Cross-Platform Encryption

This page attempts to answer these frequently-asked questions on encryption:

• Can a file encrypted in VB be decrypted by an application written in Java?
• Why can't I use your program to decrypt something encrypted by Product X?

Most queries we get seem to involve Blowfish, but the principles are applicable to any symmetric block cipher algorithm like AES, IDEA, DES, or Triple DES.

Typical frequently-asked questions

Q. Can a file encrypted in VB be decrypted by an application written in Java?

A. Yes, provided both applications use the same format for the data and the same methods of encryption. See below.

Q. Why can't I use your program to decrypt something encrypted by Product X?

A. Probably because of one of the reasons listed below.

How Symmetric Block Cipher Algorithms Work - choices, choices and more choices

The Blowfish algorithm (or any block cipher algorithm like DES or AES) only specifies what happens to a given block of bits of a specified size when transformed with a certain bit string used as the key. AES uses a 128-bit block; older algorithms like DES and Blowfish use a 64-bit block. However, there are at least the following alternatives available to two parties who wish to exchange encrypted data:-

1. There are different modes of encryption that can be used (ECB, CBC, OFB, CFB, CTR, etc) all of which will produce different results. All of these methods except ECB require a unique Initialization Vector (IV) to be generated and passed to the recipient along with the ciphertext. In ECB (Electronic Code Book) mode, each block is encrypted independently (and is less secure). With other modes, each block (128 bits for AES and 64 bits for Blowfish and DES) is encrypted in the same manner using the key but then the result is combined with the result of encrypting an earlier block in the sequence. This increases security. The exact reverse process must be used to decrypt. See NIST Special Publication 800-38A Recommendation for Block Cipher Modes of Operation: Methods and Techniques.
2. The resulting ciphertext can be stored in different formats (binary, base64, hexadecimal strings, etc).
3. Even the key can be passed to the function in these different formats, too, or you can use a password string and convert that to a bit-string key by a whole variety of methods. Remember that a password is not a key and vice versa. See An Introduction to Using Keys in Cryptography.
4. Plaintext stored in Unicode or DBCS format has to be converted to a consistent bit string format before encryption, and then back to the same format after decryption. You will sometimes see this process referred to as normalization or as canonicalization, although that word has a much wider meaning. See Cryptography with International Character Sets.
5. Plaintext that is not an exact multiple of 64 bits (128 bits for AES) has to be padded before encryption (well, for ECB and CBC modes anyway - OFB, CFB and CTR modes do not need padding). There are at least 5 common methods of padding used. Getting this wrong will normally just affect the last block, but if your decryption program uses the result of decrypting the last block to check for correct decryption, then it might flag an error anyway even though the rest was actually decrypted properly. If you have a problem with just the last few bytes after decryption - maybe they're always wrong or get truncated - then look at the method of padding used. See Using Padding in Cryptography.
6. Blowfish complicates matters even further because it allows a variable length key between 8 and 448 bits. DES and Triple DES always use a fixed key length, and AES has a choice of three (128, 192 or 256 bits).

All, we repeat, all these alternatives have to be agreed and used consistently by both parties. If they are all the same then it doesn't matter whether you use Visual Basic, Java, C or any other programming language to handle the encryption. Saying it's "Blowfish" is just the start.

Checklist

Plaintext character format

how plaintext characters are encoded in the bit string

Padding

how to pad the plaintext to be an exact multiple of the block size

Key length

must be agreed if there is a choice

Key derivation

how to create the bit string to be used for the key

Mode

which mode of encryption to use

Storage format

how we store the ciphertext

More information

See also our pages on:

• Cryptography with International Character Sets
• Storing and representing ciphertext
• Encrypting variable-length strings with a password: doing it properly.
• Changes to Blowfish in Visual Basic in Version 6 which discusses Strings vs Bytes and ANSI vs Unicode
• Binary and byte operations in Visual Basic
• Using Byte Arrays in Visual Basic

Contact us

To contact us or comment on this page, please send us a message.

This page last updated 17 October 2014. Minor formatting/typo edits 19 October 2020.