scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

added support for self-encryption mode, updated POD accordingly.

Browse Source
This commit is contained in:
git@daemon.de
2013-11-07 13:36:02 +01:00
parent a45323440e
commit ec9ca2b356
8 changed files with 454 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
libtool
View File

@@ -2,12 +2,12 @@
# libtool - Provide generalized library-building support services. # libtool - Provide generalized library-building support services.
# Generated automatically by config.status (pcp) `cat VERSION` # Generated automatically by config.status (pcp) `cat VERSION`
# Libtool was configured on host io: # Libtool was configured on host r4:
# NOTE: Changes made to this file will be lost: look at ltmain.sh. # NOTE: Changes made to this file will be lost: look at ltmain.sh.
# #
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Inc. # Foundation, Inc.
# Written by Gordon Matzigkeit, 1996 # Written by Gordon Matzigkeit, 1996
# #
# This file is part of GNU Libtool. # This file is part of GNU Libtool.
@@ -40,8 +40,8 @@ available_tags=""
# ### BEGIN LIBTOOL CONFIG # ### BEGIN LIBTOOL CONFIG
# Which release of libtool.m4 was used? # Which release of libtool.m4 was used?
macro_version=2.4 macro_version=2.4.2
macro_revision=1.3293 macro_revision=1.3337
# Whether or not to build shared libraries. # Whether or not to build shared libraries.
build_libtool_libs=yes build_libtool_libs=yes
@@ -61,15 +61,18 @@ SHELL="/bin/sh"
# An echo program that protects backslashes. # An echo program that protects backslashes.
ECHO="printf %s\\n" ECHO="printf %s\\n"
# The PATH separator for the build system.
PATH_SEPARATOR=":"
# The host system. # The host system.
host_alias= host_alias=
host=amd64-unknown-freebsd9.0 host=amd64-unknown-freebsd9.1
host_os=freebsd9.0 host_os=freebsd9.1
# The build system. # The build system.
build_alias= build_alias=
build=amd64-unknown-freebsd9.0 build=amd64-unknown-freebsd9.1
build_os=freebsd9.0 build_os=freebsd9.1
# A sed program that does not truncate output. # A sed program that does not truncate output.
SED="/usr/bin/sed" SED="/usr/bin/sed"
@@ -151,7 +154,7 @@ STRIP="strip"
# Commands used to install an old-style archive. # Commands used to install an old-style archive.
RANLIB="ranlib" RANLIB="ranlib"
old_postinstall_cmds="chmod 644 \$oldlib~\$RANLIB \$oldlib" old_postinstall_cmds="chmod 644 \$oldlib~\$RANLIB \$tool_oldlib"
old_postuninstall_cmds="" old_postuninstall_cmds=""
# Whether to use a lock for old archive extraction. # Whether to use a lock for old archive extraction.
@@ -161,7 +164,7 @@ lock_old_archive_extraction=no
LTCC="gcc" LTCC="gcc"
# LTCC compiler flags. # LTCC compiler flags.
LTCFLAGS="-I/usr/local/include -I/usr/local/include" LTCFLAGS="-g -O2 -I/usr/local/include"
# Take the output of nm and produce a listing of raw symbols and C names. # Take the output of nm and produce a listing of raw symbols and C names.
global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 \\2 \\2/p' | sed '/ __gnu_lto/d'" global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 \\2 \\2/p' | sed '/ __gnu_lto/d'"
@@ -296,7 +299,7 @@ reload_flag=" -r"
reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs" reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs"
# Commands used to build an old-style archive. # Commands used to build an old-style archive.
old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs~\$RANLIB \$oldlib" old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs~\$RANLIB \$tool_oldlib"
# A language specific compiler. # A language specific compiler.
CC="gcc" CC="gcc"
@@ -362,10 +365,6 @@ no_undefined_flag=""
# This must work even if $libdir does not exist # This must work even if $libdir does not exist
hardcode_libdir_flag_spec="\${wl}-rpath \${wl}\$libdir" hardcode_libdir_flag_spec="\${wl}-rpath \${wl}\$libdir"
# If ld is used when linking, flag to hardcode $libdir into a binary
# during linking. This must work even if $libdir does not exist.
hardcode_libdir_flag_spec_ld=""
# Whether we need a single "-rpath" flag with a separated argument. # Whether we need a single "-rpath" flag with a separated argument.
hardcode_libdir_separator="" hardcode_libdir_separator=""
@@ -426,11 +425,11 @@ hardcode_action=immediate
# ### END LIBTOOL CONFIG # ### END LIBTOOL CONFIG
# libtool (GNU libtool) 2.4 # libtool (GNU libtool) 2.4.2
# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. # 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO # This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -468,6 +467,7 @@ hardcode_action=immediate
# --quiet, --silent don't print informational messages # --quiet, --silent don't print informational messages
# --no-quiet, --no-silent # --no-quiet, --no-silent
# print informational messages (default) # print informational messages (default)
# --no-warn don't display warning messages
# --tag=TAG use configuration variables from tag TAG # --tag=TAG use configuration variables from tag TAG
# -v, --verbose print more informational messages than default # -v, --verbose print more informational messages than default
# --no-verbose don't print the extra informational messages # --no-verbose don't print the extra informational messages
@@ -496,7 +496,7 @@ hardcode_action=immediate
# compiler: $LTCC # compiler: $LTCC
# compiler flags: $LTCFLAGS # compiler flags: $LTCFLAGS
# linker: $LD (gnu? $with_gnu_ld) # linker: $LD (gnu? $with_gnu_ld)
# $progname: (GNU libtool) 2.4 # $progname: (GNU libtool) 2.4.2
# automake: $automake_version # automake: $automake_version
# autoconf: $autoconf_version # autoconf: $autoconf_version
# #
@@ -506,9 +506,9 @@ hardcode_action=immediate
PROGRAM=libtool PROGRAM=libtool
PACKAGE=libtool PACKAGE=libtool
VERSION=2.4 VERSION=2.4.2
TIMESTAMP="" TIMESTAMP=""
package_revision=1.3293 package_revision=1.3337
# Be Bourne compatible # Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
@@ -563,15 +563,10 @@ progpath="$0"
: ${CP="cp -f"} : ${CP="cp -f"}
test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
: ${EGREP="grep -E"}
: ${FGREP="grep -F"}
: ${GREP="grep"}
: ${LN_S="ln -s"}
: ${MAKE="make"} : ${MAKE="make"}
: ${MKDIR="mkdir"} : ${MKDIR="mkdir"}
: ${MV="mv -f"} : ${MV="mv -f"}
: ${RM="rm -f"} : ${RM="rm -f"}
: ${SED="sed"}
: ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"}
: ${Xsed="$SED -e 1s/^X//"} : ${Xsed="$SED -e 1s/^X//"}
@@ -810,7 +805,7 @@ case $progpath in
;; ;;
*) *)
save_IFS="$IFS" save_IFS="$IFS"
IFS=: IFS=${PATH_SEPARATOR-:}
for progdir in $PATH; do for progdir in $PATH; do
IFS="$save_IFS" IFS="$save_IFS"
test -x "$progdir/$progname" && break test -x "$progdir/$progname" && break
@@ -1194,8 +1189,8 @@ func_help ()
s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LTCFLAGS*'"$LTCFLAGS"'*
s*\$LD*'"$LD"'* s*\$LD*'"$LD"'*
s/\$with_gnu_ld/'"$with_gnu_ld"'/ s/\$with_gnu_ld/'"$with_gnu_ld"'/
s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
p p
d d
} }
@@ -1472,6 +1467,7 @@ opt_finish=false
opt_help=false opt_help=false
opt_help_all=false opt_help_all=false
opt_silent=: opt_silent=:
opt_warning=:
opt_verbose=: opt_verbose=:
opt_silent=false opt_silent=false
opt_verbose=false opt_verbose=false
@@ -1538,6 +1534,10 @@ esac
;; ;;
--no-silent|--no-quiet) --no-silent|--no-quiet)
opt_silent=false opt_silent=false
preserve_args="$preserve_args $opt"
;;
--no-warning|--no-warn)
opt_warning=false
preserve_args="$preserve_args $opt" preserve_args="$preserve_args $opt"
;; ;;
--no-verbose) --no-verbose)
@@ -2509,7 +2509,7 @@ func_mode_compile ()
*.[cCFSifmso] | \ *.[cCFSifmso] | \
*.ada | *.adb | *.ads | *.asm | \ *.ada | *.adb | *.ads | *.asm | \
*.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
*.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
func_xform "$libobj" func_xform "$libobj"
libobj=$func_xform_result libobj=$func_xform_result
;; ;;
@@ -3651,11 +3651,13 @@ func_mode_install ()
# Set up the ranlib parameters. # Set up the ranlib parameters.
oldlib="$destdir/$name" oldlib="$destdir/$name"
func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
tool_oldlib=$func_to_tool_file_result
func_show_eval "$install_prog \$file \$oldlib" 'exit $?' func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
if test -n "$stripme" && test -n "$old_striplib"; then if test -n "$stripme" && test -n "$old_striplib"; then
func_show_eval "$old_striplib $oldlib" 'exit $?' func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
fi fi
# Do each command in the postinstall commands. # Do each command in the postinstall commands.
@@ -3920,7 +3922,7 @@ static const void *lt_preloaded_setup() {
# linked before any other PIC object. But we must not use # linked before any other PIC object. But we must not use
# pic_flag when linking with -static. The problem exists in # pic_flag when linking with -static. The problem exists in
# FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
*-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
*-*-hpux*) *-*-hpux*)
pic_flag_for_symtable=" $pic_flag" ;; pic_flag_for_symtable=" $pic_flag" ;;
@@ -4435,14 +4437,17 @@ func_exec_program_core ()
# launches target application with the remaining arguments. # launches target application with the remaining arguments.
func_exec_program () func_exec_program ()
{ {
for lt_wr_arg case \" \$* \" in
do *\\ --lt-*)
case \$lt_wr_arg in for lt_wr_arg
--lt-*) ;; do
*) set x \"\$@\" \"\$lt_wr_arg\"; shift;; case \$lt_wr_arg in
esac --lt-*) ;;
shift *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
done esac
shift
done ;;
esac
func_exec_program_core \${1+\"\$@\"} func_exec_program_core \${1+\"\$@\"}
} }
@@ -5510,9 +5515,15 @@ void lt_dump_script (FILE* f)
{ {
EOF EOF
func_emit_wrapper yes | func_emit_wrapper yes |
$SED -e 's/\([\\"]\)/\\\1/g' \ $SED -n -e '
-e 's/^/ fputs ("/' -e 's/$/\\n", f);/' s/^\(.\{79\}\)\(..*\)/\1\
\2/
h
s/\([\\"]\)/\\\1/g
s/$/\\n/
s/\([^\n]*\).*/ fputs ("\1", f);/p
g
D'
cat <<"EOF" cat <<"EOF"
} }
EOF EOF
@@ -6097,7 +6108,8 @@ func_mode_link ()
continue continue
;; ;;
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
|-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
compiler_flags="$compiler_flags $arg" compiler_flags="$compiler_flags $arg"
compile_command="$compile_command $arg" compile_command="$compile_command $arg"
finalize_command="$finalize_command $arg" finalize_command="$finalize_command $arg"
@@ -6601,7 +6613,8 @@ func_mode_link ()
lib= lib=
found=no found=no
case $deplib in case $deplib in
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
|-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
if test "$linkmode,$pass" = "prog,link"; then if test "$linkmode,$pass" = "prog,link"; then
compile_deplibs="$deplib $compile_deplibs" compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs" finalize_deplibs="$deplib $finalize_deplibs"
@@ -7302,7 +7315,7 @@ func_mode_link ()
test "$hardcode_direct_absolute" = no; then test "$hardcode_direct_absolute" = no; then
add="$dir/$linklib" add="$dir/$linklib"
elif test "$hardcode_minus_L" = yes; then elif test "$hardcode_minus_L" = yes; then
add_dir="-L$dir" add_dir="-L$absdir"
# Try looking first in the location we're being installed to. # Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then if test -n "$inst_prefix_dir"; then
case $libdir in case $libdir in
@@ -7787,6 +7800,7 @@ func_mode_link ()
# which has an extra 1 added just for fun # which has an extra 1 added just for fun
# #
case $version_type in case $version_type in
# correct linux to gnu/linux during the next big refactor
darwin|linux|osf|windows|none) darwin|linux|osf|windows|none)
func_arith $number_major + $number_minor func_arith $number_major + $number_minor
current=$func_arith_result current=$func_arith_result
@@ -7903,7 +7917,7 @@ func_mode_link ()
versuffix="$major.$revision" versuffix="$major.$revision"
;; ;;
linux) linux) # correct to gnu/linux during the next big refactor
func_arith $current - $age func_arith $current - $age
major=.$func_arith_result major=.$func_arith_result
versuffix="$major.$age.$revision" versuffix="$major.$age.$revision"
@@ -8491,6 +8505,11 @@ EOF
# Test again, we may have decided not to build it any more # Test again, we may have decided not to build it any more
if test "$build_libtool_libs" = yes; then if test "$build_libtool_libs" = yes; then
# Remove ${wl} instances when linking with ld.
# FIXME: should test the right _cmds variable.
case $archive_cmds in
*\$LD\ *) wl= ;;
esac
if test "$hardcode_into_libs" = yes; then if test "$hardcode_into_libs" = yes; then
# Hardcode the library paths # Hardcode the library paths
hardcode_libdirs= hardcode_libdirs=
@@ -8521,7 +8540,7 @@ EOF
elif test -n "$runpath_var"; then elif test -n "$runpath_var"; then
case "$perm_rpath " in case "$perm_rpath " in
*" $libdir "*) ;; *" $libdir "*) ;;
*) func_apped perm_rpath " $libdir" ;; *) perm_rpath="$perm_rpath $libdir" ;;
esac esac
fi fi
done done
@@ -8529,11 +8548,7 @@ EOF
if test -n "$hardcode_libdir_separator" && if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then test -n "$hardcode_libdirs"; then
libdir="$hardcode_libdirs" libdir="$hardcode_libdirs"
if test -n "$hardcode_libdir_flag_spec_ld"; then eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
else
eval dep_rpath=\"$hardcode_libdir_flag_spec\"
fi
fi fi
if test -n "$runpath_var" && test -n "$perm_rpath"; then if test -n "$runpath_var" && test -n "$perm_rpath"; then
# We should set the runpath_var. # We should set the runpath_var.
@@ -9623,6 +9638,8 @@ EOF
esac esac
done done
fi fi
func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
tool_oldlib=$func_to_tool_file_result
eval cmds=\"$old_archive_cmds\" eval cmds=\"$old_archive_cmds\"
func_len " $cmds" func_len " $cmds"
@@ -9732,7 +9749,8 @@ EOF
*.la) *.la)
func_basename "$deplib" func_basename "$deplib"
name="$func_basename_result" name="$func_basename_result"
eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` func_resolve_sysroot "$deplib"
eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
test -z "$libdir" && \ test -z "$libdir" && \
func_fatal_error "\`$deplib' is not a valid libtool archive" func_fatal_error "\`$deplib' is not a valid libtool archive"
newdependency_libs="$newdependency_libs ${lt_sysroot:+=}$libdir/$name" newdependency_libs="$newdependency_libs ${lt_sysroot:+=}$libdir/$name"

112
man/details.pod
View File

@@ -42,6 +42,118 @@ the recipient. A public key generated this way will only be usable
by the recipient (and yourself) and each recipient will have a different by the recipient (and yourself) and each recipient will have a different
public key from you (and vice versa). public key from you (and vice versa).
=head1 ENCRYPTION
There are 3 modi for encryption available in pcp1:
=over
=item B<Standard public key encryption>
In this mode, which is the default, a public key as specified
with B<-i> and the primary secret key will be used for encryption.
The public key in question maybe a derived public key, which
is transparent for the sender however.
If you don't use derived keys, you will have to transfer
the public key part of your primary keypair to the recipient,
which is considered insecure if the transfer channel itself
uses untrusted transports or if the transferred public key
ends up on a public system (a shared server, a workstation
at your employer or the like). You should avoid this encryption
mode in such cases and use derived keys instead.
Example command:
pcp1 -e -i 0x2BD734B15CE2722D -I message.txt -O cipher.z85
Here we didn't specify a recipient. Therefore the public
key given with -i will be used directly.
=item B<Derived public key encryption>
Derived keys will be generated dynamically at runtime
(see B<Derived Public Keys> above). Therefore an exported
derived public key is unique for the sender AND recipient.
This mode can be considered the most secure. If such a key
gets lost (or into the wrong hands), only this specific
communication channel will be compromised.
Example command:
pcp1 -e -r bobby@local -I message.txt -O cipher.z85
We specified a recipient. pcp1 searches the vault for a
matching public key and generates a derived keypair for
encryption. You need to have a public key installed from
the recipient anyway, it won't work without one. You may
also specify a key id (-i) as well to make sure, the right
key will be used for derivation.
=item B<Self encryption mode>
Pretty Curved Privacy doesn't provide symetric file encryption.
However there are cases when you need to encrypt a file just
for yourself. In such a case the file will be encrypted using
the public key part of your primary secret key and the secret
key itself (thanks to the wonders of ECC this works like a charm).
The file can be decrypted using the primary key pair.
While this works, the security of it totally depends on the
strength of your password, especially if the primary secret
used for this kind of encryption is stored in a vault on the
same system.
Example command:
pcp1 -e -I message.txt -O cipher.z85
As you can see we didn't specify -i or -r and therefore pcp1
tries to use the primary keypair for encryption.
=back
=head1 VULNERABILITIES
Currently there are a couple of problems which are not
addressed. These are usually protocol problems, which are
not caused by pcp1.
=over
=item B<No secure native key exchange for store-and-forward systems>
Pretty Curved Privacy is a store-and-forward system, it works
on files and can't use any cool key exchange protocols therefore.
For example there would be B<CurveCP> which guarantees a
secure key exchange. But CurveCP cannot be used offline.
Users have to find other means to exchange keys. That's a pity
since with Curve25519 you can't just publish your public key
to some key server because in order to encrypt a message, both
the recipient AND the sender need to have the public key of
each other. It would be possible to publich public keys,
and attach the senders public key to the encrypted message, but
I'm not sure if such an aproach would be secure enough.
=item B<Curve25519 not widely adopted>
At the time of this writing the ECC algorithm Curve25519
is only rarely used, in most cases by experimental software
(such as Pretty Curved Privacy). As far as I know there haven't
been done the kind of exessive crypto analysis as with other
ECC algorithms.
While I, as the author of pcp1 totally trust D.J.Bernstein, this
may not be the case for you.
In short, I'd suggest not to use it on critical systems yet.
=back
=head1 INTERNALS =head1 INTERNALS
FIXME. FIXME.

113
man/pcp1.1
View File

@@ -183,10 +183,13 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
\& \&
\& Encryption Options: \& Encryption Options:
\& \-e \-\-encrypt Encrypt a message. Read from stdin or \& \-e \-\-encrypt Encrypt a message. Read from stdin or
\& specified via \-I. A keyid (\-i) of the \& specified via \-I. If a keyid (\-i) has been
\& public key of the receipient must be \& given, use that public key for encryption.
\& specified. Output to stdout or written \& If a recipient (\-r) has been given, use
\& to the file specified via \-O. \& a derived public key. If none of \-i or
\& \-r has been given, use the primary
\& secret key and the public part of it
\& for encrytion (self\-encryption mode).
\& \-d \-\-decrypt Decrypt a message. Read from stdin or \& \-d \-\-decrypt Decrypt a message. Read from stdin or
\& specified via \-I. Output to stdout or \& specified via \-I. Output to stdout or
\& written to the file specified via \-O. \& written to the file specified via \-O.
@@ -325,6 +328,108 @@ The public part of this dynamic key will be exported and sent to
the recipient. A public key generated this way will only be usable the recipient. A public key generated this way will only be usable
by the recipient (and yourself) and each recipient will have a different by the recipient (and yourself) and each recipient will have a different
public key from you (and vice versa). public key from you (and vice versa).
.SH "ENCRYPTION"
.IX Header "ENCRYPTION"
There are 3 modi for encryption available in pcp1:
.IP "\fBStandard public key encryption\fR" 4
.IX Item "Standard public key encryption"
In this mode, which is the default, a public key as specified
with \fB\-i\fR and the primary secret key will be used for encryption.
The public key in question maybe a derived public key, which
is transparent for the sender however.
.Sp
If you don't use derived keys, you will have to transfer
the public key part of your primary keypair to the recipient,
which is considered insecure if the transfer channel itself
uses untrusted transports or if the transferred public key
ends up on a public system (a shared server, a workstation
at your employer or the like). You should avoid this encryption
mode in such cases and use derived keys instead.
.Sp
Example command:
.Sp
.Vb 1
\& pcp1 \-e \-i 0x2BD734B15CE2722D \-I message.txt \-O cipher.z85
.Ve
.Sp
Here we didn't specify a recipient. Therefore the public
key given with \-i will be used directly.
.IP "\fBDerived public key encryption\fR" 4
.IX Item "Derived public key encryption"
Derived keys will be generated dynamically at runtime
(see \fBDerived Public Keys\fR above). Therefore an exported
derived public key is unique for the sender \s-1AND\s0 recipient.
.Sp
This mode can be considered the most secure. If such a key
gets lost (or into the wrong hands), only this specific
communication channel will be compromised.
.Sp
Example command:
.Sp
.Vb 1
\& pcp1 \-e \-r bobby@local \-I message.txt \-O cipher.z85
.Ve
.Sp
We specified a recipient. pcp1 searches the vault for a
matching public key and generates a derived keypair for
encryption. You need to have a public key installed from
the recipient anyway, it won't work without one. You may
also specify a key id (\-i) as well to make sure, the right
key will be used for derivation.
.IP "\fBSelf encryption mode\fR" 4
.IX Item "Self encryption mode"
Pretty Curved Privacy doesn't provide symetric file encryption.
However there are cases when you need to encrypt a file just
for yourself. In such a case the file will be encrypted using
the public key part of your primary secret key and the secret
key itself (thanks to the wonders of \s-1ECC\s0 this works like a charm).
.Sp
The file can be decrypted using the primary key pair.
.Sp
While this works, the security of it totally depends on the
strength of your password, especially if the primary secret
used for this kind of encryption is stored in a vault on the
same system.
.Sp
Example command:
.Sp
.Vb 1
\& pcp1 \-e \-I message.txt \-O cipher.z85
.Ve
.Sp
As you can see we didn't specify \-i or \-r and therefore pcp1
tries to use the primary keypair for encryption.
.SH "VULNERABILITIES"
.IX Header "VULNERABILITIES"
Currently there are a couple of problems which are not
addressed. These are usually protocol problems, which are
not caused by pcp1.
.IP "\fBNo secure native key exchange for store-and-forward systems\fR" 4
.IX Item "No secure native key exchange for store-and-forward systems"
Pretty Curved Privacy is a store-and-forward system, it works
on files and can't use any cool key exchange protocols therefore.
For example there would be \fBCurveCP\fR which guarantees a
secure key exchange. But CurveCP cannot be used offline.
.Sp
Users have to find other means to exchange keys. That's a pity
since with Curve25519 you can't just publish your public key
to some key server because in order to encrypt a message, both
the recipient \s-1AND\s0 the sender need to have the public key of
each other. It would be possible to publich public keys,
and attach the senders public key to the encrypted message, but
I'm not sure if such an aproach would be secure enough.
.IP "\fBCurve25519 not widely adopted\fR" 4
.IX Item "Curve25519 not widely adopted"
At the time of this writing the \s-1ECC\s0 algorithm Curve25519
is only rarely used, in most cases by experimental software
(such as Pretty Curved Privacy). As far as I know there haven't
been done the kind of exessive crypto analysis as with other
\&\s-1ECC\s0 algorithms.
.Sp
While I, as the author of pcp1 totally trust D.J.Bernstein, this
may not be the case for you.
.Sp
In short, I'd suggest not to use it on critical systems yet.
.SH "INTERNALS" .SH "INTERNALS"
.IX Header "INTERNALS" .IX Header "INTERNALS"
\&\s-1FIXME\s0. \&\s-1FIXME\s0.

123
man/pcp1.pod
View File

@@ -55,10 +55,13 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
Encryption Options: Encryption Options:
-e --encrypt Encrypt a message. Read from stdin or -e --encrypt Encrypt a message. Read from stdin or
specified via -I. A keyid (-i) of the specified via -I. If a keyid (-i) has been
public key of the receipient must be given, use that public key for encryption.
specified. Output to stdout or written If a recipient (-r) has been given, use
to the file specified via -O. a derived public key. If none of -i or
-r has been given, use the primary
secret key and the public part of it
for encrytion (self-encryption mode).
-d --decrypt Decrypt a message. Read from stdin or -d --decrypt Decrypt a message. Read from stdin or
specified via -I. Output to stdout or specified via -I. Output to stdout or
written to the file specified via -O. written to the file specified via -O.
@@ -192,6 +195,118 @@ the recipient. A public key generated this way will only be usable
by the recipient (and yourself) and each recipient will have a different by the recipient (and yourself) and each recipient will have a different
public key from you (and vice versa). public key from you (and vice versa).
=head1 ENCRYPTION
There are 3 modi for encryption available in pcp1:
=over
=item B<Standard public key encryption>
In this mode, which is the default, a public key as specified
with B<-i> and the primary secret key will be used for encryption.
The public key in question maybe a derived public key, which
is transparent for the sender however.
If you don't use derived keys, you will have to transfer
the public key part of your primary keypair to the recipient,
which is considered insecure if the transfer channel itself
uses untrusted transports or if the transferred public key
ends up on a public system (a shared server, a workstation
at your employer or the like). You should avoid this encryption
mode in such cases and use derived keys instead.
Example command:
pcp1 -e -i 0x2BD734B15CE2722D -I message.txt -O cipher.z85
Here we didn't specify a recipient. Therefore the public
key given with -i will be used directly.
=item B<Derived public key encryption>
Derived keys will be generated dynamically at runtime
(see B<Derived Public Keys> above). Therefore an exported
derived public key is unique for the sender AND recipient.
This mode can be considered the most secure. If such a key
gets lost (or into the wrong hands), only this specific
communication channel will be compromised.
Example command:
pcp1 -e -r bobby@local -I message.txt -O cipher.z85
We specified a recipient. pcp1 searches the vault for a
matching public key and generates a derived keypair for
encryption. You need to have a public key installed from
the recipient anyway, it won't work without one. You may
also specify a key id (-i) as well to make sure, the right
key will be used for derivation.
=item B<Self encryption mode>
Pretty Curved Privacy doesn't provide symetric file encryption.
However there are cases when you need to encrypt a file just
for yourself. In such a case the file will be encrypted using
the public key part of your primary secret key and the secret
key itself (thanks to the wonders of ECC this works like a charm).
The file can be decrypted using the primary key pair.
While this works, the security of it totally depends on the
strength of your password, especially if the primary secret
used for this kind of encryption is stored in a vault on the
same system.
Example command:
pcp1 -e -I message.txt -O cipher.z85
As you can see we didn't specify -i or -r and therefore pcp1
tries to use the primary keypair for encryption.
=back
=head1 VULNERABILITIES
Currently there are a couple of problems which are not
addressed. These are usually protocol problems, which are
not caused by pcp1.
=over
=item B<No secure native key exchange for store-and-forward systems>
Pretty Curved Privacy is a store-and-forward system, it works
on files and can't use any cool key exchange protocols therefore.
For example there would be B<CurveCP> which guarantees a
secure key exchange. But CurveCP cannot be used offline.
Users have to find other means to exchange keys. That's a pity
since with Curve25519 you can't just publish your public key
to some key server because in order to encrypt a message, both
the recipient AND the sender need to have the public key of
each other. It would be possible to publich public keys,
and attach the senders public key to the encrypted message, but
I'm not sure if such an aproach would be secure enough.
=item B<Curve25519 not widely adopted>
At the time of this writing the ECC algorithm Curve25519
is only rarely used, in most cases by experimental software
(such as Pretty Curved Privacy). As far as I know there haven't
been done the kind of exessive crypto analysis as with other
ECC algorithms.
While I, as the author of pcp1 totally trust D.J.Bernstein, this
may not be the case for you.
In short, I'd suggest not to use it on critical systems yet.
=back
=head1 INTERNALS =head1 INTERNALS
FIXME. FIXME.

27
src/encryption.c
View File

@@ -103,9 +103,20 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
} }
} }
if(public == NULL) { if(public == NULL) {
fatal("Could not find a usable public key in vault %s!\n", // maybe self encryption, try secrets
pcp_key_t *s = NULL;
for(s=pcpkey_hash; s != NULL; s=(pcp_key_t*)(s->hh.next)) {
crypto_hash(check, (unsigned char*)s->id, 16);
if(memcmp(check, hash, crypto_hash_BYTES) == 0) {
// matching secret
public = pcpkey_pub_from_secret(s);
}
}
if(public == NULL) {
fatal("Could not find a usable public key in vault %s!\n",
vault->filename); vault->filename);
goto errde0; goto errde0;
}
} }
if(debug) { if(debug) {
@@ -183,9 +194,17 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, char *recipi
// look if we've got that key // look if we've got that key
HASH_FIND_STR(pcppubkey_hash, id, public); HASH_FIND_STR(pcppubkey_hash, id, public);
if(public == NULL) { if(public == NULL) {
fatal("Could not find a public key with id 0x%s in vault %s!\n", // self-encryption: look if its a secret one
pcp_key_t *s = NULL;
HASH_FIND_STR(pcpkey_hash, id, s);
if(s != NULL) {
public = pcpkey_pub_from_secret(s);
}
else {
fatal("Could not find a public key with id 0x%s in vault %s!\n",
id, vault->filename); id, vault->filename);
goto erren3; goto erren3;
}
} }
secret = pcp_find_primary_secret(); secret = pcp_find_primary_secret();

5
src/pcp.c
View File

@@ -315,6 +315,11 @@ int main (int argc, char **argv) {
if(useid == 0 && userec == 1) { if(useid == 0 && userec == 1) {
id = pcp_find_id_byrec(recipient); id = pcp_find_id_byrec(recipient);
} }
if(useid == 0 && userec == 0) {
pcp_key_t *k = pcp_find_primary_secret();
id = ucmalloc(17);
memcpy(id, k->id, 17);
}
if(id != NULL) { if(id != NULL) {
pcpencrypt(id, infile, outfile, xpass, recipient); pcpencrypt(id, infile, outfile, xpass, recipient);
free(id); free(id);

11
src/usage.h
View File

@@ -50,10 +50,13 @@
"\n" \ "\n" \
"Encryption Options:\n" \ "Encryption Options:\n" \
"-e --encrypt Encrypt a message. Read from stdin or\n" \ "-e --encrypt Encrypt a message. Read from stdin or\n" \
" specified via -I. A keyid (-i) of the\n" \ " specified via -I. If a keyid (-i) has been\n" \
" public key of the receipient must be\n" \ " given, use that public key for encryption.\n" \
" specified. Output to stdout or written\n" \ " If a recipient (-r) has been given, use\n" \
" to the file specified via -O.\n" \ " a derived public key. If none of -i or\n" \
" -r has been given, use the primary\n" \
" secret key and the public part of it\n" \
" for encrytion (self-encryption mode).\n" \
"-d --decrypt Decrypt a message. Read from stdin or\n" \ "-d --decrypt Decrypt a message. Read from stdin or\n" \
" specified via -I. Output to stdout or\n" \ " specified via -I. Output to stdout or\n" \
" written to the file specified via -O.\n" \ " written to the file specified via -O.\n" \

11
src/usage.txt
View File

@@ -48,10 +48,13 @@ Keymanagement Options:
Encryption Options: Encryption Options:
-e --encrypt Encrypt a message. Read from stdin or -e --encrypt Encrypt a message. Read from stdin or
specified via -I. A keyid (-i) of the specified via -I. If a keyid (-i) has been
public key of the receipient must be given, use that public key for encryption.
specified. Output to stdout or written If a recipient (-r) has been given, use
to the file specified via -O. a derived public key. If none of -i or
-r has been given, use the primary
secret key and the public part of it
for encrytion (self-encryption mode).
-d --decrypt Decrypt a message. Read from stdin or -d --decrypt Decrypt a message. Read from stdin or
specified via -I. Output to stdout or specified via -I. Output to stdout or
written to the file specified via -O. written to the file specified via -O.