Blowfish Cipher Tutorials - Herong's Tutorial Examples - v2.04, by Herong Yang
OpenSSL Default Padding - PKCS#5
A tutorial example is provided to show you how to OpenSSL controls padding on plaintext. OpenSSL uses the PKCS#5 padding algorithm by default, unless you specify the '-nopad' option.
So far, we have tested OpenSSL "enc -bf-ecb" command in different ways to control the secret key and the IV for full blocks of plaintext. Now let's do some tests on how "enc -bf-ecb" command applies padding to plaintext.
According to the OpenSSl manual, we have only two choices:
Here is my first test to see how a full plaintext block is padded:
C:\herong> \ perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \ > 0000000000000000.txt C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e -pass pass:MySecret -salt -in 0000000000000000.txt -out cipher.txt -p salt=63D41A7556E28924 key=CCEE47F3EA58410816530220BA58AF7E iv =006CE0BE79AA564D C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < cipher.txt 53616c7465645f5f63d41a7556e289247788d64a1a048e5e8a776326ae006a6a C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -d \ -pass pass:MySecret -salt -in cipher.txt \ -out decrypted.txt -nopad -p salt=63D41A7556E28924 key=CCEE47F3EA58410816530220BA58AF7E iv =006CE0BE79AA564D C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < decrypted.txt 00000000000000000808080808080808 ---------------- padding
The output matches my expectation. A new plaintext block is added with 8 of 0x08.
Here is another test to see how a partial plaintext block is padded:
C:\herong>perl -e "print 'HALF'" > HALF.txt C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -e -pass pass:MySecret \ -salt -in HALF.txt -out cipher.txt -p salt=92E3161234643D32 key=53B4D4AF1049CED9FBED0C1062A493E7 iv =0BC4238EA48D61D3 C:\herong>\local\gnuwin32\bin\openssl enc -bf-ecb -d -pass pass:MySecret \ -salt -in cipher.txt -out decrypted.txt -nopad -p salt=92E3161234643D32 key=53B4D4AF1049CED9FBED0C1062A493E7 iv =0BC4238EA48D61D3 C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \ < decrypted.txt 48414c4604040404 -------- padding
The output also matches my expectation. The a partial plaintext block is padded with 4 of 0x04.
Conclusion: OpenSSL uses the PKCS#5 padding algorithm by default, unless you specify the "-nopad" option.
Table of Contents
►OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption
Installing OpenSSL for Windows
OpenSSL "enc" Blowfish Ciphers
Ways to Control Secret Key and IV
"bf-ecb" Cipher with Literal Key
"bf-ecb" Cipher on Multiple Blocks
Secret Key Padding and Truncation
"bf-ecb" Cipher with Salted Key
Salted Key Generation Algorithm
"bf-ecb" Cipher with Random Salt
►OpenSSL Default Padding - PKCS#5
OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption
OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption
OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption