I have some ciphertext that has been encrypted using Perl’s Crypt::CBC module that I wish to decrypt elsewhere.

The ciphertext was generated using the ‘simple’ version of the Crypt::CBC constructor, that is:

use Crypt::CBC;
$cipher = Crypt::CBC->new( -key    => 'my secret key',
                           -cipher => 'Blowfish'
                          );

From reading the MAN page, this method of construction will take the simple string key and random salt to generate an IV & literal key to use for encryption, as well as embed a header with the salt.

“salt” — Combine the passphrase with
an 8-byte random value to
generate both the block cipher key and the IV from the
provided passphrase. The salt will be appended to the
beginning of the data stream allowing decryption to
regenerate both the key and IV given the correct passphrase.
This method is compatible with current versions of OpenSSL.

I now need to decrypt the ciphertext on another platform that only supports CBC decryption given the ciphertext, a literal key & IV. To attempt to generate the literal key, IV & salt, I used Crypt::CBC to generate the values like so:

my $crypt = new Crypt::CBC(-key => 'my secret key', -cipher => 'Blowfish');
my $out = $crypt->decrypt($ciphertext);
my $literal_key = $crypt->key();
my $iv = $crypt->iv();
my $salt = $crypt->salt();

The decryption here is correct, but I’ve been unable to use the generated literal key & IV to decrypt the cipher; this produces rubbish:

my $crypt2 = new Crypt::CBC(
    -literal_key => 1,
    -key => $literal_key,
    -cipher => 'Blowfish',
    -iv => $iv,
    -header => 'none');
my $rubbish - $crypt2->decrypt($ciphertext);

I can’t provide a literal key and use a salted header so I’m lost as to the next move.

How can I decrypt this text?

EDIT: The target system is not running Perl, but I have been able to generate the identical value as in $rubbish above, so I’m sure it’s using the same algorithm (CBC, Blowfish) to decipher.