Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)

stef s at
Fri Jan 10 04:21:34 PST 2014

On Fri, Jan 10, 2014 at 04:13:29AM -0800, gwen hastings wrote:
> From the README...
> Pretty Curved Privacy (pcp1) is a commandline utility which can be used
> to encrypt files. pcp1 uses eliptc curve cryptography for encryption
> (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
> accepted standard it hasn't been compromised by the NSA - which might be
> better, depending on your point of view.

sounds like my pbp:
except with a 'c' and less features, from the readme:

v0.2 - experimental

PBP[0] is a simple python wrapper and a command line interface around
libsodium, to provide basic functionality resembling PGP. It uses
scrypt for a KDF and a much simpler packet format, which should be
much harder to fingerprint, pbp also provides an experimental forward
secrecy mode and a multi-party DH mode.


pip install pbp

you possibly need to run (or an equivalent command) sudo apt-get install git
python-virtualenv gcc python-dev libffi-dev to satisfy all basic dependencies.

Design goals:

 1. use modern crypto
 2. provide similar functionality to PGP
 3. be extensible
 4. difficult to identify based on fingerprinting
 5. provide extensive testing
 6. strive for security


Cryptographic primitives are based on the NaCl library from The KDF used is scrypt.


Provides basic public key encrypt/decrypt, sign/verify and secret key
encrypt/decrypt modes, as well as the ability to sign, verify, list,
generate, export and import keys.


using pbp and the underlying pysodium[1] library it's easy to extend
pbp.  Some examples are the experimental forward secrecy mode (see
description in docs/chaining-dh.txt), the support for ECDH key
exchanges from the command-line and generation of arbitrarily large
random byte streams.

[1] also available on


pbp tries to avoid to store any sensitive plaintext info, the
encrypted files all should look like random noise. for a description
of the packet formats see docs/fileformats.txt.


All py files come with their internal tests, unit tests are in, and commandline functionality is tested in


pbp locks the process memory, so it cannot be swapped to disk. Also
pbp uses SecureString[2] to overwrite sensitive key material after
usage in memory, so keys have a short window of opportunity to leak.



Generate a key

   pbp -g -n alice

sending howdy.txt using public key encryption from alice to bob

   pbp -c -S alice -r bob -i howdy.txt

decrypt an encrypted file using public key crypto

   pbp -d -S bob -i howdy.txt.pbp

sending howdy.txt using secret key encryption

   pbp -c -i howdy.txt

decrypt an encrypted file using secret key crypto

   pbp -d -i howdy.txt.pbp

sign howdy.txt

   pbp -s -S alice -i /howdy.txt

verify howdy.txt

   pbp -v -i howdy.txt.sig

sign bobs key

   pbp -m -S alice -n bob

check sigs on carols key

   pbp -C -n carol

alice encrypts howdy.txt to bob using experimental forward secret mode

   pbp -e -S alice -r bob -i howdy.txt -o ./secret-message

bob decrypts howdy.txt from alice using experimental forward secret mode

   pbp -E -S bob -r alice -i ./secret-message

initiate ECDH key exchange

   pbp -D1

respond to ECDH key exchange

   pbp -D2 -Dp 'public component from D1'

finish ECDH key exchange

  pbp -D3 -Dp 'public component from D2' -De 'secret exponent from D1'

random streaming 23GByte of cryptographic randomness

  pbp -R -Rs 23G -o /mnt/huge_fs/random_data

participate in a 4-way DH exchange, 1st message

  pbp -Ds -Dp 4 -S alice -n 'friends001' -i oldkeychain -o newkeychain

participate in a 4-way DH exchange, 2nd message

  pbp -De -S alice -n 'friends001' -i oldkeychain -o newkeychain

this is one big pipe that creates a 3-way ECDH secret between alice, bob and carol:

  pbp -Ds -S alice -Dp 3 -n 'test-dh' -i /dev/null |
   pbp -Ds -S bob -Dp 3 -n 'test-dh' |
   pbp -Ds -S carol -Dp 3 -n 'test-dh' |
   pbp -De -S alice -Dp 3 -n 'test-dh' |
   pbp -De -S bob -Dp 3 -n 'test-dh'

of course instead of a pipe you could use any kind of transport mechanism

(c) 2013, stf <s at>, dnet vsza at, AGPLv3.0+

[0] also it's very funny to say pbp with a mouth full of dry cookies.
don't try this in company!

pgp fp: FD52 DABD 5224 7F9C 63C6  3C12 FC97 D29F CA05 57EF
otr fp:

More information about the cypherpunks mailing list