Package Crypto :: Package Cipher :: Module Blowfish
[frames] | no frames]

Module Blowfish

Blowfish symmetric cipher

Blowfish is a symmetric block cipher designed by Bruce Schneier.

It has a fixed data block size of 8 bytes and its keys can vary in length from 32 to 448 bits (4 to 56 bytes).

Blowfish is deemed secure and it is fast. However, its keys should be chosen to be big enough to withstand a brute force attack (e.g. at least 16 bytes).

As an example, encryption can be done as follows:

>>> from Crypto.Cipher import Blowfish
>>> from Crypto import Random
>>> from struct import pack
>>> bs = Blowfish.block_size
>>> key = b'An arbitrarily long key'
>>> iv =
>>> cipher =, Blowfish.MODE_CBC, iv)
>>> plaintext = b'docendo discimus '
>>> plen = bs - divmod(len(plaintext),bs)[1]
>>> padding = [plen]*plen
>>> padding = pack('b'*plen, *padding)
>>> msg = iv + cipher.encrypt(plaintext + padding)
Blowfish cipher object
new(key, *args, **kwargs)
Create a new Blowfish cipher
  MODE_ECB = 1
Electronic Code Book (ECB). See blockalgo.MODE_ECB.
  MODE_CBC = 2
Cipher-Block Chaining (CBC). See blockalgo.MODE_CBC.
  MODE_CFB = 3
Cipher FeedBack (CFB). See blockalgo.MODE_CFB.
  MODE_PGP = 4
This mode should not be used.
  MODE_OFB = 5
Output FeedBack (OFB). See blockalgo.MODE_OFB.
  MODE_CTR = 6
CounTer Mode (CTR). See blockalgo.MODE_CTR.
OpenPGP Mode. See blockalgo.MODE_OPENPGP.
  block_size = 8
Size of a data block (in bytes)
  key_size = xrange(4, 57)
Size of a key (in bytes)
Function Details

new(key, *args, **kwargs)

Create a new Blowfish cipher
  • key (byte string) - The secret key to use in the symmetric cipher. Its length can vary from 4 to 56 bytes.
  • mode (a MODE_* constant) - The chaining mode to use for encryption or decryption. Default is MODE_ECB.
  • IV (byte string) - The initialization vector to use for encryption or decryption.

    It is ignored for MODE_ECB and MODE_CTR.

    For MODE_OPENPGP, IV must be block_size bytes long for encryption and block_size +2 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext). It is mandatory.

    For all other modes, it must be block_size bytes longs. It is optional and when not present it will be given a default value of all zeroes.

  • counter (callable) - (Only MODE_CTR). A stateful function that returns the next counter block, which is a byte string of block_size bytes. For better performance, use Crypto.Util.Counter.
  • segment_size (integer) - (Only MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
a BlowfishCipher object