https://github.com/exaexa/codecrypt

Post-quantum cryptography tool (THIS REPOSITORY IS ONLY A MIRROR OF THE MAIN ONE, PLEASE DO NOT FILE BUGS HERE)
https://github.com/exaexa/codecrypt

Last synced: 4 days ago
JSON representation

Post-quantum cryptography tool (THIS REPOSITORY IS ONLY A MIRROR OF THE MAIN ONE, PLEASE DO NOT FILE BUGS HERE)

• Host: GitHub
• URL: https://github.com/exaexa/codecrypt
• Owner: exaexa
• License: lgpl-3.0
• Created: 2012-11-05T22:09:23.000Z (about 12 years ago)
• Default Branch: master
• Last Pushed: 2022-09-25T10:26:39.000Z (about 2 years ago)
• Last Synced: 2024-07-31T22:45:07.490Z (3 months ago)
• Language: C++
• Homepage: https://gitea.blesmrt.net/exa/codecrypt
• Size: 19.3 MB
• Stars: 306
• Watchers: 26
• Forks: 41
• Open Issues: 0
• Metadata Files:
  • Readme: README
  • Changelog: ChangeLog
  • Contributing: CONTRIBUTING.md
  • License: COPYING

Awesome Lists containing this project

README

        

# Codecrypt

The post-quantum cryptography tool.

Codecrypt is currently unmaintained, although I still successfully use it. If

you are interested in developing/maintaining it, ping me.

#### About

This is a GnuPG-like unix program for encryption and signing that uses only

quantum-computer-resistant algorithms:

 - McEliece cryptosystem (compact QC-MDPC variant) for encryption

 - Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures

Codecrypt is free software. The code is licensed under terms of LGPL3 in a good

hope that it will make combinations with other tools easier.

#### Why this?

Go read http://pqcrypto.org/

#### Links

 - infopage: http://e-x-a.org/codecrypt/

 - *package downloads*: http://e-x-a.org/codecrypt/files/

#### Distro packages

 - Gentoo packages: https://packages.gentoo.org/packages/app-crypt/codecrypt

   with current ebuild usually available at http://e-x-a.org/codecrypt/files

 - Debian packages: `apt-get install codecrypt`

 - Arch linux: see https://aur.archlinux.org/packages/codecrypt/

 - *Windows port* is maintained separately here: https://github.com/mike805/codecrypt-win32

Language wrappers:

 - Python bindings: https://github.com/mike805/codecrypt-python/

#### Documentation

There is a complete, UNIXy manual page supplied with the package. You can view

it online here: http://e-x-a.org/codecrypt/ccr.1.html

##### Used cryptography overview

To achieve the stated goal, codecrypt uses a lot of (traditional, but

"quantum-secure") cryptographic primitives. Choices of primitives were based on

easy auditability of design, simplicity and provided security.

The git repo of codecrypt contains `doc/papers` with an unsorted heap of

academic papers and slides about relevant topics.

Stream ciphers used:

- ChaCha20, the recommended choice from djb

- XSynd stream cipher as an interesting and nontraditional candidate also based

  on assumptions from coding theory; used NUMS (it requires lot of NUMS) are

  explained in `doc/nums` directory in the repo.

- Arcfour for initial simplicity of implementation. After recent statistical

  attacks I cannot recommend using any RC4 variant anymore, but provided

  padding and the "offline-only" usage of codecrypt keeps the usage mostly

  secure.

CRHFs used:

- Cubehash variants were selected for implementation ease, really clean design,

  quite good speed and flexibility of parameter choices. This is also the only

  hash possibility when Crypto++ library is not linked to codecrypt.  KeyIDs

  are CUBE256 hashes of corresponding serialized public keys.

- ripemd128 for small hashes

- tiger192 is used as an alternative for Cubehash for 192bit hashes

- There's always a variant with SHA-256, SHA-384 or SHA-512.

Signature algorithms:

- FMTSeq with many possibilities and combinations of aforementioned CRHFs

- SPHINCS256 support is scheduled for next release

Encryption algorithms:

- MDPC McEliece on quasi-cyclic matrices. The implementation uses some tricks

  to speedup the (pretty slow) cyclic matrix multiplication (most notably

  libfftm3 in this version). For padding using the Fujisaki-Okamoto scheme, the

  cipher requires a stream cipher and a CRHF, used ciphers and CRHFs are

  specified in the algorithm name -- e.g. MCEQCMDPC128FO-CUBE256-CHACHA20 means

  that the parameters are tuned to provide 128bit security, uses CUBE256 hash,

  and ChaCha20 stream cipher.

- Quasi-dyadic McEliece was included in codecrypt as an original algorithm, but

  is now broken and prints a warning message on any usage.

Caveats:

Cryptography is **not intended for "online" use**, because some algorithms

(especially the MDPC decoding) are (slightly) vulnerable to timing attacks.

## Quick How-To

Everything is meant to work mostly like GnuPG, but with some good simplicity

margin. Let's play with random data!

	ccr -g help

	ccr -g sig --name "John Doe"    # your signature key

	ccr -g enc --name "John Doe"    # your encryption key

	ccr -K  #watch the generated keys

	ccr -k

	ccr -p -a -o my_pubkeys.asc -F Doe  # export your pubkeys for friends

	#(now you should exchange the pubkeys with friends)

	#see what people sent us, possibly check the fingerprints

	ccr -inaf < friends_pubkeys.asc

	#import Frank's key and rename it

	ccr -ia -R friends_pubkeys.asc --name "Friendly Frank"

	#send a nice message to Frank (you can also specify him by @12345 keyid)

	ccr -se -r Frank < Document.doc > Message_to_frank.ccr

	#receive a reply

	ccr -dv -o Decrypted_verified_reply.doc big_data.iso

	#password-protect all your private keys

	ccr -L

	#protect a symmetric key using another symmetric key

	ccr -L -S symkey1 -w symkey2

	#password-protect symkey2 with a custom cipher

	ccr -L -S symkey2 -w @xsynd,cube512

## Option reference

For completeness I add listing of all options here (also available from

`ccr --help`)

	Usage: ./ccr [options]

	Common options:

	 -h, --help     display this help

	 -V, --version  display version information

	 -T, --test     perform (probably nonexistent) testing/debugging stuff

	Global options:

	 -R, --in      set input file, default is stdin

	 -o, --out     set output file, default is stdout

	 -E, --err     the same for stderr

	 -a, --armor   use ascii-armored I/O

	 -y, --yes     assume that answer is `yes' everytime

	Actions:

	 -s, --sign     sign a message

	 -v, --verify   verify a signed message

	 -e, --encrypt  encrypt a message

	 -d, --decrypt  decrypt an encrypted message

	Action options:

	 -r, --recipient    encrypt for given user

	 -u, --user         use specified secret key

	 -C, --clearsign    work with cleartext signatures

	 -b, --detach-sign  specify file with detached signature

	 -S, --symmetric    enable symmetric mode of operation where encryption

			    is done using symmetric cipher and signatures are

			    hashes, and specify a filename of symmetric key or hashes

	Key management:

	 -g, --gen-key        generate keys for specified algorithm

	 -g help              list available cryptographic algorithms

	 -k, --list           list the contents of keyring

	 -K, --list-secret

	 -i, --import         import keys

	 -I, --import-secret

	 -p, --export         export keys

	 -P, --export-secret

	 -x, --delete         delete matching keys

	 -X, --delete-secret

	 -m, --rename         rename matching keys

	 -M, --rename-secret

	 -L, --lock           lock secrets

	 -U, --unlock         unlock secrets

	Key management options:

	 -F, --filter       only work with keys with matching names

	 -f, --fingerprint  format full key IDs nicely for human eyes

	 -N, --name         specify a new name for renaming or importing

	 -n, --no-action    on import, only show what would be imported

	 -w, --with-lock    specify the symmetric key for (un)locking the secrets

	 -w @SPEC           ask for password and expand it to a symmetric key

	                    of type SPEC for (un)locking the secret

## Disclaimer

Codecrypt eats data. Use it with caution. Read the F manual.

Author is a self-taught cryptographer.