salt, running the OpenSSL "enc -bf-ofb" command with "-pass" and "-salt" options:

Here is my first test using OpenSSL "enc -bf-ofb" command in the "Random Salt" way with "-pass pass:" and "-salt" options.

C:\herong>
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" 
   > 2-block.txt

C:\herong>
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" 
   >> 2-block.txt

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ofb -e 
   -pass pass:MySecret -salt -in 2-block.txt -out cipher.txt -nopad -p
salt=3DE9D9402242A651
key=B937C916E91277088E5F4364D85D0DCC
iv =ABFAF2B8963CB2B6

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < cipher.txt
53616c7465645f5f 3de9d9402242a651 c9ef31cca2891030e8c44b4520ee1b55
---------------- ---------------- --------------------------------
   "Salted__"          Salt               Cipher blocks

   
C:\herong>\local\gnuwin32\bin\openssl enc -bf-ofb -d 
   -pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p
salt=3DE9D9402242A651
key=B937C916E91277088E5F4364D85D0DCC
iv =ABFAF2B8963CB2B6

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < decrypted.txt
00000000000000000000000000000000

The output confirms that OpenSSL did generate a salt 0x3DE9D9402242A651 for me. And it was prepended to the ciphertext as the second block.

When I ran the same test again, I got this output:

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ofb -e 
   -pass pass:MySecret -salt 
   -in 2-block.txt -out cipher.txt -nopad -p
salt=8A804504F12B9A32
key=7F5E5A38F55507B65442C840C792407C
iv =8A023E1F13CB6B63

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < cipher.txt
53616c7465645f5f 8a804504f12b9a32 7272fe60f8b34575021c3d78df77d81a
---------------- ---------------- --------------------------------
   "Salted__"          Salt               Cipher blocks

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ofb -d 
   -pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p
salt=8A804504F12B9A32
key=7F5E5A38F55507B65442C840C792407C
iv =8A023E1F13CB6B63

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < decrypted.txt
00000000000000000000000000000000

The output confirms that OpenSSL does generate new salt randomly each time.

Note that you don't need to pass the salt value to the receiver of the ciphertext separately, because it is already included in the ciphertext header blocks. The receiver needs to use OpenSSL or other tools that are compatible with OpenSSL to decrypt the ciphertext with the passphrase.

If the receiver is using a tool that does not know how to read the "Salted__" header blocks, you can pass him/her the derived secret key and the IV to decrypt the ciphertext after removing the first 2 blocks.

Last update: 2015.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

 OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 "bf-ofb" Cipher with Literal Key

 "bf-ofb" Cipher on Multiple Blocks

 "bf-ofb" Encryption Verification

 "bf-ofb" 2-Block Test Vectors

 "bf-ofb" Cipher with Salted Key

"bf-ofb" Cipher with Random Salt

 "enc -bf-ofb" Command Summary

 References

 PDF Printing Version