Crypt::CBC Encryption with Crypt::Blowfish Objects

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟Crypt::CBC Encryption with Crypt::Blowfish Objects

A tutorial Perl example is provided to show how to use Crypt::CBC to perform encryption with a predefined Crypt::Blowfish a give IV value, which allows you to specify secret keys in the range of 8 bytes (64 bits) and 56 bytes (448 bits).

From previous tutorials, we learned how to use Crypt::CBC with Crypt::Blowfish with the Literal Key option, which allows us to specify the secret key and the IV directly with the Literal Key option.

However the Literal Key option has a big limitation. That is you can only specify a secret key with exactly 56 bytes (448 bits). But the actual cipher module, Crypt::Blowfish does support secret keys shorter than 56 bytes. This leads us to look at the second option, using Crypt::Blowfish object with Crypt::CBC.

According to the Crypt::CBC manual page, we need to provide the following parameters when calling the new() method to use the user specified Crypt::Blowfish object and IV option:

-cipher => $blowfish - Specifies a predefined Crypt::Blowfish object to be used to perform encryption and decryption. The Crypt::Blowfish object should have a secret key included already.
-literal_key => 0 (or do not provide this parameter) - Turns off the Literal Key option. This is because the specified Crypt::Blowfish object already carries a secret key.
Do not provide "-key" parameter - It is not needed, because the specified Crypt::Blowfish object already carry a secret key.
-iv => $iv - Specifies the IV (Initialization Vector), which must be 8 bytes long, because Blowfish block size is 8 bytes (64 bits) long.
-header => 'none' - Turns off header blocks prepended to the ciphertext. The other choice is 'randomiv', which prepend the specified IV to the ciphertext. We will discuss this choice later.
-padding => 'none' - Turns off padding handling at the end of plaintext. There are other choices, which will be discussed later. For now, we will 'none' to keep our ciphertext easier to understand.

To help us understanding the Literal Key option, I wrote the following example Perl script, Crypt-CBC-Blowfish-Cipher-Object.pl:

#- Crypt-CBC-Blowfish-Cipher-Object.pl
#- Copyright (c) 2015 HerongYang.com, All Rights Reserved.
#-
   use Crypt::CBC;
   use Crypt::Blowfish;
   my ($keyHex, $ivHex, $plainHex) = @ARGV;

   print("Crypt::CBC Blowfish Object Test - output in Hex:\n");
   $keyHex = "1122334455667788" unless $keyHex;
   $ivHex = "0000000000000000" unless $ivHex;
   $plainHex = "0123456789abcdef" unless $plainHex;
   $keyStr = pack("H*", $keyHex);
   $ivStr = pack("H*", $ivHex);
   $plainStr = pack("H*", $plainHex);
   print("   Secret Key     ($keyHex)\n");
   print("   IV             ($ivHex)\n");
   print("   Plaintext      ($plainHex)\n");
      
   print("Creating Crypt::CBC with Blowfish Object ...\n");
   $blowfish = new Crypt::Blowfish($keyStr);
   $cipher = Crypt::CBC->new( 
      -cipher => $blowfish,
      -iv => $ivStr,
      -header => 'none',
      -padding => 'none'
      );

   print("Encrypting plaintext...\n");
   $cipherStr = $cipher->encrypt($plainStr);
   $cipherHex = unpack("H*", $cipherStr);
   print("   Ciphertext     ($cipherHex)\n");

   print("Decrypting ciphertext...\n");
   $decryptStr = $cipher->decrypt($cipherStr);
   $decryptHex = unpack("H*", $decryptStr);
   print("   Decrypted text ($decryptHex)\n");

   $passStr = $cipher->passphrase();
   $passHex = unpack("H*", $passStr);
   print("   Pass Phrase    ($passHex)\n");

   $ivStr = $cipher->iv();
   $ivHex = unpack("H*", $ivStr);
   print("   IV             ($ivHex)\n");

Now try this example script with different size secret keys:

C:\Herong>perl Crypt-CBC-Blowfish-Cipher-Object.pl \
   1122334455667788 0000000000000000 0123456789abcdef
   
Crypt::CBC Blowfish Object Test - output in Hex:
   Secret Key     (1122334455667788)
   IV             (0000000000000000)
   Plaintext      (0123456789abcdef)
Creating Crypt::CBC with Blowfish Object ...
Encrypting plaintext...
   Ciphertext     (103248f0eea98e89)
Decrypting ciphertext...
   Decrypted text (0123456789abcdef)
   Pass Phrase    ()
   IV             (0000000000000000)

C:\Herong>perl Crypt-CBC-Blowfish-Cipher-Object.pl \
   11223344556677889900112233445566 0000000000000000 0123456789abcdef
   
Crypt::CBC Blowfish Object Test - output in Hex:
   Secret Key     (11223344556677889900112233445566)
   IV             (0000000000000000)
   Plaintext      (0123456789abcdef)
Creating Crypt::CBC with Blowfish Object ...
Encrypting plaintext...
   Ciphertext     (22f7ed41b986a09a)
Decrypting ciphertext...
   Decrypted text (0123456789abcdef)
   Pass Phrase    ()
   IV             (0000000000000000)

The output confirms that:

Crypt::CBC can take a Crypt::Blowfish object as input and use it directly to encrypt or decrypt data.
An IV value is still needed together with the Crypt::Blowfish object to use the CBC operation mode.
$cipher->passphrase() returns nothing confirms that the Crypt::CBC object does not hold the secret key. It relies on the Crypt::Blowfish object to hold the secret key.
With the Crypt::Blowfish object option, we are able to use secret keys in the range of 8 bytes (64 bits) and 56 bytes (448 bits).