Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)

gwen hastings gwen at cypherpunks.to
Fri Jan 10 04:49:43 PST 2014 

Thanks Stef!!

Great we have another alternative for those that prefer  curve p25519
implementations in python.

And for now I will be testing pcp as I prefer conventionally compiled
and linked code for crypto I use in C/C++.

I will have to see about static linking for pcp :)


More Contenders for curve 25519 replacements to gnupg and openpgp crypto?


     All the best and Thanx for making us aware of PBP
     GH
ps can you see about compatibility testing PBP with enigmail/thunderbird?

On 1/10/14 4:21 AM, stef wrote:
> On Fri, Jan 10, 2014 at 04:13:29AM -0800, gwen hastings wrote:
>> From the README...
>>
>> DESCRIPTION
>>
>> Pretty Curved Privacy (pcp1) is a commandline utility which can be used
>> to encrypt files. pcp1 uses eliptc curve cryptography for encryption
>> (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
>> accepted standard it hasn't been compromised by the NSA - which might be
>> better, depending on your point of view.
> 
> sounds like my pbp: 
> https://github.com/stef/pbp
> except with a 'c' and less features, from the readme:
> 
> v0.2 - experimental
> 
> PBP[0] is a simple python wrapper and a command line interface around
> libsodium, to provide basic functionality resembling PGP. It uses
> scrypt for a KDF and a much simpler packet format, which should be
> much harder to fingerprint, pbp also provides an experimental forward
> secrecy mode and a multi-party DH mode.
> 
> Installation
> 
> pip install pbp
> 
> you possibly need to run (or an equivalent command) sudo apt-get install git
> python-virtualenv gcc python-dev libffi-dev to satisfy all basic dependencies.
> 
> Design goals:
> 
>  1. use modern crypto
>  2. provide similar functionality to PGP
>  3. be extensible
>  4. difficult to identify based on fingerprinting
>  5. provide extensive testing
>  6. strive for security
> 
> Crypto
> 
> Cryptographic primitives are based on the NaCl library from
> http://nacl.cr.yp.to. The KDF used is scrypt.
> 
> PGP-like
> 
> Provides basic public key encrypt/decrypt, sign/verify and secret key
> encrypt/decrypt modes, as well as the ability to sign, verify, list,
> generate, export and import keys.
> 
> Extensibility
> 
> using pbp and the underlying pysodium[1] library it's easy to extend
> pbp.  Some examples are the experimental forward secrecy mode (see
> description in docs/chaining-dh.txt), the support for ECDH key
> exchanges from the command-line and generation of arbitrarily large
> random byte streams.
> 
> [1] https://github.com/stef/pysodium also available on
>     https://pypi.python.org/pypi/pysodium
> 
> Fingerprinting
> 
> pbp tries to avoid to store any sensitive plaintext info, the
> encrypted files all should look like random noise. for a description
> of the packet formats see docs/fileformats.txt.
> 
> Testing
> 
> All py files come with their internal tests, unit tests are in
> tests.py, and commandline functionality is tested in test.sh.
> 
> Security
> 
> pbp locks the process memory, so it cannot be swapped to disk. Also
> pbp uses SecureString[2] to overwrite sensitive key material after
> usage in memory, so keys have a short window of opportunity to leak.
> 
> [2] https://github.com/dnet/pysecstr
> 
> Usage
> 
> Generate a key
> 
>    pbp -g -n alice
> 
> sending howdy.txt using public key encryption from alice to bob
> 
>    pbp -c -S alice -r bob -i howdy.txt
> 
> decrypt an encrypted file using public key crypto
> 
>    pbp -d -S bob -i howdy.txt.pbp
> 
> sending howdy.txt using secret key encryption
> 
>    pbp -c -i howdy.txt
> 
> decrypt an encrypted file using secret key crypto
> 
>    pbp -d -i howdy.txt.pbp
> 
> sign howdy.txt
> 
>    pbp -s -S alice -i /howdy.txt
> 
> verify howdy.txt
> 
>    pbp -v -i howdy.txt.sig
> 
> sign bobs key
> 
>    pbp -m -S alice -n bob
> 
> check sigs on carols key
> 
>    pbp -C -n carol
> 
> alice encrypts howdy.txt to bob using experimental forward secret mode
> 
>    pbp -e -S alice -r bob -i howdy.txt -o ./secret-message
> 
> bob decrypts howdy.txt from alice using experimental forward secret mode
> 
>    pbp -E -S bob -r alice -i ./secret-message
> 
> initiate ECDH key exchange
> 
>    pbp -D1
> 
> respond to ECDH key exchange
> 
>    pbp -D2 -Dp 'public component from D1'
> 
> finish ECDH key exchange
> 
>   pbp -D3 -Dp 'public component from D2' -De 'secret exponent from D1'
> 
> random streaming 23GByte of cryptographic randomness
> 
>   pbp -R -Rs 23G -o /mnt/huge_fs/random_data
> 
> participate in a 4-way DH exchange, 1st message
> 
>   pbp -Ds -Dp 4 -S alice -n 'friends001' -i oldkeychain -o newkeychain
> 
> participate in a 4-way DH exchange, 2nd message
> 
>   pbp -De -S alice -n 'friends001' -i oldkeychain -o newkeychain
> 
> this is one big pipe that creates a 3-way ECDH secret between alice, bob and carol:
> 
>   pbp -Ds -S alice -Dp 3 -n 'test-dh' -i /dev/null |
>    pbp -Ds -S bob -Dp 3 -n 'test-dh' |
>    pbp -Ds -S carol -Dp 3 -n 'test-dh' |
>    pbp -De -S alice -Dp 3 -n 'test-dh' |
>    pbp -De -S bob -Dp 3 -n 'test-dh'
> 
> of course instead of a pipe you could use any kind of transport mechanism
> 
> (c) 2013, stf <s at ctrlc.hu>, dnet vsza at vsza.hu, AGPLv3.0+
> 
> [0] also it's very funny to say pbp with a mouth full of dry cookies.
> don't try this in company!
> 
> 
> 
> 


-- 
Tentacle #99

ecc public key curve p25519(pcp 0.15)

1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910

Governments are instituted among men,
 deriving their just powers from the consent of the governed,
that whenever any form of government becomes destructive
of these ends, it is the right of the people to alter or
 abolish it, and to institute new government, laying its
 foundation on such principles, and organizing its powers
 in such form, as to them shall seem most likely to effect
 their safety and happiness.’

https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli)

More information about the cypherpunks mailing list