Basic tech stuff

Programming and Linux administration

Blowfish decryption in Ruby

Posted by Daniel Brahneborg on 2007 March 9

For a project that will soon be released as Open Source, I need to decrypt blowfish encrypted data in Ruby. There are several ways, none of which makes me happy.

1. The Crypt library in pure Ruby. The current version has a few bugs, but after adding a couple of patches, it decrypts the data perfectly. Downside? It’s slow. Slow as hell. Data that takes 3 seconds to decode in C takes 300 with this library.

2. The EzCrypto library. It’s a frontend for the OpenSSL libraries, and should therefore be quite a bit faster. I don’t know, because I simply can’t get it to work. I’ve followed all the descriptions, but it never manages to decrypt the data correctly. My code looks something like this, assuming that the IV is in the beginning of the encrypted data:

def decrypt(key, data)
    @driver =, :algorithm => "bf-cbc")

3. Using the Ruby OpenSSL libraries directly. This doesn’t work either. Here I do like this:

def decrypt(key, data)
    @driver ="BF-CBC")
    @driver.key = @key
    @driver.iv = data[0..7]
    clear = @driver.update(data[8..-1])
    clear <<

4. Using a shell escape to the openssl binary, using the flags -K and -iv to set the encryption parameters. Doesn’t work either.

5. Using a shell escape to my own binary, which uses the BF* functions in OpenSSL directly. Works like a charm, even if the 900 fork/exec/wait calls bring up the total time to 13 seconds. And of course, it doesn’t work with other encryption algorithms unless I add those explicitly.

So now I have the choice between five versions that all suck. Or rather two, if I only count the versions that actually work. Life is fun.

Andra bloggar om: , , ,

7 Responses to “Blowfish decryption in Ruby”

  1. […] Blowfish decryption in Ruby […]

  2. Joel said

    Hi, did you ever get this to work?, im suffering from similar issue using another algorithm.

  3. Manu said

    Just so you know, I got openssl version working. here is what I do

    require ‘rubygems’
    require ‘openssl’
    cipher = “bf”

    cipher.key = “AT&T Kabira Encryption Default Key”
    ciphertext = cipher.update “some data”
    p ciphertext <<

    cipher.key = "AT&T Kabira Encryption Default Key"
    plaintext = cipher.update ciphertext

    p plaintext <<

  4. Thanks Manu, I’ll make a new try without “iv” next time.

  5. Rei said

    Manu said:
    plaintext = cipher.update encryptext

    NameError: undefined local variable or method `encryptext’ for main:Object
    from (irb):22
    from /usr/local/bin/irb:12:in `’

    Can anyone help me?

  6. Replace “encryptext” with “ciphertext”.

  7. Anonymous said

    Isn’t blowfish purposefully slow?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: