-----BEGIN PGP SIGNED MESSAGE----- This is a program i found on unimi that offers secure socket connections, utilitizing a simple server/client. It can be installed without root priveledges and uses d/h for key transfers. Anyone looked this package over, and if so what is your oppinion about it? Included below is the THEORY file that describes the key exchange: The encryption negotiation is performed using a protocol similar to FTP/SMTP/NNTP. The client sends commands to the server and the server returns a four-digit response code. Unless stated otherwise, all numbers in this document are hexadecimal with the most significant byte first. When a connection is initiated, the server should send a 2000 response indicating that it is ready to accept commands. Commands: DH3DES - Diffie-Hellman Key exchange followed by Triple-DES encryption If supported, 3001 is returned. The following commands are then expected: MOD - If an argument is supplied, it is the number, in hexadecimal, to use as the modulus. Responses: 2210 - okay 4031 - invalid number 4032 - too small 4033 - too large If no argument is given, the server should supply the modulus, sending 2211 followed by the modulus. If the server is unable to supply a modulus, 4034 should be returned. GEN - this should follow MOD. The generator to use. The format is the same as that of the MOD command. The response codes are 2210, 2211, 4031 or 4034 EXCH - Key exchange Client sends exch followed by gen raised to hir secret exponent. Server sends 4030 if a gen/mod has not been agreed upon. otherwise 2212 followed by gen raised to its exponent ENCR - Begin encrypted Session 4020 - No key selected for encryption 2300 - Encrypted session begin LPORT xxxx - this command takes a 16-bit hexadecimal port number argument, and connects to the specified TCP port on the local host. Responses: 2400 - connected 4010 - Unable to connect 4011 - Access denied RPORT xxxxxxxxxxxx - Connect to remote port The argument to this command is a 48-bit hexadecimal number representing the IP address and port number to connect to. The response should be first 2500, then when the connection has been attempted: 2400 - connected 4010 - Unable to connect 4011 - Access denied QUIT - quit Response: 2100 - Goodbye Summary of error codes: 1xxx - informational messages 10xx - server is supplying additional information that the client may ignore. 11xx - server is responding to a client's request for information 2xxx - okay 20xx - Server is ready 21xx - Disconnect, goodbye 22xx - Command okay 23xx - Encrypted session begins now 24xx - Session with another service begins now 25xx - Command ok, operation in progress, please wait 3xxx - ok so far, send the rest 4xxx - command was okay but could not be processed 5xxx - command not understood or not implemented Triple-DES The triple DES encryption uses output feedback exclusive-ored with a non-sequential counter. There are three counters, each of which is exclusive-ored with the data block before encryption with the corresponding key. The counters are incremented in each round by a shared, secret value which is part of the total key. The result of each round of encryption is exclusive-ored with the data stream. I0 ------ ----- | | | I1 ----- | ---A1------- | ---> \ | | \ | --XOR | --XOR | | | E1 | E1 | | | I2 ----- | ---A2------- | ---> \ | | \ | --XOR | --XOR | | | E2 | E2 | | | I3 ----- | ---A3------- | ---> \ | | \ | --XOR | --XOR | | | E3-------^ E3-------^ | | v v XOR with data stream I0 - Initialization Vector I1 - Initialization of counter 1 I2 - Initialization of counter 2 I3 - Initialization of counter 3 E1 - Encryption with Key 1 E2 - Encryption with Key 2 E3 - Encryption with Key 3 A1 - Add increment value 1 A2 - Add increment value 2 A3 - Add increment value 3 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMh219rGlo8DEMb2JAQEzWgP/VpcWiL8+UN+7l7wCtUr6N5Bk4iqG5fYq Jb9ImvVA3h2k8cGz/ETBQW/3H9GA9jCsqzLrgcUewAa8CgdmhPoVE04e2scAxp4l y2peJlQmakCl2RCKHJZPTTaOLnsBU4NCZxwW8Q4xeUb0KBYfiW9XeULleyhhfsO2 n7XYpc4XhaY= =vGhK -----END PGP SIGNATURE-----