This is REALfish by Matt Neuburg, matt@tidbits.com, http://www.tidbits.com/matt/. It is an expression in REALbasic of the standard blowfish encryption algorithm (with a key of maximally 448 bits). Two test vectors are provided to demonstrate the correctness of the algorithm.
Three extra features are included. First, it can be clumsy to have to maintain a 448-bit key, so hashing is used to allow you to derive your key from a username-password pair. Thanks to Matthijs van Duin for the SHA1 hashing class.
Second, if you receive a blowfish-encoded email message in Eudora, the Get From Eudora button allows you to decode it in place.
Third, REALfish can be driven by Apple events or AppleScript, so other applications (such as Frontier) can use it to perform encryption and decryption. Look at the handleAppleEvent routine in the source to see the form these Apple events need to take. For AppleScript, use the internal dictionary and/or the example script provided.
For those who don't know about blowfish encryption, the chief thing to understand is that the key (whether entered manually or derived from a username-password pair) must be used to generate internal "subkeys" before any encryption or decryption can be performed. Once you have made the subkeys, though, they are retained, so you can continue encrypting or decrypting with that key as long as you like. To enforce this, the interface disables encryption and decryption any time the key changes, until you press the Make Subkeys button.
The key may be normal or enhexed. A normal key might be "life is like a sewer". The problem with this is that it doesn't use a very wide variety of characters. An enhexed key, on the other hand, can use all 256 characters, including the non-printables, because every byte is expressed as a two-digit hex string rather than an ascii character. You have to tell the interface which kind of key you are using; the hashed key generated from the username-password pair is enhexed, and the interface reflects this automatically.
The ciphertext is always enhexed. This makes it suitable for sending across the Internet, for example, because it is represented entirely as visible low-ascii characters, and any invisibles that are introduced by e.g. email transmission (such as line breaks) may be confidently deleted before deciphering.
REALfish is free for your enjoyment, but you mustn't try to make any money with it.
matt neuburg, phd = matt@tidbits.com, http://www.tidbits.com/matt
