The Blowfish encryption algorithm is a symmetric key encryption algorithm designed by Bruce Schneier in 1993. The characteristics of the Blowfish algorithm are fast speed, high security, and the ability to use keys of different lengths for encryption.

The encryption process of the Blowfish algorithm involves dividing the plaintext into 64-bit blocks and encrypting each block separately. During encryption, the plaintext is encrypted using a key to produce ciphertext. During decryption, the same key is used to decrypt the ciphertext to obtain the original plaintext. The key length of the Blowfish algorithm can range from 32 to 448 bits, allowing for the use of different key lengths based on security requirements. The security of the Blowfish algorithm mainly depends on the key length and the number of encryption rounds, so it is necessary to choose sufficiently long keys and an adequate number of encryption rounds to ensure security.

Operation Modes

• CBC: Cipher Block Chaining, where plaintext is divided into fixed-size blocks and encrypted sequentially. Each block (group) is XORed with the encrypted data of the previous block before encryption. To ensure uniqueness of each message, the first data block is XORed with an initialization vector (IV) before encryption. CBC mode is a widely used encryption mode, but its main drawback is that encryption is sequential and cannot be parallelized. Like ECB, message blocks must be padded to a multiple of the block size.
• ECB: Electronic Codebook, the simplest encryption mode where plaintext messages are divided into fixed-size blocks, with each block encrypted separately. Each block is encrypted and decrypted independently using the same method, allowing for parallel processing. However, if one block is decrypted, all plaintext data can be decrypted using the same method, compromising security. Suitable for scenarios with minimal data, where plaintext data needs to be padded to a multiple of the block size.
• OFB: Output Feedback, which transforms block ciphers into stream ciphers, encrypting bit by bit or byte by byte. It uses an initialization vector (IV) as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. OFB mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication.
• CFB: Cipher Feedback, which divides data into bits rather than blocks, providing characteristics of stream cipher encryption for encrypting data of any length. It allows for bit-by-bit or byte-by-byte encryption and decryption without padding. Similar to CBC mode, the ciphertext of the previous block is XORed with the plaintext of the current block to generate the ciphertext for the current block. Therefore, CFB mode is sensitive to transmission errors and data loss as an error bit can affect subsequent encryption results.
• CTS: Cipher Text Stealing, used to address the problem of the last block length being insufficient in block cipher encryption. During encryption, if the last block length is insufficient, partial ciphertext blocks are used to pad the plaintext block before encryption. During decryption, if the last block length is insufficient, partial ciphertext blocks are used for decryption, followed by removing the padded portion, ensuring consistency in data length before and after encryption.
• CTR: Counter Mode, which transforms block ciphers into stream ciphers for encryption on a bit-by-bit or byte-by-byte basis. It uses a counter as input to generate a key stream through a block cipher algorithm. The key stream is XORed with plaintext to produce ciphertext. CTR mode offers parallel processing and is suitable for real-time encryption and decryption. It does not require padding and can handle data of any length. Additional mechanisms are needed to ensure data integrity and authentication.

Padding Modes

• None: No padding
• PKCS7: Padding consists of a byte sequence, with each byte padded to the length of the byte sequence
• Zeros: Padding consists of bytes set to zero
• ANSIX923: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with zeros
• ISO10126: Padding consists of a byte sequence, where the last byte of the sequence indicates the length and other bytes are filled with random data

For block symmetric encryption algorithms, some operation modes require the byte length of plaintext data to be a multiple of the block size, so we must pad the plaintext data before encrypting it.

Key(IV) Text Or Hex

• Text represents the text format and is encoded in UTF-8 before being converted to a byte[] array.
• Hex represents the hexadecimal format, and the input will be converted from a hexadecimal string to a byte[] array before encryption.

Character Set and Format encryption instructions

• First Scenario, taking DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt the string "中国abc". Choose character set "UTF-8". The encryption output is in hexadecimal format, select "Hex" from the format dropdown. The encrypted output result is "C886FF3D9DCB37FA1FA0EAD95889DF3E". View Example
• Another Scenario, still using DES encryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; encrypt hexadecimal data, for example [0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08]. Choose character set "Hex". The encryption output is in Base64 format, select "Base64" from the format dropdown. The encrypted output result is "up/vqMd1Eq4d/TFcc22l3Q==". View Example

Character Set and Format decryption instructions

• First Scenario, using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the hexadecimal string "C886FF3D9DCB37FA1FA0EAD95889DF3E". Therefore, select "Hex" from the format dropdown for decryption, and the data encoding after decryption is "UTF-8". Choose character set "UTF-8". The decrypted string is "中国abc". View Example
• Another Scenario, still using DES decryption as an example: select "Text" from the key dropdown, enter "12345678" as the Key, leave the IV empty; decrypt the Base64 string "up/vqMd1Eq4d/TFcc22l3Q==". Therefore, select "Base64" from the format dropdown for decryption, and there is no additional encoding after decryption, as it is hexadecimal data. Choose character set "Hex" (selecting "UTF-8" would result in garbled text). The final decrypted string is "0102030405060708". View Example