DaWolf has asked for the wisdom of the Perl Monks concerning the following question:

Greetings, fellows.

I'm trying to do some basic operations using Crypt::Blowfish here, but I'm not getting it too good as I thought I would.

This module looks very simple to use, but I'm missing something here.

I was sucessfull to encrypt a string but can't decrypt it. I've followed the module documentation and did like this:

To encrypt: 
#!c:/perl
use Crypt::Blowfish;

while ($pass = <>)
{
    chomp $pass;
    $key = pack ("H16","0123456789ABCDEF");
    $cipher = new Crypt::Blowfish $key;
    $ciphertext = $cipher->encrypt("$pass");
    print unpack ("H16",$ciphertext),"\n";
}

[download]
and, to decrypt: 
#!c:/perl
use Crypt::Blowfish;

while ($pass = <>)
{
    chomp $pass; 
    $key = pack ("H16","0123456789ABCDEF");
    $cipher = new Crypt::Blowfish $key;
    $ciphertext = $cipher->decrypt("$pass");
    print unpack ("H16",$ciphertext),"\n";
}

[download]
So, if I try to put the encrypted string for the module to decrypt it, it returns this:

"input must be 8 bytes long at C:/Perl/site/lib/Crypt/Blowfish.pm line 68, <> line 1"

Can anyone explain this to me? Why it doesn't works? If it must be 8 bytes long why does it generate a longer string?

Thanks in advance, brothers.

Er Galvão Abbott
 a.k.a. Lobo, DaWolf
Webdeveloper

Replies are listed 'Best First'.
Re: Basic Crypt::Blowfish usage question
by danger (Priest) on Mar 31, 2002 at 05:54 UTC

    Your problem is two-fold: First, as others have already pointed out: Blowfish is an 8-byte block encryption scheme, so you either need to pass it a string to encrypt of just 8 bytes, pad out a shorter string with nulls (\0), or work with longer data in 8-byte blocks (with padding when necessary) or get Crypt::CBC or Crypt::CBCeasy to deal with arbitrary length strings. Secondly (but your more immediate problem), your first encryption run prints out an unpacked version of the encrypted string (which is fine, makes it easier to read and type back in for the decrypt run right?) ... but in your decrypt run you try to decrypt that string as entered, you'll have to pack it up again before decrypting. Try this slight modification to your enc/dec pair: 

    # --- enc.pl ---
  #!/usr/bin/perl -w
  use strict;
  use Crypt::Blowfish;

  my $plaintext = <>;
  chomp $plaintext;
  my $key = "this is the pass phrase";
  my $cipher = Crypt::Blowfish->new($key);
  my $ciphertext = $cipher->encrypt($plaintext);
  print unpack ("H16", $ciphertext),"\n";


# --- dec.pl ---
  #!/usr/bin/perl -w
  use strict;
  use Crypt::Blowfish;

  my $ciphertext = <>;
  chomp $ciphertext;
  my $key = "this is the pass phrase";
  my $cipher = Crypt::Blowfish->new($key);
  my $plaintext = $cipher->decrypt(pack "H16",$ciphertext);
  print $plaintext,"\n";

# --- sample session (using 8-byte plaintext only) ---

  $ perl enc.pl 
  noseeums                <== what I type
  8db8af77b828c382        <== what I get
  
  $ perl dec.pl 
  8db8af77b828c382        <== what I type
  noseeums                <== what I get
  
  $ echo noseeums|perl enc.pl |perl dec.pl 
  noseeums

    [download]
[reply]
[d/l]
      Thanks a lot, danger.

      You've attacked the problem's core.

      Good aim! : )

      Er Galvão Abbott
       a.k.a. Lobo, DaWolf
      Webdeveloper
[reply]
Re: Basic Crypt::Blowfish usage question
by Ryszard (Priest) on Mar 31, 2002 at 00:17 UTC

    These lower level routines are for encoding single characters. You need to look at Cypher Block Chaining to do messages of arbitrary length.

[reply]
      Not quite single characters. Crypt::Blowfish is for encrypting 8 characters at a time. You're right that Crypt::CBC is for arbitrary length messages, and can use Crypt::Blowfish, though I have run into trouble where I couldn't decrypt messages sent to me where someone was encrypting with a non-standard CBC. 
      -----------
ooo  O\O  ooo tilly was here :,(
[reply]
      Could you give some deeper explanation?

      I'm very new to Cryptography and the results I've found by searching the monastery weren't clear enough.

      Thanks a lot for your patience,

      Er Galvão Abbott
       a.k.a. Lobo, DaWolf
      Webdeveloper
[reply]
        I'm by no means an expert on cryptography, nor the math involved.. ;-)

        Have a look at this, at which point i defer to a more experienced monk to explain the concepts of cypher block chaining.

        Get yourself a copy of Applied Cryptography, its a great book that explains how all this works: various protocols, attacks, algorithms et al. Once you've read it and know all about how to implement good security, go read Secrets and Lies....

[reply]

Back to Seekers of Perl Wisdom