The post-quantum cryptography tool.
This is a GnuPG-like unix program for encryption and signing that uses only
quantum-computer-resistant algorithms:
Codecrypt is free software. The code is licensed under terms of LGPL3 in a good
hope that it will make combinations with other tools easier.
Go read http://pqcrypto.org/
apt-get install codecrypt
Language wrappers:
There is a complete, UNIXy manual page supplied with the package. You can view
it online here: http://e-x-a.org/codecrypt/ccr.1.html
To achieve the stated goal, codecrypt uses a lot of (traditional, but
"quantum-secure") cryptographic primitives. Choices of primitives were based on
easy auditability of design, simplicity and provided security.
The git repo of codecrypt contains doc/papers
with an unsorted heap of
academic papers and slides about relevant topics.
Stream ciphers used:
doc/nums
directory in the repo.CRHFs used:
Signature algorithms:
Encryption algorithms:
Caveats:
Cryptography is not intended for "online" use, because some algorithms
(especially the MDPC decoding) are (slightly) vulnerable to timing attacks.
Everything is meant to work mostly like GnuPG, but with some good simplicity
margin. Let's play with random data!
ccr -g help ccr -g sig --name "John Doe" # your signature key ccr -g enc --name "John Doe" # your encryption key ccr -K #watch the generated keys ccr -k ccr -p -a -o my_pubkeys.asc -F Doe # export your pubkeys for friends #(now you should exchange the pubkeys with friends) #see what people sent us, possibly check the fingerprints ccr -inaf < friends_pubkeys.asc #import Frank's key and rename it ccr -ia -R friends_pubkeys.asc --name "Friendly Frank" #send a nice message to Frank (you can also specify him by @12345 keyid) ccr -se -r Frank < Document.doc > Message_to_frank.ccr #receive a reply ccr -dv -o Decrypted_verified_reply.doc <Reply_from_frank.ccr #rename other's keys ccr -m Frank -N "Unfriendly Frank" #and delete pukeys of everyone who's Unfriendly ccr -x Unfri #create hashfile from a large file ccr -sS hashfile.ccr < big_data.iso #verify the hashfile ccr -vS hashfile.ccr < the_same_big_data.iso #create (ascii-armored) symmetric key and encrypt a large file ccr -g sha256,chacha20 -aS symkey.asc ccr -eaS symkey.asc -R big_data.iso -o big_data_encrypted.iso #decrypt a large file ccr -daS symkey.asc <big_data_encrypted.iso >big_data.iso #password-protect all your private keys ccr -L #protect a symmetric key using another symmetric key ccr -L -S symkey1 -w symkey2 #password-protect symkey2 with a custom cipher ccr -L -S symkey2 -w @xsynd,cube512
For completeness I add listing of all options here (also available from ccr --help
)
Usage: ./ccr [options] Common options: -h, --help display this help -V, --version display version information -T, --test perform (probably nonexistent) testing/debugging stuff Global options: -R, --in set input file, default is stdin -o, --out set output file, default is stdout -E, --err the same for stderr -a, --armor use ascii-armored I/O -y, --yes assume that answer is `yes' everytime Actions: -s, --sign sign a message -v, --verify verify a signed message -e, --encrypt encrypt a message -d, --decrypt decrypt an encrypted message Action options: -r, --recipient encrypt for given user -u, --user use specified secret key -C, --clearsign work with cleartext signatures -b, --detach-sign specify file with detached signature -S, --symmetric enable symmetric mode of operation where encryption is done using symmetric cipher and signatures are hashes, and specify a filename of symmetric key or hashes Key management: -g, --gen-key generate keys for specified algorithm -g help list available cryptographic algorithms -k, --list list the contents of keyring -K, --list-secret -i, --import import keys -I, --import-secret -p, --export export keys -P, --export-secret -x, --delete delete matching keys -X, --delete-secret -m, --rename rename matching keys -M, --rename-secret -L, --lock lock secrets -U, --unlock unlock secrets Key management options: -F, --filter only work with keys with matching names -f, --fingerprint format full key IDs nicely for human eyes -N, --name specify a new name for renaming or importing -n, --no-action on import, only show what would be imported -w, --with-lock specify the symmetric key for (un)locking the secrets -w @SPEC ask for password and expand it to a symmetric key of type SPEC for (un)locking the secret
Codecrypt eats data. Use it with caution. Read the F manual.
Author is a self-taught cryptographer.