Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stef/pbp
salty privacy
https://github.com/stef/pbp
Last synced: about 2 months ago
JSON representation
salty privacy
- Host: GitHub
- URL: https://github.com/stef/pbp
- Owner: stef
- License: other
- Created: 2013-08-18T15:53:27.000Z (about 11 years ago)
- Default Branch: master
- Last Pushed: 2020-08-24T17:03:02.000Z (about 4 years ago)
- Last Synced: 2024-07-06T10:22:48.878Z (3 months ago)
- Language: Python
- Size: 229 KB
- Stars: 53
- Watchers: 10
- Forks: 5
- Open Issues: 2
-
Metadata Files:
- Readme: readme.md
- License: COPYING
Awesome Lists containing this project
README
# pbp
v0.3.2 - experimental
PBP[0] is a simple python wrapper and a command line interface around
libsodium, to provide basic functionality resembling PGP. It uses
scrypt for a KDF and a much simpler packet format, which should be
much harder to fingerprint, pbp also provides an experimental forward
secrecy mode and a multi-party DH mode.## Installation
You possibly need to run (or an equivalent command) `sudo apt-get install git
python-virtualenv gcc python-dev libffi-dev scrypt` to satisfy all basic dependencies.
And install libsodium (http://doc.libsodium.org/installation/README.html).pip install pbp
optionally for PITCHFORK support also
pip install pyusb==1.0.0b1
Design goals:
1. use modern crypto
2. provide similar functionality to PGP
3. be extensible
4. difficult to identify based on fingerprinting
5. provide extensive testing
6. strive for security## Crypto
Cryptographic primitives are based on the NaCl library from
http://nacl.cr.yp.to. The KDF used is scrypt.## PGP-like
Provides basic public key encrypt/decrypt, sign/verify and secret key
encrypt/decrypt modes, as well as the ability to sign, verify, list,
generate, export and import keys.## Extensibility
using pbp and the underlying pysodium[1] library it's easy to extend
pbp. Some examples are the experimental forward secrecy mode (see
description in doc/chaining-dh.txt), the support for ECDH key
exchanges from the command-line and generation of arbitrarily large
random byte streams.[1] https://github.com/stef/pysodium also available on
https://pypi.python.org/pypi/pysodium## Fingerprinting
pbp tries to avoid to store any sensitive plaintext info, the
encrypted files all should look like random noise. for a description
of the packet formats see doc/fileformats.txt.## Testing
All py files come with their internal tests, unit tests are in
tests.py, and commandline functionality is tested in test.sh.## Security
pbp locks the process memory, so it cannot be swapped to disk. Also
pbp uses SecureString[2] to overwrite sensitive key material after
usage in memory, so keys have a short window of opportunity to leak.[2] https://github.com/dnet/pysecstr
## Usage
Generate a key
pbp -g -n alice
sending howdy.txt using public key encryption from alice to bob
pbp -c -S alice -r bob -i howdy.txt
decrypt an encrypted file using public key crypto
pbp -d -S bob -i howdy.txt.pbp
sending howdy.txt using secret key encryption
pbp -c -i howdy.txt
decrypt an encrypted file using secret key crypto
pbp -d -i howdy.txt.pbp
sign howdy.txt
pbp -s -S alice -i /howdy.txt
verify howdy.txt
pbp -v -i howdy.txt.sig
sign bobs key
pbp -m -S alice -n bob
check sigs on carols key
pbp -C -n carol
alice encrypts howdy.txt to bob using experimental forward secret mode
pbp -e -S alice -r bob -i howdy.txt -o ./secret-message
bob decrypts howdy.txt from alice using experimental forward secret mode
pbp -E -S bob -r alice -i ./secret-message
initiate ECDH key exchange
pbp -D1
respond to ECDH key exchange
pbp -D2 -Dp 'public component from D1'
finish ECDH key exchange
pbp -D3 -Dp 'public component from D2' -De 'secret exponent from D1'
random streaming 23GByte of cryptographic randomness
pbp -R -Rs 23G -o /mnt/huge_fs/random_data
participate in a 4-way DH exchange, 1st message
pbp -Ds -Dp 4 -S alice -n 'friends001' -i oldkeychain -o newkeychain
participate in a 4-way DH exchange, 2nd message
pbp -De -S alice -n 'friends001' -i oldkeychain -o newkeychain
this is one big pipe that creates a 3-way ECDH secret between alice, bob and carol:
pbp -Ds -S alice -Dp 3 -n 'test-dh' -i /dev/null |
pbp -Ds -S bob -Dp 3 -n 'test-dh' |
pbp -Ds -S carol -Dp 3 -n 'test-dh' |
pbp -De -S alice -Dp 3 -n 'test-dh' |
pbp -De -S bob -Dp 3 -n 'test-dh'of course instead of a pipe you could use any kind of transport mechanism
## Integration
you can add the following to your .vimrc
map ;e :%!/bin/sh -c 'pbp -c 2>/dev/tty \| base64'
map ;d :%!/bin/sh -c 'base64 -d \| pbp -d 2>/dev/tty'
map ;s :,$! /bin/sh -c 'pbp -s -a -S stf 2>/dev/tty'
map ;v :,$! /bin/sh -c 'pbp -v -a 2>/dev/tty'(c) 2013, stf , dnet [email protected], AGPLv3.0+
[0] also it's very funny to say pbp with a mouth full of dry cookies.
don't try this in company![![Build Status](https://travis-ci.org/stef/pbp.svg?branch=master)](https://travis-ci.org/stef/pbp)