How can I decrypt blowfish encrypted string without using OpenSSL in Mac OS 10.5/10.6

Question

My application is currently using SSCrypto.framework to decrypt a string encrypted with Blowfish. SSCrypto utilizes OpenSSL which is a new problem for me. Using the 10.6 base SDK while targeting 10.5 doesn't seem to work. The issue is explained in this Apple Mailing List thread: http://lists.apple.com/archives/Cocoa-dev/2009/Aug/msg01737.html

I have to use Blowfish or all copies currently in the field would stop working once they were updated (they rely on a previously stored Blowfish encrypted string which they have to be able to decrypt and verify).

Answer 1

Blowfish is simple and common enough that you may be able to easily embed your own copy of the algorithm.

Answer 2

OpenSSL has a very permissive license, so just link it into your app as a static library. You should then still be able to use the SSCrypto framework, or you can just call the OpenSSL libcrypto routines directly.

Step 1: Build openssl from source: Download OpenSSL

Step 2: Add a header search path to Xcode, pointing to the OpenSSL include directory for the source tree you built

Step 3: Link against libcrypto.a. Note: to prevent XCode from linking against the system's dynamic copy of libcryto, do NOT add libcrypto.a to your XCode project. If you do, that will add a -lcrypto to the linker command, and the linker will resolve that by looking for a dynamic library first (which it will find in /usr/lib - exactly what you don't want)

Instead, put the full path to the library in "Other Linker Flags"

Step 4: Build.