Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

∟OpenSSL Default Padding - PKCS#5

A tutorial example is provided to show you how to OpenSSL controls padding on plaintext. OpenSSL uses the PKCS#5 padding algorithm by default, unless you specify the '-nopad' option.

So far, we have tested OpenSSL "enc -bf-ecb" command in different ways to control the secret key and the IV for full blocks of plaintext. Now let's do some tests on how "enc -bf-ecb" command applies padding to plaintext.

According to the OpenSSl manual, we have only two choices:

• Turn on padding - Default. OpenSSL applies the PKCS#5 padding algorithm to the plaintext. The last block is padded with the number of bytes that should be truncated. So, if blocksize is 8, then "0A0B0C" will be padded with "05", resulting in "0A0B0C0505050505". If the final block is a full block of 8 bytes, then a whole block of "0808080808080808" is appended.
• Turn off padding - Add "-nopad" option in the command line

Here is my first test to see how a full plaintext block is padded:

C:\herong> \
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \
   > 0000000000000000.txt

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e 
   -pass pass:MySecret -salt -in 0000000000000000.txt 
   -out cipher.txt -p
salt=63D41A7556E28924
key=CCEE47F3EA58410816530220BA58AF7E
iv =006CE0BE79AA564D

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \
   < cipher.txt
   
53616c7465645f5f63d41a7556e289247788d64a1a048e5e8a776326ae006a6a

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -d \
   -pass pass:MySecret -salt -in cipher.txt \
   -out decrypted.txt -nopad -p
   
salt=63D41A7556E28924
key=CCEE47F3EA58410816530220BA58AF7E
iv =006CE0BE79AA564D

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \
   < decrypted.txt
   
00000000000000000808080808080808
                ----------------
                     padding                

The output matches my expectation. A new plaintext block is added with 8 of 0x08.

Here is another test to see how a partial plaintext block is padded:

C:\herong>perl -e "print 'HALF'" > HALF.txt

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e -pass pass:MySecret \
   -salt -in HALF.txt -out cipher.txt -p
   
salt=92E3161234643D32
key=53B4D4AF1049CED9FBED0C1062A493E7
iv =0BC4238EA48D61D3

C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -d -pass pass:MySecret \
   -salt -in cipher.txt -out decrypted.txt -nopad -p

salt=92E3161234643D32
key=53B4D4AF1049CED9FBED0C1062A493E7
iv =0BC4238EA48D61D3

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \
   < decrypted.txt
   
48414c4604040404
        --------
         padding

The output also matches my expectation. The a partial plaintext block is padded with 4 of 0x04.

Conclusion: OpenSSL uses the PKCS#5 padding algorithm by default, unless you specify the "-nopad" option.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

►OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 What is OpenSSL

 Installing OpenSSL for Windows

 OpenSSL "enc" Blowfish Ciphers

 Ways to Control Secret Key and IV

 "bf-ecb" Cipher with Literal Key

 "bf-ecb" Cipher on Multiple Blocks

 Secret Key Padding and Truncation

 "bf-ecb" Cipher with Salted Key

 Salted Key Generation Algorithm

 "bf-ecb" Cipher with Random Salt

►OpenSSL Default Padding - PKCS#5

 "enc -bf-ecb" Command Summary

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 PHP Mcrypt Extension for Blowfish

 Blowfish 8-Bit Cipher in PHP

 References

 Full Version in PDF/EPUB

OpenSSL Default Padding - PKCS#5 - Updated in 2022, by Herong Yang