Package Cryptodome :: Package Cipher :: Module Blowfish

Module Blowfish

Blowfish symmetric cipher

Blowfish is a symmetric block cipher designed by Bruce Schneier.

It has a fixed data block size of 8 bytes and its keys can vary in length from 32 to 448 bits (4 to 56 bytes).

Blowfish is deemed secure and it is fast. However, its keys should be chosen to be big enough to withstand a brute force attack (e.g. at least 16 bytes).

Use AES, not Blowfish. This module is provided only for legacy purposes.

As an example, encryption can be done as follows:

>>> from Cryptodome.Cipher import Blowfish
>>> from struct import pack
>>>
>>> bs = Blowfish.block_size
>>> key = b'An arbitrarily long key'
>>> cipher = Blowfish.new(key, Blowfish.MODE_CBC)
>>> plaintext = b'docendo discimus '
>>> plen = bs - len(plaintext) % bs
>>> padding = [plen]*plen
>>> padding = pack('b'*plen, *padding)
>>> msg = cipher.iv + cipher.encrypt(plaintext + padding)
Functions
 
new(key, mode, *args, **kwargs)
Create a new Blowfish cipher
Variables
  MODE_ECB = 1
Electronic Code Book (ECB). See Cryptodome.Cipher._mode_ecb.EcbMode.
  MODE_CBC = 2
Cipher-Block Chaining (CBC). See Cryptodome.Cipher._mode_cbc.CbcMode.
  MODE_CFB = 3
Cipher FeedBack (CFB). See Cryptodome.Cipher._mode_cfb.CfbMode.
  MODE_OFB = 5
Output FeedBack (OFB). See Cryptodome.Cipher._mode_ofb.OfbMode.
  MODE_CTR = 6
CounTer Mode (CTR). See Cryptodome.Cipher._mode_ctr.CtrMode.
  MODE_OPENPGP = 7
OpenPGP Mode. See Cryptodome.Cipher._mode_openpgp.OpenPgpMode.
  MODE_EAX = 9
EAX Mode. See Cryptodome.Cipher._mode_eax.EaxMode.
  block_size = 8
Size of a data block (in bytes)
  key_size = xrange(5, 57)
Size of a key (in bytes)
Function Details

new(key, mode, *args, **kwargs)

 

Create a new Blowfish cipher

Parameters:
  • key (byte string) - The secret key to use in the symmetric cipher. Its length can vary from 5 to 56 bytes.
  • mode (a MODE_* constant) - The chaining mode to use for encryption or decryption.
  • iv (byte string) - (Only MODE_CBC, MODE_CFB, MODE_OFB, MODE_OPENPGP).

    The initialization vector to use for encryption or decryption.

    For MODE_OPENPGP, IV must be 8 bytes long for encryption and 10 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext).

    For all other modes, it must be 8 bytes long.

    If not provided, a random byte string will be generated (you must read it back via the iv attribute).

  • nonce (byte string) - (Only MODE_EAX and MODE_CTR). A value that must never be reused for any other encryption.

    For MODE_CTR, its length must be in the range [0..7].

    For MODE_EAX, there are no restrictions, but it is recommended to use at least 16 bytes.

    If not provided for MODE_EAX, a 16 byte random string will be used (you can read it back via the nonce attribute).

  • mac_len (integer) - (Only MODE_EAX). Length of the authentication tag, in bytes. It must be no larger than 8 (which is the default).
  • segment_size (integer) - (Only MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If not specified, it will be assumed to be 8.
  • initial_value (integer) - (Only MODE_CTR). The initial value for the counter within the counter block. By default it is 0.
Returns:

a Blowfish cipher object, of the applicable mode: