aboutsummaryrefslogtreecommitdiffstats

INadvisable EXperimental Asymmetric Crypto Tool

Inexact is an experimental cryptographic tool, multi-platform, scriptable complying with the KISS principle (Keep It Simple and Stupid).

The main features are as follows:

  • Asymmetric encryption.
  • Symmetric encryption.
  • Variable length of encrypted messages for the same input message.
  • Authenticated encrypted messages.
  • Shell redirection compliant (using pipe).
  • Base64 or modified base64 encoding output compatible with a URL path, DNS entry, or file name.

** WARNING : Inexact uses recent algorithms that are not approved by NIST or NSA ! **

** Don't use it for anything else than experiments. **

Encryption principles

Inexact implements the following algorithms:

  • Norx 256bits
  • Diffie-Hellman X25219
  • SHA3-256
  • DRNG chacha20
  • Argon2

An encrypted message is split into two parts:

  • The first one containing the parameters of the second part.
  • The encrypted message.

Rest of protocol:

  • The asymmetric encryption is achieved by using Diffie-Hellman with a 25519 elliptical curve shared secret.
  • A random buffer (rand1) with random size is generated from the chacha20 algorithm.
  • The shared secret from the Diffie-Hellman is hashed with rand1 buffer using SHA3-256 and then used as a key for the Norx algorithm.
  • The nonce for the Norx function of the second part is a SHA3-256 hash of parameters of the first part and rand1 buffer.
  • Argon2 is used as a challenge for the password of the private key.
  • The symmetric encryption is based on the asymmetric encryption by adding argon2 challenge nonce and public key in the encrypted message.

Schematic:

|----------------------------------------------------------------------------------------------------------------------------------
|       <encrypted 0 with len(tag) = 4>        |  tag0[4]  |    <rand>     |      <encrypted 1 with len(tag) = Y>    |   tag1[Y]   |
|       header[8]: len(part 0 + part 1)        |           | len(rand) = X |            header: params               |             |
|     key: sha3-256(nonce0+shared_secret)      |           |    X >= 8     |   key1: sha3-256(nonce1+shared_secret)  |             |
|     nonce0: sha3-256 (rand+encrypted1)       |           |               |    nonce1: sha3-256(params+rand)        |             |
| message[5]=params:len(nonce1)=X len(tag1)=Y  |           |               |          message: data                  |             |
|------------------ part 0 [9] --------------------------- |------------------------ part 1 -------------------------------------- |

How to build

For GNU/Linux and Mac OS X:

  cd inexact
  make

For Microsoft Windows using cross compilation on GNU/Linux:

  cd inexact
  make windows

Usage

Asymmetric encryption:

  ./inexact --no-password -g -k alices.key -p alicep.key
  ./inexact --no-password -g -k bobs.key -p bobp.key
  echo "coucou alice" | ./inexact -e -k bobs.key -p alicep.key
  rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg
  echo "rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg" | ./inexact -d -k alices.key -p
bobp.key
  coucou alice

Symmetric encryption:

  echo "my secret" | ./inexact -e -s
  Password :
  Verifying, please re-enter :
  C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44
fZ53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ
  echo
"C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44f
Z53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ" | ./inexact -d -s
  Password :
  my secret

Base64 output:

  cat Makefile | ./inexact -e -k bobs.key -p alicep.key --base64 | base64 -d | xz -z > crypted_compressed
  cat crypted_compressed | xz -d | base64 |  ./inexact -d -k alices.key -p bobp.key

Variable encrypted message size (smallest):

  echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -w

Variable encrypted message size (400 chars):

  echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -c 400

Credits

Copyright © 2019-2022 ben@hackade.org

Inexact is released under CC0 licence, except for this externals libraries:

  • https://github.com/smuellerDD/chacha20_drng
  • https://github.com/floodyberry/curve25519-donna
  • http://web.mit.edu/freebsd/head/contrib/wpa/src/utils/base64.c
  • https://github.com/brainhub/SHA3IUF
  • https://github.com/norx
  • https://github.com/WOnder93/argon2
  • https://nachtimwald.com/2017/09/24/hex-encode-and-decode-in-c/
  • https://github.com/argtable/argtable3
  • https://github.com/dsprenkels/randombytes