Blowfish Cipher Tutorials - Herong's Tutorial Examples - v2.03, by Herong Yang
"bf-ecb" Cipher with Literal Key
A tutorial example is provided to show you how to use the 'bf-ecb' (Blowfish in ECB mode) cipher with Literal Key to encrypt and decrypt binary data files. The IV is not used in 'bf-ecb' cipher.
Out of 4 Blowfish ciphers, "bf-ecb" is the simplest cipher. It implements the ECB (Electronic CodeBook) operation mode with the Blowfish block encryption algorithm.
In case you forgot how ECB (Electronic CodeBook) works, here a shortest version of the ECB algorithm:
Input: P: The plaintext in multiple blocks K: The secret key E(K,B): The Blowfish block encryption function Output: C: The ciphertext in multiple blocks Algorithm - ECB (Electronic CodeBook) Operation Mode: (P[1], P[2], P[3},...) = P : Split plaintext into blocks Loop i over 1,2,3,... C[i] = E(K, P[i]) End Loop C = (C[1], C[2], C[3},...) : Concatenate ciphertext blocks
The ECB algorithm can also be illustrated by this simple diagram:
Algorithm - ECB (Electronic CodeBook) Operation Mode: P[1] P[2] P[3] ... | | | E(K) E(K) E(K) | | | C[1] C[2] C[3]
As you can see from the ECB algorithm, it is simpler than other operation modes, because it does not need the IV block. So using Blowfish in ECB mode is equivalent to use Blowfish algorithm directly.
From the previous tutorial, we learned that there 3 ways to control the secret key and the IV: Literal Key, Salted Key and Random Salt.
Now let's follow the "Literal Key" way first by running the OpenSSL "enc -bf-ecb" command with "-K" and "-iv" options. In the example below, I am trying to perform encryption on a full block of 0x00:
C:\herong> \ perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ > 0000000000000000.txt C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e \ -K 00000000000000000000000000000000 -iv 0000000000000000 \ -in 0000000000000000.txt -out cipher.txt -nopad C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < cipher.txt 4ef997456198dd78 C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -d \ -K 00000000000000000000000000000000 -iv 0000000000000000 \ -in cipher.txt -out decrypted.txt -nopad C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < decrypted.txt 0000000000000000
Cool, I have successfully encrypted a block of binary zeros with "bf-ecb" cipher, and decrypted it back.
The ciphertext, 0x4ef997456198dd78, is correct, because it matches the test vector published at https://www.schneier.com/code/vectors.txt:
key bytes clear bytes cipher bytes 0000000000000000 0000000000000000 4EF997456198DD78
Note that I have used Perl to convert hex digits to binary data and vise versa. But you can use any other tools like a hex editor to do the same job.
Table of Contents
►OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
Installing OpenSSL for Windows
OpenSSL "enc" Blowfish Ciphers
Ways to Control Secret Key and IV
►"bf-ecb" Cipher with Literal Key
"bf-ecb" Cipher on Multiple Blocks
Secret Key Padding and Truncation
"bf-ecb" Cipher with Salted Key
Salted Key Generation Algorithm
"bf-ecb" Cipher with Random Salt
OpenSSL Default Padding - PKCS#5
OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption