When I wrote the (strangely popular for a brief period) del.icio.us privacy hack I used the first javascript blowfish implementation I found. Since it was a quick hack I didn't take a good look at the code, but certain things (like the key, cleartext, and ciphertext all being global variables rather than function arguments) didn't feel right.

I cleaned up the code, making it about 250 lines lighter, and changed the interface to be much like Perl's Crypt::Blowfish module. Example:

<script src="http://dren.ch/js/blowfish.js" type="text/javascript"></script>
<script type="text/javascript">

var bf = new Blowfish('some key');
var ciphertext = bf.encrypt('some plaintext');
var plaintext = bf.decrypt('some encrypted text');

</script>

New versions of the encrypt/decrypt delicious bookmarklets using this library are coming soon. Maybe.

I'd appreciate hearing from anyone who knows how to get this code to interoperate with openssl (that is, take something crypted with this and decrypt it with "openssl bf" and vice-versa). See below for an update!

April 12, 2007: Bugfix release

There was a bug where multiple Blowfish objects were interfering with each other (the bug itself may be the subject of a future post). Thanks to 'Tomasz Sz.' for spotting this.

January 19, 2008:

Thanks to J Nash for making a version compatible with Crypt::Blowfish! PHP interoperability shouldn't be far away (if not already there).