Symmetric encryption question

[roswell1329]

I know when using an asymmetric encryption algorithm like RSA, you need to generate a key pair (public and private) that have a mathematical correlation for message encryption, but when using a symmetric encryption algorithm like Blowfish, can the key be basically any string of printable characters as long as the same key is used for both encryption and decryption?

[tampabay420]

yes, i think it can be any char who's val is <= 255...
or at least with blowfish, thats how it is?
am i understanding your question?

[roswell1329]

I'm just playing around with the Crypt::Blowfish module in Perl, and it's asking for a key. The specs on the algorithm suggest I can use any key between 8bytes and 56bytes. When I use a random string smaller than 8 bytes I get an error saying "input must be 8 bytes long". When I put in a string greater than 8 bytes, I get an "invalid key length" error. Weird...

The pod documentation example that came with the module uses pack to create a binary hex block out of a string of 16 characters...which would be 8 bits in hex, so this is obviously just an example. However, I tried packing a string of 112 random characters into a 56 high nybble hex block, and I get the "input must be 8 bytes long" error again. Any suggestions?

[tampabay420]

hmmm, not right now... but let me check (i love the Crypt lib )...
not to be nosey, but could you PM your example.pl so i can take a look?

[roswell1329]

The code I'm using is really straight-forward:

#!/usr/bin/perl -w
use strict;
use Crypt::Blowfish;
my $key = pack("H56", "12004001208404a43f00502200b204602600c00001da894922433e46018004602404240109301008140000000142404002010000000000001J");
my $plaintext = "WARNING: THIS MESSAGE IS SUBJECT TO MONITORING BY THE UNITED
STATES DEPARTMENT OF HOMELAND DEFENSE.";
my $cipher = new Crypt::Blowfish $key;
my $ciphertext = $cipher->encrypt($plaintext);
print unpack("H56", $ciphertext),"\n";
my $decrypted = $cipher->decrypt($ciphertext);
print $decrypted, "\n";

[cyclops07]

Hmm... the blowfish key length is variable and can be up to 448 bits.. you can count the aproximate char

[roswell1329]

It looks like the algorithm can only encrypt 8byte strings, so I threw together a subroutine to parse through any size string 8bytes at a time. Concatenate them all together and you get a (fairly) safe encrypted string. Thanks everyone. I'll post the code here when I finish polishing it up.

[roswell1329]

Here's the code I came up with. Please keep in mind that for my purposes, this code is all I require, but this method has some big problems with it (namely the key to encrypt/decrypt hardcoded into the script!). However, it might be good for some folks to play with and modify to create something better. It should also be noted that the string produced by the Blowfish encryption algorithm usually contains non-printable characters, and I couldn't have those in my implementation, so during encryption I'm actually packing the resultant string into a space padded ASCII string, and then unpacking it into a hex string. During decryption, I pack the string back into a binary format. If anyone has any questions about this snippet, please let me know and I'll be happy to answer them:

#!/usr/bin/perl -w
use strict;
use Crypt::Blowfish;
my $i=0;
my $Blowfish_Key = "Qas42a41i1301348f2vvng012m";
my $Blowfish_Cipher = new Crypt::Blowfish $Blowfish_Key;

shift=~/\-e/?encrypt():decrypt();
exit;

sub encrypt
{
my $Username = $ARGV[0];
my $Password = $ARGV[1];
my $Encrypted = "";

for($i=0;$i!=-1;$i+=8)
{
my $linechunk=substr($Password, $i, 8);
$Encrypted.=unpack("H16",$Blowfish_Cipher->encrypt(pack("A8",$linechunk)));
if(length($linechunk)<7){ last; }
}
print $Encrypted,"\n";
}

sub decrypt
{
my $Retrieved = $ARGV[0];
my $Decrypted = "";

for($i=0;$i!=-1;$i+=16)
{
my $linechunk = substr($Retrieved, $i, 16);
if(length($linechunk)<1){ last; }
$Decrypted .= $Blowfish_Cipher->decrypt(pack("H16", $linechunk));
if(length($linechunk)<15){ last; }
}
print $Decrypted,"\n";
}

[tampabay420]

Hey, maybe i should start a new thread for this [?] but i was wondering...

just recently, perl has not been able to load some module(s)...
i reinstalled Perl in hopes that it would just clear up on it's own...
anyway- if anyone has seen this problem before...
Perl 5.8.0
Build 805

[roswell1329]

You need to make sure you have the module you're calling in one of your lib directories (C:\Perl\lib, and C:\Perl\site\lib). I don't believe the Blowfish module comes standard with Perl, so you may have to grab it off of CPAN.