Crypt::CBC Encryption with Literal Keys

Blowfish Cipher Tutorials - Herong's Tutorial Examples

∟Crypt::CBC Encryption with Literal Keys

A tutorial Perl example is provided to show how to use Crypt::CBC to perform encryption with a literal key and an IV specified by the user.

By reading the CBC (Cipher Block Chaining) algorithm, we know that it needs 3 pieces of information to perform encryption:

The cipher algorithm - For example, "Blowfish". It will be used to encrypt a single block of input data.
The secret key - It will be used as the secret input to the cipher algorithm.
The IV (Initialization Vector) - It will be used to propagate information from one encryption block to the next.

By reading the Crypt::CBC manual page, I see several options to manage the secret key and the IV:

Literal Key - User specified secret key and IV: This allows us to directly control what secret key and IV to use to encrypt the plaintext.
Crypt::Blowfish Object - User specified Crypt::Blowfish object: This allows us to indirectly control what secret key to use to encrypt the plaintext through the Crypt::Blowfish object. It allows us to directly control the IV too.
Salted Key - User specified passphrase and salt: This allows us to specify a passphrase and a salt to the Crypt::CBC module, then ask the module to derive the secret key and the IV.
Random Salt - User specified passphrase: This allows us to specify a passphrase only to the Crypt::CBC module, then ask the module to take a random salt, and derive the secret key and the IV.

The first option, user specified secret key and IV, is easier to understand, so let's try it first.

According to the Crypt::CBC manual page, we need to provide the following parameters when calling the new() method to use the user specified secret key and IV option:

-cipher => "Blowfish" - Specifies "Crypt::Blowfish" module to be used as the block cipher. Default is "DES".
-literal_key => 1 - Turns on the Literal Key (User specified secret key and IV) option. when "Literal Key" is turned on, the value given in the "-key" parameter becomes the secret key, and the "-iv" parameter must be provided with the IV value. Default is 0.
-key => $secret_key - Specifies the secret key, which must be 56 bytes (448 bits) long. I think that Crypt::CBC wants to force us to use longer secret keys for stronger encryptions. But why it is not forcing us to use the longest key, 72 bytes (576 bits), supported the Blowfish algorithm?
-iv => $iv - Specifies the IV (Initialization Vector), which must be 8 bytes long, because Blowfish block size is 8 bytes (64 bits) long.
-header => 'none' - Turns off header blocks prepended to the ciphertext. The other choice is 'randomiv', which prepend the specified IV to the ciphertext. We will discuss this choice later.
-padding => 'none' - Turns off padding handling at the end of plaintext. There are other choices, which will be discussed later. For now, we will 'none' to keep our ciphertext easier to understand.

To help us understanding the Literal Key option, I wrote the following example Perl script, Crypt-CBC-Blowfish-Literal-Key.pl:

#- Crypt-CBC-Blowfish-Literal-Key.pl
#- Copyright (c) 2015 HerongYang.com, All Rights Reserved.
#-
   use Crypt::CBC;
   $algorithm = "Blowfish";
   my ($keyHex, $ivHex, $plainHex) = @ARGV;

   print("Crypt::CBC Literal Key Test - output in Hex:\n");
   $keyHex = "1122334455667788990011223344556677889900".
             "1122334455667788990011223344556677889900".
             "11223344556677889900112233445566"
             unless $keyHex;
   $ivHex = "0000000000000000" unless $ivHex;
   $plainHex = "0123456789abcdef" unless $plainHex;
   $keyStr = pack("H*", $keyHex);
   $ivStr = pack("H*", $ivHex);
   $plainStr = pack("H*", $plainHex);
   print("   Secret Key     ($keyHex)\n");
   print("   IV             ($ivHex)\n");
   print("   Plaintext      ($plainHex)\n");
      
   print("Creating Crypt::CBC with Literal Key...\n");
   $cipher = Crypt::CBC->new( 
         -cipher => $algorithm,
         -literal_key => 1,
         -key => $keyStr,
         -iv => $ivStr,
         -header => 'none',
         -padding => 'none'
         );

   print("Encrypting plaintext...\n");
   $cipherStr = $cipher->encrypt($plainStr);
   $cipherHex = unpack("H*", $cipherStr);
   print("   Ciphertext     ($cipherHex)\n");

   print("Decrypting ciphertext...\n");
   $decryptStr = $cipher->decrypt($cipherStr);
   $decryptHex = unpack("H*", $decryptStr);
   print("   Decrypted text ($decryptHex)\n");

   $passStr = $cipher->passphrase();
   $passHex = unpack("H*", $passStr);
   print("   Pass Phrase    ($passHex)\n");

   $ivStr = $cipher->iv();
   $ivHex = unpack("H*", $ivStr);
   print("   IV             ($ivHex)\n");

If you run this example script 2 times in a command window, you will get:

C:\Herong>perl Crypt-CBC-Blowfish-Literal-Key.pl

Crypt::CBC Literal Key Test - output in Hex:
   Secret Key     (1122334455667788990011223344556677889900
                   1122334455667788990011223344556677889900
                   11223344556677889900112233445566)
   IV             (0000000000000000)
   Plaintext      (0123456789abcdef)
Creating Crypt::CBC with Literal Key...
Encrypting plaintext...
   Ciphertext     (c52f3b26ae7dfd39)
Decrypting ciphertext...
   Decrypted text (0123456789abcdef)
   Pass Phrase    (1122334455667788990011223344556677889900
                   1122334455667788990011223344556677889900
                   11223344556677889900112233445566)
   IV             (0000000000000000)

C:\Herong>perl Crypt-CBC-Blowfish-Literal-Key.pl

Crypt::CBC Literal Key Test - output in Hex:
   Secret Key     (1122334455667788990011223344556677889900
                   1122334455667788990011223344556677889900
                   11223344556677889900112233445566)
   IV             (0000000000000000)
   Plaintext      (0123456789abcdef)
Creating Crypt::CBC with Literal Key...
Encrypting plaintext...
   Ciphertext     (c52f3b26ae7dfd39)
Decrypting ciphertext...
   Decrypted text (0123456789abcdef)
   Pass Phrase    (1122334455667788990011223344556677889900
                   1122334455667788990011223344556677889900
                   11223344556677889900112233445566)
   IV             (0000000000000000)

The output seems to be correct:

Crypt::CBC and Crypt::Blowfish modules are not giving me any errors.
Results from both executions are identical. So the Crypt::CBC module seems to take my secret key and IV "literally", not generating them on the fly.
$cipher->iv() returns the same IV value as I provided. This is also indicates that Crypt::CBC is not generating it's own IV value.