Blowfish compatibility with other blowfish implementations


I need to encrypt some text in an AWS Lambda instance in part of a web response, and then decrypt it in JUCE. Has anyone done this before? I figured BlowFish would be a good way to go. I’m using the crypto module, but there are a few different blowfish implementations available: bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb.

The OpenSSL documentation has a bit more info on these:

As you can see from the "enc" help text, OpenSSL supports 4 cipher variations of Blowfish algorithm with 6 aliases:

"bf" - Alias for "bf-cbc"
"blowfish" - Alias for "bf-cbc"
"bf-cbc" - Blowfish in CBC mode
"bf-cfb" - Blowfish in CFB mode
"bf-ecb" - Blowfish in ECB mode
"bf-ofb" - Blowfish in OFB mode

I also found more reference here:

I can’t seem to find in the JUCE documentation what operating mode the BlowFish class uses. Before I do a lot of tedious trial and error (or interpreting the source code), has anyone tried this before?


I’m sorry I don’t have much to add, cpenny, but I would like to know this as well. Seems like a simple question for the JUCE team to answer.


I just went without encryption for now — as it turns out it was unnecessary for my specific application.

This could be a great JUCE demo — I’m sure people will be using JUCE apps alongside web apps more and more. I would love to see an “official” working implementation of encryption in Node.js and decryption in JUCE.


+1 Would be good to know which mode is used, and even better, an example with openssl encryption and JUCE decryption.


I want to use openssl_encrypt on our server too, so knowing which cipher mode the BlowFish algorithm uses is quite essential. @jules should know :wink:


I couldn’t tell you for sure, it’s years since I wrote it, but I assume it’s the most common one: CBC


Looking at the code I’d say the mode is ECB. There is no feedback of the previous cipher into the next block encryption.


I’m actually quite sure it’s not the most common one. Or some of the other settings differ with common defaults. If I remember correctly I tried both ECB and CBC and neither worked.

In the end I ended up using cryptopp instead of juce’s crypto module, and I’ve heard from more parties they struggled with getting BlowFish to work. Sounds like perhaps it warrants another review?


We decided to not use the JUCE implementation. Even if we could get it to work, ECB is too insecure to be useful.


See: TwoFish and ThreeFish