1 files changed, 138 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..74ca362
--- /dev/null
+++ b/README.md
@@ -0,0 +1,138 @@
+# INadvisable EXperimental Asymmetric Crypto Tool #
+
+Inexact is an experimental cryptographic tools, multi-platform, scriptable
+complying with the KISS principle (Keep it simple and stupid).
+
+The main features are as follow:
+
+- Asymmetric encryption.
+- Symmetric encryption.
+- Variable length of encrypted messages for the same input message.
+- Authenticated encrypted messages.
+- Shell redirection compliant (using pipe).
+- Base64 or modified base64 encoding output compatible with a URL path, DNS entry, or file name.
+
+
+** WARNING : Inexact uses recent algorithms not approved nor by NIST or NSA ! **
+
+## Encryption principles
+
+Inexact implements the following algorithms:
+
+- Norx 256bits
+- Diffie-Hellman X25219
+- SHA3-256
+- DRNG chacha20
+- Argon2
+
+An encrypted message is split into two parts:
+
+- The first one containing the parameters of the second part.
+- The encrypted message.
+
+Rest of protocol:
+
+- The asymmetric encryption is achieved by using Diffie-Hellman with a 25519
+  elliptical curve shared secret.
+- A random buffer (rand1) with random size is generated from the chacha20
+  algorithm.
+- The shared secret from the Diffie-Hellman is hashed with rand1 buffer using
+  SHA3-256 and then used as a key for the Norx algorithm.
+- The nonce for the Norx function of the second part is a SHA3-256 hash of
+  parameters of the first part and rand1 buffer.
+- Argon2 is used as a challenge for the password of the private key.
+- The symmetric encryption is based on ian asymmetric encryption by adding argon2
+  challenge nonce and public key in the encrypted message.
+
+Schematic:
+
+```
+|----------------------------------------------------------------------------------------------------------------------------------
+|       <encrypted 0 with len(tag) = 4>        |  tag0[4]  |    <rand>     |      <encrypted 1 with len(tag) = Y>    |   tag1[Y]   |
+|       header[8]: len(part 0 + part 1)        |           | len(rand) = X |            header: params               |             |
+|     key: sha3-256(nonce0+shared_secret)      |           |    X >= 8     |   key1: sha3-256(nonce1+shared_secret)  |             |
+|     nonce0: sha3-256 (rand+encrypted1)       |           |               |    nonce1: sha3-256(params+rand)        |             |
+| message[5]=params:len(nonce1)=X len(tag1)=Y  |           |               |          message: data                  |             |
+|------------------ part 0 [9] --------------------------- |------------------------ part 1 -------------------------------------- |
+
+```
+
+
+## How to build
+
+For GNU/Linux and Mac OS X:
+
+```
+  cd inexact
+  make
+```
+
+For Microsoft Windows using cross compilation on GNU/Linux:
+
+```
+  cd inexact
+  make windows
+```
+
+## Usage
+
+Asymmetric encryption:
+
+```
+  ./inexact --no-password -g -k alices.key -p alicep.key
+  ./inexact --no-password -g -k bobs.key -p bobp.key
+  echo "coucou alice" | ./inexact -e -k bobs.key -p alicep.key
+  rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg
+  echo "rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg" | ./inexact -d -k alices.key -p
+bobp.key
+  coucou alice
+```
+
+Symmetric encryption:
+
+```
+  echo "my secret" | ./inexact -e -s
+  Password :
+  Verifying, please re-enter :
+  C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44
+fZ53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ
+  echo
+"C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44f
+Z53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ" | ./inexact -d -s
+  Password :
+  my secret
+```
+
+Base64 output:
+
+```
+  cat Makefile | ./inexact -e -k bobs.key -p alicep.key --base64 | base64 -d | xz -z > crypted_compressed
+  cat crypted_compressed | xz -d | base64 |  ./inexact -d -k alices.key -p bobp.key
+```
+
+Variable encrypted message size (smallest):
+
+```
+  echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -w
+```
+
+Variable encrypted message size (400 chars):
+
+```
+  echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -c 400
+```
+
+## Credits
+
+Inexact uses this libraries:
+
+- https://github.com/smuellerDD/chacha20_drng
+- https://github.com/floodyberry/curve25519-donna
+- http://web.mit.edu/freebsd/head/contrib/wpa/src/utils/base64.c
+- https://github.com/brainhub/SHA3IUF
+- https://github.com/norx
+- https://github.com/WOnder93/argon2
+- https://nachtimwald.com/2017/09/24/hex-encode-and-decode-in-c/
+- https://github.com/argtable/argtable3
+- https://github.com/dsprenkels/randombytes
+