Re: Decrypting BlowfishNET (was Re^11: line by line Encryption ...)

Sounds like you don't need the code from this thread at all, and I'm curious as to why you posted in this thread at all.

This thread serves our purpose. I started working on this with the intention to write something to both encrypt and decrypt the data. I chose to encrypt processed data and then write into the file. In reality we never have a plain-text file, I put that in the code here only for the purpose of testing. Instead, we have one processed data record from a webform submission (I skipped those details since the primary thread seemed to have a similar scenario, sans the webform maybe.). So the idea was to get each data record, encrypt it and then write into the file. The thought behind choosing this methodology was that the webform is actually hosted on another system (not part of our group) and this allowed to have plaintext data to be nowhere but in memory on the other system.

The purpose of the decryption section was that the encrypted file would be read in, decrypted and written into another black-box system (owned and operated by another group) that would store into their own proprietary database as they decrypt using our decryption section. In the example above, it's being stored into a file here to try to get it working first.

Now, the people encrypting the file can't use PERL and therefore all this goes out of the window. So far, they want to use just the BlowfishNET 2.1.2 library and class mentioned above. So, I am no longer concerned with the encryption part, only with decrypting it. However, I am confused as to how encryption is being performed using that class and therefore I queried you about the order to see if you think my understanding of the order of encryption is correct. We have been guided to the README docs and basically asked to figure it out from there. I hope I am explaining the situation correctly here, but I am not sure if they encrypt by making a call to the BlowfishSimple class everytime they process a record (one webform submission) or is it basically being called to encrypt a plaintext file as a whole. I am lost and therefore the post.

I'll put in a request for an encrypted message using BlowfishNET that I can post here and then put it here along with the key.

Thank you for your help.

Comment on Re: Decrypting BlowfishNET (was Re^11: line by line Encryption ...)

Replies are listed 'Best First'.
Re^2: Decrypting BlowfishNET (was Re^11: line by line Encryption ...) by samip (Novice) on Aug 04, 2008 at 17:49 UTC
Here is a message encrypted using BlowfishNET. The key used for encryption is "Abcdefghijklmnopqrstuvwxyz1234567890". IV is not specified when the call is made to BlowfishNET. I store the encrypted message in a file called "BFSTest_encoded.csv". mGWcw1XJV3ooXbGvzBuShOA2gwcUnW11NZnHm1Nm 8JQktRSoaAKl369jL8ZLnJNF71I5ctZq8wGGtfov iLj6PoXZWlzcasgBBUMefjGa0h+L53/VODmqCDaL 6jnZycB5VTngY5gt/9VpYxVW0KB5yR0TJrhHQa02 Vgn1I9ePtmbJfOkALXZPwY0H8MDULkzIYX409iSm 6zgu76UvW81qpJiakFDi9jmIbL4NVWYRlVR1xLRC HiM8X8q0yCT1ZQO9HJE8vHc/jKdEOi8QGNyAOtdd ku7Ikg4Pzwpk7g+R/TOCx7Q8xDKbV93sFHu1s3co pZrpCcNmd8Oy1CFazZ5FweWwsFqfgxMqopMrtaG6 Qc1J7cB3fYpI2RDN6xbAJ8HPZWGdOQsobopv+Czt GFuzVaVfwz8YXrLEXlbRFfv8Cpt8Q320NAAhwjFj eEUMyPCpzVZaBske4NDJ++7JomijlS8H8cHmmD6P Hbopy41W8BF9tsV9nqXgYeiVna98MNTEkyToyP/Z kBhGYJcutv3s9pG7SydwuKCxCd+Dugusnu8lM10/ 5UmGJ7YTGFCJvtfpXR9XoMCQ++eT4/YN9kZlim+2 bkjh01xPnG9r7PChWAVxpUVjOisGlZKrPV6tQRPU qwQ0die7XienUt5e+jACACGMqXWA4O8P5sg/iT3w Z2+dDIQiUnxCIATKn74/B8V9PDdtHnr5XOP5KPKK aYcz/gXt1Q6WkWawUIoLvCkobkm5o7MXeAiJCtet emfA86bV [download] When decrypted correctly it should look like this: blowfishsimple,3030,encrypt,this,then,decrypt,1232,it0 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it1 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it2 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it3 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it4 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it5 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it6 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it7 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it8 blowfishsimple,3030,encrypt,this,then,decrypt,1232,it9 Below is the runnable program with which I am unsuccessfully trying to decrypt the encrypted message above. #!/usr/bin/perl -w use strict; use warnings; use Crypt::CBC; use Fcntl ':flock'; use MIME::Base64; my $encodedFileName = "BFSTest_encoded.csv"; my $decodedFileName = "BFSTest_decoded.csv"; my $decryptedFileName = "BFSTest_decrypted.csv"; my $cCipher = "Blowfish"; my $cKey = q{Abcdefghijklmnopqrstuvwxyz1234567890}; my $cIV = "randomiv"; my $cObject = Crypt::CBC->new({ key => $cKey, cipher => $cCipher }); croak( "Invalid cipher type for encryption" ) unless $cObject; sub read_bytes { my ($fh, $to_read) = @_; my $buf = ''; while ($to_read) { my $bytes_read = read($fh, $buf, $to_read, length($buf)); die("$!\n") if !defined($bytes_read); die("Unexpected end of file\n") if !$bytes_read; $to_read -= $bytes_read; } return $buf; } sub decryptNETData { my ( $length, $buffer ); print "Now DECRYPTING $decodedFileName for current client ... \n"; open( my $fhREADFROM, "<", $decodedFileName ) \|\| die("Cannot open +encrypted file $decodedFileName"); binmode $fhREADFROM; flock $fhREADFROM, LOCK_SH; open( finalFile, ">", $decryptedFileName ) \|\| die("Cannot open fil +e $decryptedFileName to write decrypted contents"); binmode finalFile; flock finalFile, LOCK_EX; # Tried to slurp, decrypt and decode here, but that did not work e +ither. my $decodedFile = do { local( $/ ) ; <$fhREADFROM> } ; utf8::decode( my $str = $cObject->decrypt( $decodedFile ) ); print finalFile $str; #while (!eof($fhREADFROM)) { # $length = unpack('N', read_bytes($fhREADFROM, 4)); # $buffer = read_bytes($fhREADFROM, $length); # print finalFile $cObject->decrypt( $buffer ); #} close $fhREADFROM; close finalFile; print "Decrypted $decodedFileName to $decryptedFileName. \n"; } sub decodeData { open(my $fhENCODEDFILE, "<", $encodedFileName) \|\| die("Cannot open + file $encodedFileName"); binmode $fhENCODEDFILE; flock $fhENCODEDFILE, LOCK_EX; open(my $fhDECODEDFILE, ">", $decodedFileName) \|\| die("Cannot open + file $decodedFileName"); binmode $fhDECODEDFILE; flock $fhDECODEDFILE, LOCK_EX; my $utf8base64EncodedFile = do { local( $/ ) ; <$fhENCODEDFILE> } +; #utf8::decode( my $str = decode_base64($utf8base64EncodedFile) ); print $fhDECODEDFILE decode_base64($utf8base64EncodedFile); close $fhENCODEDFILE; close $fhDECODEDFILE; print "Decoded $encodedFileName to $decodedFileName. \n"; } decodeData(); decryptNETData(); [download] Also, I am copying below the encrypt subroutine from the BlowfishSimple class. I apologize if this is of no use. I don't understand how it is padding the data. I assume encryption is performed in the following order: UTF-8 encoded Padded to next 8-byte block border (I am unsure about this) and Encrypted BASE64 encoded We have taken your input and are encrypting the entire file as once. Therefore, the input to the BlowfishSimple class would be the entire file that needs to be encrypted. public String Encrypt(String plainText) { int i, origLen, len, mod; byte[] ueData, inBuf, outBuf, iv; ueData = Encoding.UTF8.GetBytes(plainText); origLen = ueData.Length; len = origLen; mod = len % BlowfishCBC.BLOCK_SIZE; len = (len - mod) + BlowfishCBC.BLOCK_SIZE; inBuf = new byte[len]; Array.Copy(ueData, 0, inBuf, 0, origLen); i = len - (BlowfishCBC.BLOCK_SIZE - mod); while (i < len) { inBuf[i++] = (byte)mod; } outBuf = new byte[inBuf.Length + BlowfishCBC.BLOCK_SIZE]; iv = new byte[BlowfishCBC.BLOCK_SIZE]; this.rng.GetBytes(iv); this.bfc.IV = iv; this.bfc.Encrypt( inBuf, 0, outBuf, BlowfishCBC.BLOCK_SIZE, inBuf.Length); Array.Copy(iv, 0, outBuf, 0, BlowfishCBC.BLOCK_SIZE); String sResult = Convert.ToBase64String(outBuf); Array.Clear(inBuf, 0, inBuf.Length); return sResult; } [download] Thank you for your help.	[reply] [d/l] [select]
Re^3: Decrypting BlowfishNET (was Re^11: line by line Encryption ...) by ikegami (Patriarch) on Aug 07, 2008 at 23:56 UTC
Please put `<c>...</c>` around your long data line! (And please include a newline within those tags.) The data size doesn't jive. The cipher text, once base64 decoded, is 576 ( 728 ) bytes long. Your plain text is 550 ( 688+6 ) bytes long. Your padded plain text is 552 ( 698 ) bytes long. The IV is 8 bytes long. There are 16 ( 576-(552+8) ) unaccounted bytes Unless the CRLF is used for line endings. The cipher text, once base64 decoded, is 576 ( 728 ) bytes long. Your plain text is 560 ( 708+0 ) bytes long. Your padded plain text is 568 ( 718 ) bytes long. The IV is 8 bytes long. There are 0 ( 576-(568+8) ) unaccounted bytes At least your Java code outputs as many bytes as expected. The following should produce the plain text. use strict; use warnings; use Crypt::CBC qw( ); use List::MoreUtils qw( apply ); use MIME::Base64 qw( decode_base64 ); my $key = 'Abcdefghijklmnopqrstuvwxyz1234567890'; my $ctext = decode_base64(apply { s/\s//g } <<'__EOI__'); mGWcw1XJV3ooXbGvzBuShOA2gwcUnW11NZnHm1Nm 8JQktRSoaAKl369jL8ZLnJNF71I5ctZq8wGGtfov iLj6PoXZWlzcasgBBUMefjGa0h+L53/VODmqCDaL 6jnZycB5VTngY5gt/9VpYxVW0KB5yR0TJrhHQa02 Vgn1I9ePtmbJfOkALXZPwY0H8MDULkzIYX409iSm 6zgu76UvW81qpJiakFDi9jmIbL4NVWYRlVR1xLRC HiM8X8q0yCT1ZQO9HJE8vHc/jKdEOi8QGNyAOtdd ku7Ikg4Pzwpk7g+R/TOCx7Q8xDKbV93sFHu1s3co pZrpCcNmd8Oy1CFazZ5FweWwsFqfgxMqopMrtaG6 Qc1J7cB3fYpI2RDN6xbAJ8HPZWGdOQsobopv+Czt GFuzVaVfwz8YXrLEXlbRFfv8Cpt8Q320NAAhwjFj eEUMyPCpzVZaBske4NDJ++7JomijlS8H8cHmmD6P Hbopy41W8BF9tsV9nqXgYeiVna98MNTEkyToyP/Z kBhGYJcutv3s9pG7SydwuKCxCd+Dugusnu8lM10/ 5UmGJ7YTGFCJvtfpXR9XoMCQ++eT4/YN9kZlim+2 bkjh01xPnG9r7PChWAVxpUVjOisGlZKrPV6tQRPU qwQ0die7XienUt5e+jACACGMqXWA4O8P5sg/iT3w Z2+dDIQiUnxCIATKn74/B8V9PDdtHnr5XOP5KPKK aYcz/gXt1Q6WkWawUIoLvCkobkm5o7MXeAiJCtet emfA86bV __EOI__ my $blksz = 8; # Chicken-egg UI problem with Crypt::CBC. my $iv = substr($ctext, 0, $blksz, ''); my $cipher = Crypt::CBC->new( -cipher => 'Blowfish', -key => $key, -header => 'none', -iv => $iv, ); binmode(STDOUT); print($cipher->decrypt($ctext)); [download] ...But it doesn't. I'll have to study how the key is used by both libraries. Or maybe it's some byte ordering problem? But I don't think so from what I've seen. Your padding method could be problematic. You use `byte fill = (byte)mod; while (i < len) { inBuf[i++] = (byte)fill; }` but Crypt::CBC expects `byte fill = (byte)(len-origLen); while (i < len) { inBuf[i++] = (byte)fill; }`	[reply] [d/l] [select]
Re^3: Decrypting BlowfishNET (try2) by ikegami (Patriarch) on Aug 08, 2008 at 00:16 UTC
Tried passing the key straight to Blowfish. It failed too. `use strict; use warnings; use Crypt::Blowfish qw( ); use Crypt::CBC qw( ); use List::MoreUtils qw( apply ); use MIME::Base64 qw( decode_base64 ); my $key = '...'; my $ctext = decode_base64('...'); my $cipher = Crypt::Blowfish->new($key); my $iv = substr($ctext, 0, $cipher->blocksize(), ''); my $cbc = Crypt::CBC->new( -cipher => $cipher, -header => 'none', -iv => $iv, ); binmode(STDOUT); print($cbc->decrypt($ctext));` [download]	[reply] [d/l]
Re^4: Decrypting BlowfishNET (try2) by samip (Novice) on Aug 11, 2008 at 12:46 UTC
Thank you for your help. I don't think there is a byte-ordering problem here. You are right about the padding, I am unsure as to how BlowfishSimple does it. I have tried a few things and am just not sure how I should proceed. Do you have any suggestions on what I could try? Thanks again.	[reply]
Re^5: Decrypting BlowfishNET (try2) by ikegami (Patriarch) on Aug 11, 2008 at 19:22 UTC
Re^6: Decrypting BlowfishNET (try2) by samip (Novice) on Aug 12, 2008 at 13:00 UTC
Some notes below your chosen depth have not been shown here