Omnis Technical Note TNEX0005 February 2019

Implementing padding in Blowfish Encryption

For Omnis Studio 8.x
By Andrei Augustin, Tech Support


Security is very important nowadays and Blowfish is one of the widely-used ciphers for password and text encryption. Omnis Studio offers a Blowfish external object which brings all the encryption and decryption features to your Omnis application.

The problem

Incorrect decryption can occur when you integrate Omnis with a third-party Blowfish encryption/decryption application that uses padding. For example, if you encrypt a string in a third-party application and try to decrypt the output within Omnis with the same key, there is a chance that the decrypted string will be incorrect. This opposite can occur when you encrypt a string with Blowfish within Omnis and try to decrypt the output in a third-party application.

The cause

This issue is caused by the Blowfish external component within Omnis Studio 8.1.x. The problem lies in the fact that the external component is not generating or expecting any padding when encrypting or decrypting. For example, in this Technical Note, I will be using a simple online tool which adds the PKCS5 padding and outputs the value in HEX.

The solution

In order to overcome this issue and successfully integrate Omnis Studio 8.1.x's Blowfish capabilities with third-party software, we can manually add padding when encrypting or decrypting the data.

The following method shows how to encrypt your string with the Blowfish external component and how to add the necessary padding for PKCS5:

Do oBlowFish.$initkey(chartoutf8(pKey))
Calculate lBin as chartoutf8(pTextC)
Calculate lBinLength as binlength(lBin)
Calculate lPadding as 8-mod(lBinLength,8)
If lPadding=0
  Calculate lPadding as 8
End If
For lNum from 1 to lPadding step 1
  Do byteset(lBin,lBinLength+lNum-1,lPadding)
End For
Do oBlowFish.$encrypt(lBin,0) Returns lSecretTextBin
Quit method bintohex(lSecretTextBin)

When calling the above method, a character string will be returned containing your initial string encrypted with Blowfish using PKCS5 padding.

The following method shows how to decrypt your string with the Blowfish external component and how to add the necessary padding for PKCS5:

Calculate lSecretTextBin as binfromhex(pTextC)
Do oBlowFish.$initkey(chartoutf8(pKey))
Do oBlowFish.$decrypt(lSecretTextBin,0) Returns lSecretTextBin
Calculate lBinLength as binlength(lSecretTextBin)
Calculate lPadding as bytemid(lSecretTextBin,lBinLength-1,lBinLength-1)
Do byteset(lPadding,3,0)
Do bitshiftr(lPadding,24)
Calculate lPaddingValue as bintoint32(lPadding)
Calculate lSecretTextBin as bytemid(lSecretTextBin,0,lBinLength-lPaddingValue-1)
Calculate lTextC as utf8tochar(lSecretTextBin)
Quit method lTextC

When calling the above method, a character string will be returned containing your decryption result.


You can download an Omnis 8.1.x library which integrates this solution from here:

Encryption in Studio 10

For Omnis Studio 10, there is a new property, $padding, in the Blowfish object to allow you to specify the type of padding to use when encrypting data. The $padding property is a constant (kBlowFishPadding...) that indicates the type of padding to use when encrypting or expect when decrypting (default kBlowFishPaddingNone). A value other than kBlowFishPaddingNone is ignored if you specify a length header. Valid values of the padding constant are kBlowFishPaddingNone (use or expect no padding) and kBlowFishPaddingPKCS5 (use or expect PKCS5 padding).

The presence of PKCS5 padding allows the code decrypting the data to correctly restore its length, without requiring the non-standard length header. This allows the BlowFish object to be used to encrypt data to be passed to applications other than Omnis: these applications (assuming they have the key) can decrypt the data and set its length correctly.

In Omnis Studio 10 there is a further possibility for using encryption. A new CRYPTO Worker Object has been added to the OW3 Worker Objects external package to allow you to perform encryption and decryption of data. The encryption types you can use include AES, Camellia, DES, and Blowfish.
For more information about these features in Studio 10, please see our website:


Search Omnis Developer Resources


Hit enter to search