"bf-ofb" Cipher with Salted Key

Blowfish Cipher Tutorials - Herong's Tutorial Examples - Version 1.21, by Dr. Herong Yang

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

∟"bf-ofb" Cipher with Salted Key

A tutorial example is provided to show you how to use the 'bf-ofb' cipher with Salted Key to encrypt and decrypt binary data files. The Secret Key and the IV will be derived from the given passphrase and the given salt.

Similar to the OpenSSL "enc -bf-ecb" command, we can also run the "enc -bf-ofb" command in the "Salted Key" way by using "-pass" and "-S" options:

"-pass arg" - Specifies the passphrase to be used when generating the Secret Key and the IV.
"-S value" - Specifies the salt in 16 hex digits (8 bytes) to be used when generating the Secret Key and the IV. 2 header blocks will be prepended to the ciphertext. The first block is the header name with 0x53616c7465645f5f (ASCII code "Salted__"). The second block is the header value containing the salt value.

Here is my first test using OpenSSL "enc -bf-ofb" command in the "Salted Key" way with "-pass pass:" and "-S" options.

C:\herong>
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" 
   > 2-block.txt

C:\herong>
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" 
   >> 2-block.txt

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ofb -e 
   -pass pass:MySecret -S 0000000000000000 
   -in 2-block.txt -out cipher.txt -nopad -p
salt=0000000000000000
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

C:\herong>perl -e "print unpack('H*',v>)" < cipher.txt
53616c7465645f5f 0000000000000000 606a204b0f2aab9c7762557547f3ea05
---------------- ---------------- --------------------------------
   "Salted__"          Salt           Cipher blocks


C:\herong>\local\gnuwin32\bin\openssl enc -bf-ofb -d 
   -pass pass:MySecret -in cipher.txt -out decrypted.txt -nopad -p
salt=0000000000000000
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" 
   < decrypted.txt
00000000000000000000000000000000

The output confirms that:

A secret key and an IV are derived from the given passphrase and give salt.
The secret key and the IV are displayed in the output because "-p" option.
The salt is written to second block of the ciphertext.
When decrypting a ciphetext with the "Salted__" header blocks, you should not specify the "-S" option. OpenSSL will get the salt from the ciphertext.

Another interesting note is that when plaintext is a stream of 0x00, both CBC and OFB operation modes generate the same ciphertext.

Last update: 2015.

Table of Contents

About This Book

Blowfish Cipher Algorithm

Perl Crypt::Blowfish Module

Perl Crypt::ECB Perl Module

Perl Crypt::CBC Module

Perl Crypt::CFB Perl Module

OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption