This page attempts to answer these frequently-asked questions on encryption:
- Can a file encrypted in VB be decrypted by an application written in Java?
- Why can't I use your program to decrypt something encrypted by Product X?
Most queries we get seem to involve Blowfish, but the principles are applicable to any symmetric block cipher algorithm like AES, IDEA, DES, or Triple DES.
Q. Can a file encrypted in VB be decrypted by an application written in Java?
A. Yes, provided both applications use the same format for the data and the same methods of encryption. See below.
Q. Why can't I use your program to decrypt something encrypted by Product X?
A. Probably because of one of the reasons listed below.
The Blowfish algorithm (or any block cipher algorithm like DES or AES) only specifies what happens to a given block of bits of a specified size when transformed with a certain bit string used as the key. AES uses a 128-bit block; older algorithms like DES and Blowfish use a 64-bit block. However, there at at least the following alternatives available to two parties who wish to exchange encrypted data:-
- There are different modes of encryption that can be used (ECB, CBC, OFB, CFB, CTR, etc) all of which will produce different results. All of these methods except ECB require a unique Initialization Vector (IV) to be generated and passed to the recipient along with the ciphertext. In ECB (Electronic Code Book) mode, each block is encrypted independently (and is less secure). With other modes, each block (128 bits for AES and 64 bits for Blowfish and DES) is encrypted in the same manner using the key but then the result is combined with the result of encrypting an earlier block in the sequence. This increases security. The exact reverse process must be used to decrypt. See Modes of Operation for Symmetric Key Block Ciphers by NIST and NIST Special Publication 800-38A Recommendation for Block Cipher Modes of Operation: Methods and Techniques.
- The resulting ciphertext can be stored in different formats (binary, base64, hexadecimal strings, etc).
- Even the key can be passed to the function in these different formats, too, or you can use a password string and convert that to a bit-string key by a whole variety of methods. Remember that a password is not a key and vice versa. See An Introduction to Using Keys in Cryptography.
- Plaintext stored in Unicode or DBCS format has to be converted to a consistent bit string format before encryption, and then back to the same format after decryption. You will sometimes see this process referred to as normalization or as canonicalization, although that word has a much wider meaning. See Cryptography with International Character Sets.
- Plaintext that is not an exact multiple of 64 bits (128 bits for AES) has to be padded before encryption (well, for ECB and CBC modes anyway - OFB, CFB and CTR modes do not need padding). There are at least 5 common methods of padding used. Getting this wrong will normally just affect the last block, but if your decryption program uses the result of decrypting the last block to check for correct decryption, then it might flag an error anyway even though the rest was actually decrypted properly. If you have a problem with just the last few bytes after decryption - maybe they're always wrong or get truncated - then look at the method of padding used. See Using Padding in Cryptography.
- Blowfish complicates matters even further because it allows a variable length key between 8 and 448 bits. DES and Triple DES always use a fixed key length, and AES has a choice of three (128, 192 or 256 bits).
All, we repeat, all these alternatives have to be agreed and used consistently by both parties. If they are all the same then it doesn't matter whether you use Visual Basic, Java, C or any other programming language to handle the encryption. Saying it's "Blowfish" is just the start.
- Plaintext character format
- how plaintext characters are encoded in the bit string
- how to pad the plaintext to be an exact multiple of the block size
- Key length
- must be agreed if there is a choice
- Key derivation
- how to create the bit string to be used for the key
- which mode of encryption to use
- Storage format
- how we store the ciphertext
See also our pages on:
- Cryptography with International Character Sets
- Storing and representing ciphertext
- Encrypting variable-length strings with a password: doing it properly.
- Changes to Blowfish in Visual Basic in Version 6 which discusses Strings vs Bytes and ANSI vs Unicode
- Binary and byte operations in Visual Basic
- Using Byte Arrays in Visual Basic
To comment on this page or ask a question, please send us a message.
This page last updated 27 February 2013