143 lines
4.7 KiB
Markdown
143 lines
4.7 KiB
Markdown
# INadvisable EXperimental Asymmetric Crypto Tool #
|
|
|
|
Inexact is an experimental cryptographic tools, multi-platform, scriptable
|
|
complying with the KISS principle (Keep it simple and stupid).
|
|
|
|
The main features are as follow:
|
|
|
|
- Asymmetric encryption.
|
|
- Symmetric encryption.
|
|
- Variable length of encrypted messages for the same input message.
|
|
- Authenticated encrypted messages.
|
|
- Shell redirection compliant (using pipe).
|
|
- Base64 or modified base64 encoding output compatible with a URL path, DNS entry, or file name.
|
|
|
|
|
|
** WARNING : Inexact uses recent algorithms not approved nor by NIST or NSA ! **
|
|
|
|
** Don't use for anything other than experiments. **
|
|
|
|
## Encryption principles
|
|
|
|
Inexact implements the following algorithms:
|
|
|
|
- Norx 256bits
|
|
- Diffie-Hellman X25219
|
|
- SHA3-256
|
|
- DRNG chacha20
|
|
- Argon2
|
|
|
|
An encrypted message is split into two parts:
|
|
|
|
- The first one containing the parameters of the second part.
|
|
- The encrypted message.
|
|
|
|
Rest of protocol:
|
|
|
|
- The asymmetric encryption is achieved by using Diffie-Hellman with a 25519
|
|
elliptical curve shared secret.
|
|
- A random buffer (rand1) with random size is generated from the chacha20
|
|
algorithm.
|
|
- The shared secret from the Diffie-Hellman is hashed with rand1 buffer using
|
|
SHA3-256 and then used as a key for the Norx algorithm.
|
|
- The nonce for the Norx function of the second part is a SHA3-256 hash of
|
|
parameters of the first part and rand1 buffer.
|
|
- Argon2 is used as a challenge for the password of the private key.
|
|
- The symmetric encryption is based on ian asymmetric encryption by adding argon2
|
|
challenge nonce and public key in the encrypted message.
|
|
|
|
Schematic:
|
|
|
|
```
|
|
|----------------------------------------------------------------------------------------------------------------------------------
|
|
| <encrypted 0 with len(tag) = 4> | tag0[4] | <rand> | <encrypted 1 with len(tag) = Y> | tag1[Y] |
|
|
| header[8]: len(part 0 + part 1) | | len(rand) = X | header: params | |
|
|
| key: sha3-256(nonce0+shared_secret) | | X >= 8 | key1: sha3-256(nonce1+shared_secret) | |
|
|
| nonce0: sha3-256 (rand+encrypted1) | | | nonce1: sha3-256(params+rand) | |
|
|
| message[5]=params:len(nonce1)=X len(tag1)=Y | | | message: data | |
|
|
|------------------ part 0 [9] --------------------------- |------------------------ part 1 -------------------------------------- |
|
|
|
|
```
|
|
|
|
|
|
## How to build
|
|
|
|
For GNU/Linux and Mac OS X:
|
|
|
|
```
|
|
cd inexact
|
|
make
|
|
```
|
|
|
|
For Microsoft Windows using cross compilation on GNU/Linux:
|
|
|
|
```
|
|
cd inexact
|
|
make windows
|
|
```
|
|
|
|
## Usage
|
|
|
|
Asymmetric encryption:
|
|
|
|
```
|
|
./inexact --no-password -g -k alices.key -p alicep.key
|
|
./inexact --no-password -g -k bobs.key -p bobp.key
|
|
echo "coucou alice" | ./inexact -e -k bobs.key -p alicep.key
|
|
rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg
|
|
echo "rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg" | ./inexact -d -k alices.key -p
|
|
bobp.key
|
|
coucou alice
|
|
```
|
|
|
|
Symmetric encryption:
|
|
|
|
```
|
|
echo "my secret" | ./inexact -e -s
|
|
Password :
|
|
Verifying, please re-enter :
|
|
C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44
|
|
fZ53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ
|
|
echo
|
|
"C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44f
|
|
Z53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ" | ./inexact -d -s
|
|
Password :
|
|
my secret
|
|
```
|
|
|
|
Base64 output:
|
|
|
|
```
|
|
cat Makefile | ./inexact -e -k bobs.key -p alicep.key --base64 | base64 -d | xz -z > crypted_compressed
|
|
cat crypted_compressed | xz -d | base64 | ./inexact -d -k alices.key -p bobp.key
|
|
```
|
|
|
|
Variable encrypted message size (smallest):
|
|
|
|
```
|
|
echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -w
|
|
```
|
|
|
|
Variable encrypted message size (400 chars):
|
|
|
|
```
|
|
echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -c 400
|
|
```
|
|
|
|
## Credits
|
|
|
|
Copyright © 2019 <ben@hackade.org>
|
|
|
|
Inexact is released under CC0 licence, except for this externals libraries:
|
|
|
|
- https://github.com/smuellerDD/chacha20_drng
|
|
- https://github.com/floodyberry/curve25519-donna
|
|
- http://web.mit.edu/freebsd/head/contrib/wpa/src/utils/base64.c
|
|
- https://github.com/brainhub/SHA3IUF
|
|
- https://github.com/norx
|
|
- https://github.com/WOnder93/argon2
|
|
- https://nachtimwald.com/2017/09/24/hex-encode-and-decode-in-c/
|
|
- https://github.com/argtable/argtable3
|
|
- https://github.com/dsprenkels/randombytes
|
|
|