1blowfish(n) Blowfish Block Cipher blowfish(n)
2
3
4
5______________________________________________________________________________
6
8 blowfish - Implementation of the Blowfish block cipher
9
11 package require Tcl 8.4
12
13 package require blowfish ?1.0.5?
14
15 ::blowfish::blowfish ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key
16 keydata ?-iv vector? ?-out channel? ?-chunksize size? ?-pad padchar? [
17 -in channel | ?--? data ]
18
19 ::blowfish::Init mode keydata iv
20
21 ::blowfish::Encrypt Key data
22
23 ::blowfish::Decrypt Key data
24
25 ::blowfish::Reset Key iv
26
27 ::blowfish::Final Key
28
29______________________________________________________________________________
30
32 This package is an implementation in Tcl of the Blowfish algorithm de‐
33 veloped by Bruce Schneier [1]. Blowfish is a 64-bit block cipher de‐
34 signed to operate quickly on 32 bit architectures and accepting a vari‐
35 able key length. This implementation supports ECB and CBC mode blowfish
36 encryption.
37
39 ::blowfish::blowfish ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key
40 keydata ?-iv vector? ?-out channel? ?-chunksize size? ?-pad padchar? [
41 -in channel | ?--? data ]
42 Perform the blowfish algorithm on either the data provided by
43 the argument or on the data read from the -in channel. If an
44 -out channel is given then the result will be written to this
45 channel.
46
47 The -key option must be given. This parameter takes a binary
48 string of variable length and is used to generate the blowfish
49 key schedule. You should be aware that creating a key schedule
50 is quite an expensive operation in blowfish so it is worth
51 reusing the key where possible. See Reset.
52
53 The -mode and -dir options are optional and default to cbc mode
54 and encrypt respectively. The initialization vector -iv takes an
55 8 byte binary argument which defaults to 8 zeros. See MODES OF
56 OPERATION for more about available modes and their uses.
57
58 Blowfish is a 64-bit block cipher. This means that the data must
59 be provided in units that are a multiple of 8 bytes. The blow‐
60 fish command will by default add nul characters to pad the input
61 data to a multiple of 8 bytes if necessary. The programming api
62 commands will never add padding and instead will raise an error
63 if the input is not a multiple of the block size. The -pad op‐
64 tion can be used to change the padding character or to disable
65 padding if the empty string is provided as the argument.
66
68 ::blowfish::Init mode keydata iv
69 Construct a new blowfish key schedule using the specified key
70 data and the given initialization vector. The initialization
71 vector is not used with ECB mode but is important for CBC mode.
72 See MODES OF OPERATION for details about cipher modes.
73
74 ::blowfish::Encrypt Key data
75 Use a prepared key acquired by calling Init to encrypt the pro‐
76 vided data. The data argument should be a binary array that is a
77 multiple of the block size of 8 bytes. The result is a binary
78 array the same size as the input of encrypted data.
79
80 ::blowfish::Decrypt Key data
81 Decipher data using the key. Note that the same key may be used
82 to encrypt and decrypt data provided that the initialization
83 vector is reset appropriately for CBC mode.
84
85 ::blowfish::Reset Key iv
86 Reset the initialization vector. This permits the programmer to
87 re-use a key and avoid the cost of re-generating the key sched‐
88 ule where the same key data is being used multiple times.
89
90 ::blowfish::Final Key
91 This should be called to clean up resources associated with Key.
92 Once this function has been called the key may not be used
93 again.
94
96 Electronic Code Book (ECB)
97 ECB is the basic mode of all block ciphers. Each block is en‐
98 crypted independently and so identical plain text will produce
99 identical output when encrypted with the same key. Any encryp‐
100 tion errors will only affect a single block however this is vul‐
101 nerable to known plaintext attacks.
102
103 Cipher Block Chaining (CBC)
104 CBC mode uses the output of the last block encryption to affect
105 the current block. An initialization vector of the same size as
106 the cipher block size is used to handle the first block. The
107 initialization vector should be chosen randomly and transmitted
108 as the first block of the output. Errors in encryption affect
109 the current block and the next block after which the cipher will
110 correct itself. CBC is the most commonly used mode in software
111 encryption.
112
114 % blowfish::blowfish -hex -mode ecb -dir encrypt -key secret01 "hello, world!"
115 d0d8f27e7a374b9e2dbd9938dd04195a
116
117
118
119 set Key [blowfish::Init cbc $eight_bytes_key_data $eight_byte_iv]
120 append ciphertext [blowfish::Encrypt $Key $plaintext]
121 append ciphertext [blowfish::Encrypt $Key $additional_plaintext]
122 blowfish::Final $Key
123
124
126 [1] Schneier, B. "Applied Cryptography, 2nd edition", 1996, ISBN
127 0-471-11709-9, pub. John Wiley & Sons.
128
130 Frank Pilhofer, Pat Thoyts
131
133 This document, and the package it describes, will undoubtedly contain
134 bugs and other problems. Please report such in the category blowfish
135 of the Tcllib Trackers [http://core.tcl.tk/tcllib/reportlist]. Please
136 also report any ideas for enhancements you may have for either package
137 and/or documentation.
138
139 When proposing code changes, please provide unified diffs, i.e the out‐
140 put of diff -u.
141
142 Note further that attachments are strongly preferred over inlined
143 patches. Attachments can be made by going to the Edit form of the
144 ticket immediately after its creation, and then using the left-most
145 button in the secondary navigation bar.
146
148 3des, des, rc4
149
151 block cipher, blowfish, cryptography, encryption, security
152
154 Hashes, checksums, and encryption
155
157 Copyright (c) 2003, Pat Thoyts <patthoyts@users.sourceforge.net>
158
159
160
161
162tcllib 1.0.5 blowfish(n)