Man Linux: Main Page and Category List

NAME

       seccure - SECCURE Elliptic Curve Crypto Utility for Reliable Encryption

SYNOPSIS

       seccure-key [-c curve] [-F pwfile] [-d] [-v] [-q]

       seccure-encrypt [-m maclen] [-c curve] [-i infile]  [-o  outfile]  [-v]
       [-q] key

       seccure-decrypt  [-m  maclen]  [-c  curve] [-i infile] [-o outfile] [-F
       pwfile] [-d] [-v] [-q]

       seccure-sign [-f] [-b] [-a] [-c curve] [-s  sigfile]  [-i  infile]  [-o
       outfile] [-F pwfile] [-d] [-v] [-q]

       seccure-verify  [-f]  [-b] [-a] [-c curve] [-s sigfile] [-i infile] [-o
       outfile] [-v] [-q] key [sig]

       seccure-signcrypt  [-c  sig_curve  [-c  enc_curve]]  [-i  infile]   [-o
       outfile] [-F pwfile] [-d] [-v] [-q] key

       seccure-veridec  [-c enc_curve [-c sig_curve]] [-i infile] [-o outfile]
       [-F pwfile] [-d] [-v] [-q] key

       seccure-dh [-c curve] [-v] [-q]

DESCRIPTION

       The seccure toolset implements a  selection  of  asymmetric  algorithms
       based  on  elliptic  curve  cryptography (ECC). In particular it offers
       public key encryption / decryption, signature generation / verification
       and key establishment.

       ECC  schemes  offer  a  much  better  key  size  to security ratio than
       classical systems (RSA, DSA). Keys are  short  enough  to  make  direct
       specification  of  keys on the command line possible (sometimes this is
       more convenient than the management of  PGP-like  key  rings).  seccure
       builds  on  this  feature  and therefore is the tool of choice whenever
       lightweight asymmetric cryptography  --  independent  of  key  servers,
       revocation  certificates,  the Web of Trust or even configuration files
       -- is required.

COMMANDS

       seccure-key: Prompt for a passphrase and  calculate  the  corresponding
       public key.

       seccure-encrypt: Encrypt a message with public key key.

       seccure-decrypt:  Prompt  for  a  passphrase  and  decrypt  a  seccure-
       encrypted message.

       seccure-sign: Prompt for a passphrase and digitally sign a message.

       seccure-verify: Verify signature sig with public key key.

       seccure-signcrypt: Sign a message first, encrypt it subsequently (in -b
       -a  and  -m 0 mode, respectively). This is basically a shortcut for two
       separate seccure invocations.

       seccure-veridec: Counterpart to signcryption.

       seccure-dh: Perform a Diffie-Hellman key exchange.

OPTIONS

       -c curve
              Use elliptic curve curve. Available are:  secp112r1,  secp128r1,
              secp160r1,        secp192r1/nistp192,        secp224r1/nistp224,
              secp256r1/nistp256, secp384r1/nistp384  and  secp521r1/nistp521.
              The curve name may be abbreviated by any non-ambiguous substring
              (for  instance  it  is  suggested  to  specify  p224   for   the
              secp224r1/nistp224  curve).  The  default  curve  is p160, which
              provides reasonable security for everyday use. (See also HOW  TO
              CHOOSE THE CURVE.)

              Note:  If  a public key is given on the command line seccure can
              determine  the  corresponding  curve  on  its  own.  It’s   then
              unnecessary to specify the curve explicitly.

       -F pwfile
              Don’t prompt for a passphrase; instead, take the first text line
              of pwfile.

       -m maclen
              Set the MAC length to maclen bits. Only multiples of  8  in  the
              range  from  0  to 256 are allowed. The default MAC length is 80
              bits, which provides a reasonable level of integrity  protection
              for everyday use.

       -i infile
              Read from infile instead of STDIN.

       -o outfile
              Write to outfile instead of STDOUT.

       -s sigfile
              For  seccure-sign: Write signature to sigfile instead of STDERR.

              For seccure-verify: Read signature from sigfile instead of using
              sig.

       -f     Filter  mode:  Copy  all data read from STDIN verbatim to STDOUT
              (eventually attaching or detaching a signature in -a mode).

       -b     Binary mode: Read/write signatures as binary strings. This leads
              to very compact signatures.

       -a     Append mode:

              For  seccure-sign:  Append signature to the end of the document.
              Enforces -f mode.

              For  seccure-verify:  Detach  signature  from  the  end  of  the
              document.

       -d     Double  prompt mode: When reading a passphrase from the console:
              prompt twice and assure the phrases are the same.

       -v     Verbose mode: Print some extra information.

       -q     Quiet mode: Disable all unnecessary output.

EXAMPLE

       Given the passphrase ’seccure is secure’, run

       seccure-key

       to determine the corresponding public key  (which  is  ’2@DupCaCKykHBe-
       QHpAP%d%B[’ on curve p160).

       To encrypt the file ’document.msg’ with that key run

       seccure-encrypt   -i   document.msg  -o  document.enc2@DupCaCKykHBe-
       QHpAP%d%B[’

       The message can be recovered with

       seccure-decrypt -i document.enc

       To sign the file run

       seccure-sign -i document.msg -s document.sig

       and enter the passphrase. The signature is stored in ’document.sig’ and
       can be verified with

       seccure-verify   -i   document.msg   -s  document.sig2@DupCaCKykHBe-
       QHpAP%d%B[

KEY ESTABLISHMENT

       seccure-dh performs an interactive  Diffie-Hellman  key  exchange.  Two
       instances  have to be run in parallel; the token generated by the first
       one is the input for the second one and vice versa. The output consists
       of two shared keys: it is guaranteed that no attacker can ever find out
       the established key as soon as the two parties can  confirm  that  both
       have  the  same  verification  key.  The  authentic  comparision of the
       verification keys can, for example, be realized via signed messages  or
       via telephone (using ’voice authentication’).

HOW TO CHOOSE THE CURVE

       The  number  in  the names of the curves measures their security level.
       Rule of thumb: the  workload  to  ’break’  a  k-bit  curve  is  2^(k/2)
       approximately (example: it takes about 2^112 steps to break secp224r1).
       If the 80 bit security of the default curve  doesn’t  seem  sufficient,
       choosing  a  stronger  curve  (p192  and  upwards)  may,  of course, be
       considered. But the suggestion remains: p160 offers reasonable security
       for  everyday  use.  Warning:  the  curves p112 and p128 do not satisfy
       demands for long-time security.

ALGORITHMS

       seccure uses derivated versions of  ECIES  (Elliptic  Curve  Integrated
       Encryption  Scheme), ECDSA (Elliptic Curve Digital Signature Algorithm)
       and ECDH (Elliptic Curve Diffie-Hellman) as encryption,  signature  and
       key  establishment  scheme, respectively. For the symmetric parts (bulk
       encryption, hashing, key derivation, HMAC calculation)  seccure  builds
       on  AES256  (in  CTR  mode), SHA256 and SHA512. To my best knowledge no
       part of seccure is covered by patents. See  the  file  PATENTS  for  an
       explicit patent statement.

AUTHOR

       This software (v0.3) was written by B. Poettering (seccure AT point-at-
       infinity.org) in 2006. It is  released  under  the  terms  of  the  GNU
       General Public License (GPL). Find the latest version of seccure on the
       project’s homepage: http://point-at-infinity.org/seccure/.