Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

network security
aes
encryption
openssl
block cipher

What is CFB?

Anusheh Zohair Mustafeez

Overview

CFB (short for cipher feedback) is an AESAdvanced Encryption Standard block cipher mode similar to the CBC mode in the sense that for the encryption of a block, Bi, the cipher of the previous block, Ci-1 is required. CFB also makes use of an initialization vectora fixed-size input used to introduce randomization like CBC. The main difference is that in CFB, the ciphertext block of the previous block is encrypted first and then XOR-ed with the block in focus.

To understand this better, let’s visualise CFB in the form of a formula:

Ci = EK(Ci-1) ⊕ Bi
where EK denotes the block encryption algorithm using key K and Ci-1 is the cipher corresponding to Bi-1.

Note: In the formula above, we are assuming C0 to be the initialization vector.

Similarly, decryption using the CFB can be depicted as:

Bi = EK(Ci-1)⊕(Ci)

It is essential to note that the decryption algorithm is not used here.

Advantages and disadvantages of using the CFB mode

The main advantage of the CFB mode is that, since it doesn’t use a decryption algorithm, it is generally faster than the CBC mode. CFB encryption is also non-deterministic, which means it does not reveal any patterns the plaintext may have.

The disadvantages of CFB are identical to those of the CBC mode. The encryption cannot tolerate block losses, nor can multiple blocks be encrypted in parallel. However, decryption is both loss-tolerant and can be parallelized.

CFB encryption using OpenSSL

The OpenSSL toolkit provides a set of simple commands to encrypt using AES modes. The template command for encrypting a 128-bit AES with CFB mode is:

openssl enc -aes-128-cfb -e -in inputfile.txt -out cipher.bin -K
00112233445566778889aabbccddeeff -iv 0102030405060708

In the command above, we will enter the name of the file we want to encrypt after the -in flag, and the name and format of the output file after the -out flag. The hex value of the encryption key should be provided after the -K flag, and the hex value of the initialization vector should be provided after the -iv flag.

RELATED TAGS

network security
aes
encryption
openssl
block cipher

CONTRIBUTOR

Anusheh Zohair Mustafeez
Copyright ©2022 Educative, Inc. All rights reserved
RELATED COURSES

View all Courses

Keep Exploring