I did a little testing with Blowfish encoding and noticed something. The encoded string is not always as long as the source string. it is shorter sometimes.
If i want to decode a encoded string i need the length to decode in the openssl function:
BF_cfb64_encrypt(encoded_input,decoded_output,length_to_decode,&key,iv,&num,BF_DECRYPT);
The problem here is that i don’t have the length_to_decode if i don’t know the length of the source string. if i use the length of the decoded string as length_to_decode then this may be too short.
If i use a bigger length then the decoded string is not correct. So do i need to know the length to decode with blowfish encoding?
in all the example code on the internet encoding and decoding always takes place in one function and the decoding example use hard coded length for decoding. but in real life i don’t know the length of the encoded string and what then?
here is an example:
source string: sdcfgssssssss
source length: 13
encryption key: s
encrypted output: :‹(
encrypted length: 4
I init my key like this:
BF_KEY key;
const char * keyStr = "s";
BF_set_key(&key, strlen(keyStr), (const unsigned char *)keyStr);
The length of the output is identical to the length of the input. Do note that the output data may contain NUL characters, so you should not use
strlenon the data.