0.2.1 My crypt+sign implementation were wrong (better: defect). It worked but a legal recipient could re-encrypt the message and attach the original signature, fooling a third party. Now the signature is being made of the encrypted recipient list, the cleartext content (both hashed together) and encrypted afterwards. Re-implemented pcp_readz85string() function, it's now much more fault tolerant and flexible and save against overflows. It is able to catch a multitude of z85 encoded inputs, such as multiline z85 data, oneline z85 data, including or without headers/footers and it considers any single line of content which ends with [\r]\n and contains a whitespace as comment. Added Buffer 'class' internal api to make it easier to work with binary data in various, flexible and error prone ways. Cribbed from the code in openssh/buffer.c. Import and export of keys is now being done in the lib and no more in src. Src only opens files and asks for passwords and stuff like this. Changed public key export format to RFC4880, see include/pcp/mgmt.h for details. Pcp uses only a small subset of what the rfc provides, I left out most of the bloat. Also our keys are incompatible with OpenPGP of course, since our ciphers are different. But it's a standardized format, easy to work with and flexible. From this point on it should be possible to import old public keys even if the internal structure changed. This wasn't possible in the past. The secret key export format changed as well. It is proprietary but more flexible than the old one as well. It now only contains static data, whatever can be calculated later isn't stored. Everything is being put into one stream and completely encrypted symmetrically. As with the new pubkey export format this one as well is independent of internal structs in pcp and should therefore be future proof. Internal api change: added pcpstream, which is a wrapper around file i/o or buffer i/o. It's used in libpcp/crypto.c (more to follow), so it depends on the caller if it works on files or on buffers. Pcpstreams also automatically encode/decode Z85. Due to the new pcpstream class pcp now supports armored encrypted files, which it didn't previously. Lots of refactoring have been done to clear things out and make the system work with the changes above. Added various convenience pubkey export formats, beside pbp and pcp also supported are now perl, c and yaml code. A programmer can use this to put a public key in a small program. Finally found the bug that leaded to the unittests sometimes fail as previously described in the TODO file: the function libpcp/z85.c:_buffer_is_binary() shall return a non-zero value if it finds a binary character in the input. However, if the first char of the input was binary it returned 0, which was then interpreted later such that the input is ascii. To fix this, the function now starts at position 1 to search. Added API doc for libpcp, generated using doxygen in man/html/. Latest API docs can be found on http://www.daemon.de/libpcp/. At this point I'd like to thank Liquid Soul. Only thanks to their music I was able to do those heavy changes. It's like a drug boosting the brain. Love U, man! 0.2.0 ED25519 and Curve25519 keys are now generated separately (previously they were generated from one random seed, the curve had been derived from the ed key). To encrypt the secret keys, we're now using a key derived from the user passphrase generated using the scrypt() function, incorporated from tarsnap via scrypt-1.1.6. The "derived pcp key" feature has been dropped. Encrypted file format/scheme changed. Previously I included the sender's key-id with the encrypted cipher as a hash. So, encrypted message do no more contain pk material. Changed signature scheme completely. Binary signature follow the pbp scheme: calculate blake2 hash of the content, sign the hash, write out original content, add "\nnacl-", add the signature, add the hash. Armored signatures are calculated the same way but output follows the pgp scheme instead. Detached signatures are still supported as before, for the user everything with them is as known, but the commandline option -f (--sigfile) have to be applied. Internally, however, inputs will be read in 32k blockwise as well. Detached signatures are now z85 encoded always. Now you can also crypt+sign files with pcp1. Signatures of encrypted files are always binary appended as is, no offset designator. This leads to a couple of problems which need to be solved somehow in the future: recipient doesn't know whether to decrypt the file or to decrypt and verify it. Also it's unclear how to behave if decryption works but the signature doesn't verify. Currently pcp1 failes in this case, but leaves the decrypted result on disk. Hm... The default encryption mode with pcp (and pbp as of this writing) is ECB. Each 32k block is encrypted independently. While ECB is generally a bad choice, the 32k blocksize compensates for it. However, just to have to option, if we decide to use CBC instead, I already implemented it. It must be enabled at compile time with ./configure --enable-cbc. CBC mode in PCP uses a blocksize of 1k. Added PBP public key import and export compatibility (untested against pbp yet), use -b when exporting a public key, or when importing one. 0.1.5 Fixed a segmentation fault when using pcp1 -t on a public key. I added a double free() there by purpose to test segfault catching I added in unittest.pl and forgot to remove it. The good news is, that I found the double free() immediately thanks to the segfault catching of unittest.pl :) Fixed use of unencrypted secret keys, added proper unittests for this case. Note: a secret key will be stored unencrypted if the user doesn't enter a password when asked. In addition to the fix I added a question if the user is sure about what he does. Moved config.h to include/pcp/ so it will be installed as well. Removed the conditional include of config.h in platform.h, that was stupid. Added generation of a pkg-config configuration in libpcp/libpcp1.pc.in. Added -O support to -k. So now you can generate a new secret key and export it directly into a file. In this case the key will not be stored to the vault. The -t option now accepts an inputfile (-I) and determines what kind of file that might be and if it finds out, prints some info about it to stdout. Useful if you've got a z85 encoded file without headers and comments and don't know what it is. Moved all uthash (key lists) related code into keyhash.c, so nowhere will be used any HASH* macros directly. Fixed various malloc/free errors. Found them on the gcc compilefarm, thanks to the gcc guys providing access to it. Fixed alternate arc4random*() implementation in platform.h, now we just use the random functions of libsodium if they're not available. Added C++ language binding (bindings/cpp/), look at tests/cpptest.cpp for usage examples. Fixed problem under big-endian platforms where encryption didn't work due a missing sodium_init() call. Thanks to Frank Denis. See https://github.com/jedisct1/libsodium/issues/100 0.1.4 Changed key format (again), now the main secret is the ED25519 secret key, which will be encrypted. Everything else will be derived from that. Thanks to S.Neives and "CodesInChaos" from the libsodium mailinglist for clarifying it and helping me to understand it. 0.1.3 Added signature support using ED25519. Key format has changed it now contains the ed25519 public key part as well, required for signing. Key version is now 0x2 and vault version 0x2. There's no backwards compatibility, since this is still beta. Re-organized header files. Added support for self encryption using the users own key pair for encryption and decryption. Backport of issue https://github.com/zeromq/zeromq4-x/issues/29 Fixed key export, now uses big endianess as well. Updated POD documentation. Fixed a couple of minor bugs which lead to crashes. Options -r and -R exchanged: -R = remove key, -r = recipient. Added support for derived keys (using -r). Added more precautions when writing to the vault, we now always use a tmp vault for writing and if that works, we copy it back. In case something fails on the way, the tmp file will be retained or the original vault will not be altered. 0.1.2 Fixed bug in pcp_derivekey() which derives encryption keys. it generated collisions due coding error, e.g. passphase 'a' resulted in the same encryptionkey as passphase 'r'. Now uses SHA256 witout the xor stuff, which was the cause for the bug. This also fixes a segmentation fault which occured invariably by entering an invalid passphrase. Added support for derived public keys using the -R option, which allows two peers to encrypt messages without the need to reveal their primary public keys. That way each peer will have another public key of the same source. Added more unit tests to reflect the above changes. 0.1.1 Changed output format of encrypted keys. now we encode it properly with the Z85 encoding and add a header and footer to it: -----BEGN CURVE25519 SECRET KEY----- 0q<1MspXp=x>mBZsUJF:2#)o*!.nTKR8SK}0IfuMBmC1a&*?)JD4%$%I5