Provided by: tcllib_1.19-dfsg-2_all 
NAME
blowfish - Implementation of the Blowfish block cipher
SYNOPSIS
package require Tcl 8.4
package require blowfish ?1.0.4?
::blowfish::blowfish ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv vector? ?-out channel?
?-chunksize size? ?-pad padchar? [ -in channel | ?--? data ]
::blowfish::Init mode keydata iv
::blowfish::Encrypt Key data
::blowfish::Decrypt Key data
::blowfish::Reset Key iv
::blowfish::Final Key
________________________________________________________________________________________________________________
DESCRIPTION
This package is an implementation in Tcl of the Blowfish algorithm developed by Bruce Schneier [1].
Blowfish is a 64-bit block cipher designed to operate quickly on 32 bit architectures and accepting a
variable key length. This implementation supports ECB and CBC mode blowfish encryption.
COMMANDS
::blowfish::blowfish ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv vector? ?-out channel?
?-chunksize size? ?-pad padchar? [ -in channel | ?--? data ]
Perform the blowfish algorithm on either the data provided by the argument or on the data read
from the -in channel. If an -out channel is given then the result will be written to this channel.
The -key option must be given. This parameter takes a binary string of variable length and is used
to generate the blowfish key schedule. You should be aware that creating a key schedule is quite
an expensive operation in blowfish so it is worth reusing the key where possible. See Reset.
The -mode and -dir options are optional and default to cbc mode and encrypt respectively. The
initialization vector -iv takes an 8 byte binary argument which defaults to 8 zeros. See MODES OF
OPERATION for more about available modes and their uses.
Blowfish is a 64-bit block cipher. This means that the data must be provided in units that are a
multiple of 8 bytes. The blowfish command will by default add nul characters to pad the input data
to a multiple of 8 bytes if necessary. The programming api commands will never add padding and
instead will raise an error if the input is not a multiple of the block size. The -pad option can
be used to change the padding character or to disable padding if the empty string is provided as
the argument.
PROGRAMMING INTERFACE
::blowfish::Init mode keydata iv
Construct a new blowfish key schedule using the specified key data and the given initialization
vector. The initialization vector is not used with ECB mode but is important for CBC mode. See
MODES OF OPERATION for details about cipher modes.
::blowfish::Encrypt Key data
Use a prepared key acquired by calling Init to encrypt the provided data. The data argument should
be a binary array that is a multiple of the block size of 8 bytes. The result is a binary array
the same size as the input of encrypted data.
::blowfish::Decrypt Key data
Decipher data using the key. Note that the same key may be used to encrypt and decrypt data
provided that the initialization vector is reset appropriately for CBC mode.
::blowfish::Reset Key iv
Reset the initialization vector. This permits the programmer to re-use a key and avoid the cost of
re-generating the key schedule where the same key data is being used multiple times.
::blowfish::Final Key
This should be called to clean up resources associated with Key. Once this function has been
called the key may not be used again.
MODES OF OPERATION
Electronic Code Book (ECB)
ECB is the basic mode of all block ciphers. Each block is encrypted independently and so identical
plain text will produce identical output when encrypted with the same key. Any encryption errors
will only affect a single block however this is vulnerable to known plaintext attacks.
Cipher Block Chaining (CBC)
CBC mode uses the output of the last block encryption to affect the current block. An
initialization vector of the same size as the cipher block size is used to handle the first block.
The initialization vector should be chosen randomly and transmitted as the first block of the
output. Errors in encryption affect the current block and the next block after which the cipher
will correct itself. CBC is the most commonly used mode in software encryption.
EXAMPLES
% blowfish::blowfish -hex -mode ecb -dir encrypt -key secret01 "hello, world!"
d0d8f27e7a374b9e2dbd9938dd04195a
set Key [blowfish::Init cbc $eight_bytes_key_data $eight_byte_iv]
append ciphertext [blowfish::Encrypt $Key $plaintext]
append ciphertext [blowfish::Encrypt $Key $additional_plaintext]
blowfish::Final $Key
REFERENCES
[1] Schneier, B. "Applied Cryptography, 2nd edition", 1996, ISBN 0-471-11709-9, pub. John Wiley &
Sons.
AUTHORS
Frank Pilhofer, Pat Thoyts
BUGS, IDEAS, FEEDBACK
This document, and the package it describes, will undoubtedly contain bugs and other problems. Please
report such in the category blowfish of the Tcllib Trackers [http://core.tcl.tk/tcllib/reportlist].
Please also report any ideas for enhancements you may have for either package and/or documentation.
When proposing code changes, please provide unified diffs, i.e the output of diff -u.
Note further that attachments are strongly preferred over inlined patches. Attachments can be made by
going to the Edit form of the ticket immediately after its creation, and then using the left-most button
in the secondary navigation bar.
SEE ALSO
3des, des, rc4
KEYWORDS
block cipher, blowfish, cryptography, encryption, security
CATEGORY
Hashes, checksums, and encryption
COPYRIGHT
Copyright (c) 2003, Pat Thoyts <patthoyts@users.sourceforge.net>