{"id":21040127,"url":"https://github.com/sz3/libmcleece","last_synced_at":"2025-05-15T16:33:08.787Z","repository":{"id":40314035,"uuid":"284452354","full_name":"sz3/libmcleece","owner":"sz3","description":"Command line tool for Classic McEliece cryptography","archived":false,"fork":false,"pushed_at":"2023-02-07T06:42:16.000Z","size":461,"stargazers_count":5,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-03T11:38:27.000Z","etag":null,"topics":["cpp17","mceliece","post-quantum-cryptography"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sz3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-02T11:56:57.000Z","updated_at":"2023-04-23T12:47:08.000Z","dependencies_parsed_at":"2023-02-08T04:31:07.320Z","dependency_job_id":null,"html_url":"https://github.com/sz3/libmcleece","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sz3%2Flibmcleece","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sz3%2Flibmcleece/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sz3%2Flibmcleece/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sz3%2Flibmcleece/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sz3","download_url":"https://codeload.github.com/sz3/libmcleece/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254377401,"owners_count":22061132,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpp17","mceliece","post-quantum-cryptography"],"created_at":"2024-11-19T13:44:55.646Z","updated_at":"2025-05-15T16:33:08.387Z","avatar_url":"https://github.com/sz3.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"## libmcleece\n\nA command line tool and C interface to encrypt/decrypt files using the Classic McEliece \"post-quantum\", code-based asymmetric key exchange scheme.\n\nlibmcleece's default behavior is to use hybrid key exchange -- using the Classic McEliece KEM, and libsodium's `crypto_box_seal` (`x25519`) -- to generate a secret key for a libsodium `crypto_box` (`xsalsa20poly1305`).\n\nThe [actual McEliece implementation](./src/third_party_lib/mceliece6960119f) is from the Classic McEliece NIST submission, Round-4:\nhttps://classic.mceliece.org/nist.html\n\nThe submission is not a standard yet!\n\n## Build\n\n* Dependencies:\n\t* libssl-dev\n\t* libsodium-dev\n\n```\ncmake .\nmake -j4 install\n```\n\nBy default, build products (the library, the headers, and the cli) are installed into the project's `dist/` subdirectory. To install to a different directory, e.g. `/usr`, modify the cmake step:\n```\ncmake . -DCMAKE_INSTALL_PREFIX=/usr\n```\n\n## Basic usage\n\n#### 1. generate a public/private key pair.\n\n* with the cli:\n```\nmcleececli keypair --key-path=/tmp/key\n```\n   * this will generate `/tmp/key.sk` and `/tmp/key.pk`. The secret key will be password protected (there will be a prompt) -- keep it secret! Keep it safe!\n\n* with the C api:\n```\nmcleece_keypair_to_file(\n    \"/tmp/key\", 8, // length of \"/tmp/key\"\n    \"password\", 8,  // length of \"password\" -- I recommend a stronger password than \"password\"\n    mcleece_MODE_CRYPTO_BOX\n)\n```\n\n#### 2. encrypt a message for a specific public key (only the corresponding secret key will be able to decrypt it):\n\n* with the cli:\n```\nmcleececli encrypt /path/to/srcfile --key-path=/tmp/key \u003e encoded.bin\n```\n   * encryption will need `/tmp/key.pk` to exist in the above example.\n\n* with the C api:\n```\nmcleece_encrypt_file(\n    \"/tmp/key\", 8,\n    \"/path/to/srcfile\", 16,\n    \"encoded.bin\", 11,\n    mcleece_MODE_CRYPTO_BOX\n)\n```\n\n#### 3. decrypt a message\n\n* with the cli:\n```\nmcleececli decrypt encoded.bin --key-path=/tmp/key \u003e decoded_file_path\n```\n   * decryption will expect both `/tmp/key.sk` and `/tmp/key.pk` to exist in the above example -- and will also prompt for the password for /tmp/key.sk.\n\n* with the C api:\n```\nmcleece_decrypt_file(\n    \"/tmp/key\", 8,\n    \"password\", 8,\n    \"encoded.bin\", 11,\n    \"decoded_file_path\", 17,\n    mcleece_MODE_CRYPTO_BOX\n)\n```\n\n## Advanced usage\n\nIn addition to the file-level APIs described above, there are also APIs to match the libsodium `crypto_box_seal` API:\n```\nint mcleece_crypto_box_keypair(unsigned char* pubk, unsigned char* secret);\nint mcleece_crypto_box_seal(unsigned char* ciphertext_out, const unsigned char* msg, unsigned msg_length, unsigned char* recipient_pubk);\nint mcleece_crypto_box_seal_open(unsigned char* decrypted_out, const unsigned char* ciphertext, unsigned ciphertext_length, unsigned char* recipient_pubk, unsigned char* recipient_secret);\n\nint mcleece_simple_keypair(unsigned char* pubk, unsigned char* secret);\nint mcleece_simple_encrypt(unsigned char* ciphertext_out, const unsigned char* msg, unsigned msg_length, unsigned char* recipient_pubk);\nint mcleece_simple_decrypt(unsigned char* decrypted_out, const unsigned char* ciphertext, unsigned ciphertext_length, unsigned char* recipient_secret);\n```\n\nEach set of APIs is meant to be used independently. That is, a keypair from `mcleece_crypto_box_keypair` will not work with `mcleece_simple` calls, and vice versa.\n\nExplanation:\n* `mcleece_crypto_box` functions are modified libsodium `crypto_box_seal` operations. This means that even if something is awry with libmcleece's PQC, theoretically the encrypted payload will still be as secure as `crypto_box_seal` is. (that is: pretty good, unless your adversary has a powerful quantum computer)\n   * `mcleece_crypto_box` is the default behavior for the cli.\n* `mcleece_crypto_box` keypairs are larger, since they contain two keypairs. Specifically, the x25519 (public/private) key bytes are prepended in front of the Classic McEliece key bytes.\n* `mcleece_simple` functions do not use x25519 -- the random secret is only protected by Classic McEliece.\n\n\n## C++ API\nIt is not (yet?) collected in a single-header, but the core of libmcleece are a handful of header-only C++ libraries. These can also be used, though I'm not sure how stable the API is ... \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsz3%2Flibmcleece","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsz3%2Flibmcleece","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsz3%2Flibmcleece/lists"}