Menu
▾
▴
Tree [a50714] master / History
stes
Read Me
$Id: README,v 1.16 2021/11/02 18:01:40 stes Exp $
ECC
===
ECC is a set of commands for Elliptic Curve Cryptography:
ec-keygen
---------
This command creates a private and public key.
The command:
ec-keygen -l
lists curves (nicknames). There are curves with coefficients in
* Z mod p (p = 2 or p prime > 2)
* F_{p^n}, finite fields with p = 2 or p prime > 2
The command:
ec-keygen -i secp160r1
prints some more info on that specific system.
To generate a pair of private and public key, use the command:
ec-keygen -o stes -e secp384r1
This creates a public and private key using the curve with nickname secp384r1.
The result (because of -o stes) is saved in the file 'stes.pub' and 'stes.prv'.
The permission on the .pub file is 644. The permissions on the .prv file are
600. The idea is that the 'private' (prv) file is kept secret. The .pub
file can be sent to other people.
ec-crypt
--------
This command encrypts a (possibly large) file using a "stream cipher",
i.e. using "symmetric encryption", such as DES, 3DES, RC4, RC5, AES etc.
The key for the symmetric encryption is read from /dev/urandom.
(an alternative source for random bytes may be specified with the -r option).
The random bytes are encrypted using a ECC public key, and this encrypted
key is written to the output file, followed then by the encoded contents
of the input file.
ec-crypt -v -c aes-128-cbc -k key.pub -f myfile -o myfile.ecc -s myfile.key
This creates two files : myfile.ecc and myfile.key
The idea is that only the owner of the corresponding ECC private key
can decode the encrypted random bytes (the AES key), and hence obtain the key,
to apply the "stream cipher" with the correct key to decode the encoded file.
ec-decrypt
----------
Decrypts an ECC encoded key, and uses that key to decrypt the file.
For example,
ec-decrypt -v -k key.prv -f myfile.ecc -s myfile.key -o myfile
ec-sign
-------
This command computes a digest (using MD2, MD5, SHA, SHA1 etc.)
and encrypts the digest with a ECC private key.
For example,
ec-sign -v -c sha1 -k key.prv -f myfile -s mydigest
or
ec-sign -vG -c md5 -k key.prv -f myfile -s mydigest
The -G option chooses an El Gamal signature instead of the default DSA.
ec-verify
---------
This command verifies the digest computed by "ec-sign", by decrypting the
digest with a ECC public key.
For example,
ec-verify -v -s mydigest -k key.pub -f myfile
INSTALLATION
============
You need OpenSSL for the symmetric encryption (stream ciphers).
ECC doesn't come with its own RC4, DES, 3DES, RC5, SHA etc.
It uses the OpenSSL versions of these stream ciphers.
Make sure you install OpenSSL 0.9.6 or higher.
To compile the ECC extensions, you need my Objective-C compiler. See,
http://objc.sourceforge.io
NOTE: you need version 3.2.5 or higher (see objc --version)
Finally, simply,
./configure --prefix=/usr/local --with-openssl=/usr/local
make
make install
To build the ec-* commands with ECC support.
--
David Stes,
Email: stes@pandora.be
