Blowfish ECB encryption in C# implementation

1
votes

I have a client who needs us to use Blowfish ECB encryption with cipherMode 0, output 1. I have tried to solve for this, but I'm getting stuck. How do I fix my code?

Here are the full client instructions:

Algorithm: Blowfish ・ Mode: ECB ・ Padding: PKCS5Padding *Initial vector is unnecessary because we use ECB mode.

Example ・Encrypt Key: 2fs5uhnjcnpxcpg9  → Plain Text : 3280:99:20120201123050  → Cipher Text : daa745f1901364c0bd42b9658db3db96336758cd34b2a576 * Please keep Cipher Text with 16 hexadecimal characters . * Please generate Cipher Text without “salt”.

I need to write this in C#. Here's what I did, but it doesn't seem to be working:

string member_id = "3280";
        string panelType = "99";
        string RandomString = "20120201123050";
        string encryptionKey = "2fs5uhnjcnpxcpg9";
        string cryptstr = member_id + ":" + panelType + ":" + RandomString;
        string plainText = cryptstr;
        BlowFish b = new BlowFish(encryptionKey);
        string cipherText = b.Encrypt_ECB("3280:99:20120201123050");

The result is not daa745f1901364c0bd42b9658db3db96336758cd34b2a576. Where did I go wrong?

1
c#encryptionblowfish
Wow, that is about the worst security wise! Even the author of Blowfish does not use it any more, now he uses AES. Do not use ECB mode, it is insecure, see ECB mode, scroll down to the Penguin.zaph
What are you importing to get the Blowfish class? And since I don't see you setting anything for the padding, what is the default that doc for the library containing that Blowfish class says it is using?Richard Schwartz
Eventually it is time to update security, AES has been available for 15 years, the client should really make an effort, waiting another 15 years would be ridiculous.zaph

1 Answers

1
votes

Encrypt_ECB() so I assume its Schneier's class.

The ctor expects a hexadecimal string if one is passed, you need the overload for a byte array:

BlowFish b = new BlowFish(Encoding.UTF8.GetBytes(encryptionKey));

The output is still not correct, lets see what it really should be by decrypting their example:

string clear = b.Decrypt_ECB("daa745f1901364c0bd42b9658db3db96336758cd34b2a576");

gives us:

"3280:99:20120201123050\u0002\u0002"

Which is good but there are 2 0x2 bytes on the end, the N x 0xN is due to the PKCS padding. To get the match you need to pad the input:

// input to bytes
List<byte> clearBytes = new List<byte>(Encoding.UTF8.GetBytes("3280:99:20120201123050"));

// how many padding bytes?
int needPaddingBytes = 8 - (clearBytes.Count % 8);

// add them
clearBytes.AddRange(Enumerable.Repeat((byte)needPaddingBytes, needPaddingBytes));

// encrypt
byte[] cipherText = b.Encrypt_ECB(clearBytes.ToArray());

// to hex
string cipherTextHex = BitConverter.ToString(cipherText).Replace("-", "").ToLowerInvariant();