blob: 02c13c8eeea3e87aeadbd12b058bb31ab8eba9bc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
# INadvisable EXperimental Asymmetric Crypto Tool #
Inexact is an experimental cryptographic tool, multi-platform, scriptable
complying with the KISS principle (Keep It Simple and Stupid).
The main features are as follows:
- Asymmetric encryption.
- Symmetric encryption.
- Variable length of encrypted messages for the same input message.
- Authenticated encrypted messages.
- Shell redirection compliant (using pipe).
- Base64 or modified base64 encoding output compatible with a URL path, DNS entry, or file name.
** WARNING : Inexact uses recent algorithms that are not approved by NIST or NSA ! **
** Don't use it for anything else than experiments. **
## Encryption principles
Inexact implements the following algorithms:
- Norx 256bits
- Diffie-Hellman X25219
- SHA3-256
- DRNG chacha20
- Argon2
An encrypted message is split into two parts:
- The first one containing the parameters of the second part.
- The encrypted message.
Rest of protocol:
- The asymmetric encryption is achieved by using Diffie-Hellman with a 25519
elliptical curve shared secret.
- A random buffer (rand1) with random size is generated from the chacha20
algorithm.
- The shared secret from the Diffie-Hellman is hashed with rand1 buffer using
SHA3-256 and then used as a key for the Norx algorithm.
- The nonce for the Norx function of the second part is a SHA3-256 hash of
parameters of the first part and rand1 buffer.
- Argon2 is used as a challenge for the password of the private key.
- The symmetric encryption is based on the asymmetric encryption by adding argon2
challenge nonce and public key in the encrypted message.
Schematic:
```
|----------------------------------------------------------------------------------------------------------------------------------
| <encrypted 0 with len(tag) = 4> | tag0[4] | <rand> | <encrypted 1 with len(tag) = Y> | tag1[Y] |
| header[8]: len(part 0 + part 1) | | len(rand) = X | header: params | |
| key: sha3-256(nonce0+shared_secret) | | X >= 8 | key1: sha3-256(nonce1+shared_secret) | |
| nonce0: sha3-256 (rand+encrypted1) | | | nonce1: sha3-256(params+rand) | |
| message[5]=params:len(nonce1)=X len(tag1)=Y | | | message: data | |
|------------------ part 0 [9] --------------------------- |------------------------ part 1 -------------------------------------- |
```
## How to build
For GNU/Linux and Mac OS X:
```
cd inexact
make
```
For Microsoft Windows using cross compilation on GNU/Linux:
```
cd inexact
make windows
```
## Usage
Asymmetric encryption:
```
./inexact --no-password -g -k alices.key -p alicep.key
./inexact --no-password -g -k bobs.key -p bobp.key
echo "coucou alice" | ./inexact -e -k bobs.key -p alicep.key
rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg
echo "rl9adQvAj20I3TIVDJrT3iSSrauqXKlF13nW91QfV80MopMNTCFLURfBHyLPurFnoFByRxv7kUvMkswzn8FoN4ibAkFizkmcpiMMnxWUQpIB3EhFsAg" | ./inexact -d -k alices.key -p
bobp.key
coucou alice
```
Symmetric encryption:
```
echo "my secret" | ./inexact -e -s
Password :
Verifying, please re-enter :
C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44
fZ53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ
echo
"C3B6_AMg7qPbYHDFE35hJzDFYIK40k48FiqCu1gQqSsNsU_7j8qZhh9vlzKvm_507fns1bih1tLZesKQfjLXFiauyskNBT6SmJazunQiesadWnoi1v2kye68lgfc96dOjk7F6pc2okGnNzzpv0SnRPNSGEq44f
Z53IS6AIT89pmVAj631vBr95S2mQ7_Rj_99CaQ" | ./inexact -d -s
Password :
my secret
```
Base64 output:
```
cat Makefile | ./inexact -e -k bobs.key -p alicep.key --base64 | base64 -d | xz -z > crypted_compressed
cat crypted_compressed | xz -d | base64 | ./inexact -d -k alices.key -p bobp.key
```
Variable encrypted message size (smallest):
```
echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -w
```
Variable encrypted message size (400 chars):
```
echo "coucou Bob" | ./inexact -e -k alices.key -p bobp.key -c 400
```
## Credits
Copyright © 2019 <ben@hackade.org>
Inexact is released under CC0 licence, except for this externals libraries:
- https://github.com/smuellerDD/chacha20_drng
- https://github.com/floodyberry/curve25519-donna
- http://web.mit.edu/freebsd/head/contrib/wpa/src/utils/base64.c
- https://github.com/brainhub/SHA3IUF
- https://github.com/norx
- https://github.com/WOnder93/argon2
- https://nachtimwald.com/2017/09/24/hex-encode-and-decode-in-c/
- https://github.com/argtable/argtable3
- https://github.com/dsprenkels/randombytes
|
