4
As explained in this thread, PyCrypto and OpenSSL produce the same output using AES ECB, assuming you skip the key derivation function with the -K option for OpenSSL. I tested it and got the same output.
However, when I use Blowfish ECB I get completely different output. This code:
from Crypto.Cipher import Blowfish
key = 'secret'
plaintext = 'abcdefgh'
cipher = Blowfish.new(key, Blowfish.MODE_ECB)
ciphertext = cipher.encrypt(plaintext)
print ciphertext.encode('hex')
Produces the output:
03582d2666553c05
These commands:
key=$(printf 'secret' | od -tx1 -An -v | tr -d ' ')
printf 'abcdefgh' | openssl enc -bf-ecb -nopad -K "$key" | od -tx1 -An -v | tr -d ' '
Produce the output:
166ac1ff98632178
Why is it different for the Blowfish cipher?
EDIT:
I did some reading and this thread has the answer, I think. OpenSSL is zero-padding the key to 128 bits. See what happens when you change
key = 'secret'
to
key = 'secret1234567890'
Is there any way around this - I don't see anything in the OpenSSL manual? Is there another commandline program that doesn't zero-pad the key?
I'm afraid this isn't correct SE for this question. You should consult OpenSSL mailing-lists, forums, documentation etc., maybe stackoverflow or security SE. – None – 2017-03-23T10:50:18.107