mirror of
https://github.com/biergaizi/codecrypt
synced 2024-06-16 03:48:19 +00:00
213 lines
7.0 KiB
Markdown
213 lines
7.0 KiB
Markdown
|
|
# Codecrypt
|
|
|
|
The post-quantum cryptography tool.
|
|
|
|
#### About
|
|
|
|
This is a GnuPG-like unix program for encryption and signing that uses only
|
|
quantum-computer-resistant algorithms:
|
|
|
|
- McEliece cryptosystem (compact QC-MDPC variant) for encryption
|
|
- Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures
|
|
|
|
Codecrypt is free software. The code is licensed under terms of LGPL3 in a good
|
|
hope that it will make combinations with other tools easier.
|
|
|
|
#### Why this?
|
|
|
|
Go read http://pqcrypto.org/
|
|
|
|
#### Links
|
|
|
|
- infopage: http://e-x-a.org/codecrypt/
|
|
- *package downloads*: http://e-x-a.org/codecrypt/files/
|
|
|
|
#### Distro packages
|
|
|
|
- Gentoo packages: https://packages.gentoo.org/packages/app-crypt/codecrypt
|
|
with current ebuild usually available at http://e-x-a.org/codecrypt/files
|
|
- Debian packages: `apt-get install codecrypt`
|
|
- Arch linux: see https://aur.archlinux.org/packages/codecrypt/
|
|
|
|
#### Documentation
|
|
|
|
There is a complete, UNIXy manual page supplied with the package. You can view
|
|
it online here: http://e-x-a.org/codecrypt/ccr.1.html
|
|
|
|
##### Used cryptography overview
|
|
|
|
To achieve the stated goal, codecrypt uses a lot of (traditional, but
|
|
"quantum-secure") cryptographic primitives. Choices of primitives were based on
|
|
easy auditability of design, simplicity and provided security.
|
|
|
|
The git repo of codecrypt contains `doc/papers` with an unsorted heap of
|
|
academic papers and slides about relevant topics.
|
|
|
|
Stream ciphers used:
|
|
|
|
- ChaCha20, the recommended choice from djb
|
|
- XSynd stream cipher as an interesting and nontraditional candidate also based
|
|
on assumptions from coding theory; used NUMS (it requires lot of NUMS) are
|
|
explained in `doc/nums` directory in the repo.
|
|
- Arcfour for initial simplicity of implementation. After recent statistical
|
|
attacks I cannot recommend using any RC4 variant anymore, but provided
|
|
padding and the "offline-only" usage of codecrypt keeps the usage mostly
|
|
secure.
|
|
|
|
CRHFs used:
|
|
|
|
- Cubehash variants were selected for implementation ease, really clean design,
|
|
quite good speed and flexibility of parameter choices. This is also the only
|
|
hash possibility when Crypto++ library is not linked to codecrypt. KeyIDs
|
|
are CUBE256 hashes of corresponding serialized public keys.
|
|
- ripemd128 for small hashes
|
|
- tiger192 is used as an alternative for Cubehash for 192bit hashes
|
|
- There's always a variant with SHA-256, SHA-384 or SHA-512.
|
|
|
|
Signature algorithms:
|
|
|
|
- FMTSeq with many possibilities and combinations of aforementioned CRHFs
|
|
- SPHINCS256 support is scheduled for next release
|
|
|
|
Encryption algorithms:
|
|
|
|
- MDPC McEliece on quasi-cyclic matrices. The implementation uses some tricks
|
|
to speedup the (pretty slow) cyclic matrix multiplication (most notably
|
|
libfftm3 in this version). For padding using the Fujisaki-Okamoto scheme, the
|
|
cipher requires a stream cipher and a CRHF, used ciphers and CRHFs are
|
|
specified in the algorithm name -- e.g. MCEQCMDPC128FO-CUBE256-CHACHA20 means
|
|
that the parameters are tuned to provide 128bit security, uses CUBE256 hash,
|
|
and ChaCha20 stream cipher.
|
|
- Quasi-dyadic McEliece was included in codecrypt as an original algorithm, but
|
|
is now broken and prints a warning message on any usage.
|
|
|
|
Caveats:
|
|
|
|
Cryptography is **not intended for "online" use**, because some algorithms
|
|
(especially the MDPC decoding) are (slightly) vulnerable to timing attacks.
|
|
|
|
## Quick How-To
|
|
|
|
Everything is meant to work mostly like GnuPG, but with some good simplicity
|
|
margin. Let's play with random data!
|
|
|
|
|
|
ccr -g help
|
|
ccr -g sig --name "John Doe" # your signature key
|
|
ccr -g enc --name "John Doe" # your encryption key
|
|
|
|
ccr -K #watch the generated keys
|
|
ccr -k
|
|
|
|
ccr -p -a -o my_pubkeys.asc -F Doe # export your pubkeys for friends
|
|
|
|
#(now you should exchange the pubkeys with friends)
|
|
|
|
#see what people sent us, possibly check the fingerprints
|
|
ccr -inaf < friends_pubkeys.asc
|
|
|
|
#import Frank's key and rename it
|
|
ccr -ia -R friends_pubkeys.asc --name "Friendly Frank"
|
|
|
|
#send a nice message to Frank (you can also specify him by @12345 keyid)
|
|
ccr -se -r Frank < Document.doc > Message_to_frank.ccr
|
|
|
|
#receive a reply
|
|
ccr -dv -o Decrypted_verified_reply.doc <Reply_from_frank.ccr
|
|
|
|
#rename other's keys
|
|
ccr -m Frank -N "Unfriendly Frank"
|
|
|
|
#and delete pukeys of everyone who's Unfriendly
|
|
ccr -x Unfri
|
|
|
|
#create hashfile from a large file
|
|
ccr -sS hashfile.ccr < big_data.iso
|
|
|
|
#verify the hashfile
|
|
ccr -vS hashfile.ccr < the_same_big_data.iso
|
|
|
|
#create (ascii-armored) symmetric key and encrypt a large file
|
|
ccr -g sha256,chacha20 -aS symkey.asc
|
|
ccr -eaS symkey.asc -R big_data.iso -o big_data_encrypted.iso
|
|
|
|
#decrypt a large file
|
|
ccr -daS symkey.asc <big_data_encrypted.iso >big_data.iso
|
|
|
|
#password-protect all your private keys
|
|
ccr -L
|
|
|
|
#protect a symmetric key using another symmetric key
|
|
ccr -L -S symkey1 -w symkey2
|
|
|
|
#password-protect symkey2 with a custom cipher
|
|
ccr -L -S symkey2 -w @xsynd,cube512
|
|
|
|
## Option reference
|
|
|
|
For completeness I add listing of all options here (also available from
|
|
`ccr --help`)
|
|
|
|
Usage: ./ccr [options]
|
|
|
|
Common options:
|
|
-h, --help display this help
|
|
-V, --version display version information
|
|
-T, --test perform (probably nonexistent) testing/debugging stuff
|
|
|
|
Global options:
|
|
-R, --in set input file, default is stdin
|
|
-o, --out set output file, default is stdout
|
|
-E, --err the same for stderr
|
|
-a, --armor use ascii-armored I/O
|
|
-y, --yes assume that answer is `yes' everytime
|
|
|
|
Actions:
|
|
-s, --sign sign a message
|
|
-v, --verify verify a signed message
|
|
-e, --encrypt encrypt a message
|
|
-d, --decrypt decrypt an encrypted message
|
|
|
|
Action options:
|
|
-r, --recipient encrypt for given user
|
|
-u, --user use specified secret key
|
|
-C, --clearsign work with cleartext signatures
|
|
-b, --detach-sign specify file with detached signature
|
|
-S, --symmetric enable symmetric mode of operation where encryption
|
|
is done using symmetric cipher and signatures are
|
|
hashes, and specify a filename of symmetric key or hashes
|
|
|
|
Key management:
|
|
-g, --gen-key generate keys for specified algorithm
|
|
-g help list available cryptographic algorithms
|
|
-k, --list list the contents of keyring
|
|
-K, --list-secret
|
|
-i, --import import keys
|
|
-I, --import-secret
|
|
-p, --export export keys
|
|
-P, --export-secret
|
|
-x, --delete delete matching keys
|
|
-X, --delete-secret
|
|
-m, --rename rename matching keys
|
|
-M, --rename-secret
|
|
-L, --lock lock secrets
|
|
-U, --unlock unlock secrets
|
|
|
|
Key management options:
|
|
-F, --filter only work with keys with matching names
|
|
-f, --fingerprint format full key IDs nicely for human eyes
|
|
-N, --name specify a new name for renaming or importing
|
|
-n, --no-action on import, only show what would be imported
|
|
-w, --with-lock specify the symmetric key for (un)locking the secrets
|
|
-w @SPEC ask for password and expand it to a symmetric key
|
|
of type SPEC for (un)locking the secret
|
|
|
|
|
|
## Disclaimer
|
|
|
|
Codecrypt eats data. Use it with caution. Read the F manual.
|
|
|
|
Author is a self-taught cryptographer.
|
|
|