The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
edgetk_win64.zip	2024-11-11	4.9 MB	5
edgetk_win32.zip	2024-11-11	4.8 MB	5
edgetk_openbsd-x86.zip	2024-11-11	4.6 MB	0
edgetk_openbsd-amd64.zip	2024-11-11	4.9 MB	0
edgetk_linux-x86.zip	2024-11-11	4.6 MB	0
edgetk_linux-armel.zip	2024-11-11	4.5 MB	0
edgetk_linux-amd64.zip	2024-11-11	4.9 MB	0
edgetk_freebsd-amd64.zip	2024-11-11	4.9 MB	0
edgetk_freebsd-x86.zip	2024-11-11	4.6 MB	0
edgetk_darwin-amd64.zip	2024-11-11	8.9 MB	0
edgetk_darwin-arm64.zip	2024-11-11	8.4 MB	0
README.md	2024-11-11	29.4 kB	0
Totals: 12 Items		59.8 MB	10

EDGE Toolkit

Multi-purpose cross-platform hybrid cryptography tool for symmetric and asymmetric encryption, cipher-based message authentication code (CMAC/PMAC/GMAC/VMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password-based key derivation function (PBKDF2/Argon2/Scrypt), password-hashing scheme (Bcrypt/Argon2/Makwa), shared key agreement (ECDH/VKO/X25519), digital signature (RSA/ECDSA/EdDSA/GOST/SPHINCS+), X.509 CSRs, CRLs and Certificates, and TCP instant server with TLS 1.3 and TLCP encryption layers for small or embedded systems.

Fully OpenSSL/LibreSSL/GmSSL/RHash/Mcrypt compliant

Implements

Anubis Involutional SPN 128-bit block cipher (Barreto, ESAT/COSIC)
BSI TR-03111 ECKA-EG (Elliptic Curve Key Agreement based on ElGamal)
CHASKEY Message Authentication Code (Nicky Mouha, ESAT/COSIC)
CubeHash and SipHash64/128 (Daniel J. Bernstein & JP Aumasson)
DSTU 7564:2014 A New Standard of Ukraine: The Kupyna Hash Function
DSTU 7624:2014 A Encryption Standard of Ukraine: Kalyna Block Cipher
GB/T 32907-2016 - SM4 128-bit Block Cipher
GB/T 32918.4-2016 SM2 Elliptic Curve Asymmetric Encryption
GB/T 38636-2020 - Transport Layer Cryptography Protocol (TLCP)
GM/T 0001-2012 ZUC Zu Chongzhi Stream cipher 128/256-bit key
GM/T 0002-2012 SM4 Block cipher with 128-bit key
GM/T 0003-2012 SM2 Public key algorithm 256-bit
GM/T 0004-2012 SM3 Message digest algorithm 256-bit hash value
GM/T 0044-2016 SM9 Public key algorithm 256-bit
GM/T 0086-2020 Specification of key management system based on SM9
GOST 28147-89 64-bit block cipher (RFC 5830)
GOST R 34.10-2012 VKO key agreement function (RFC 7836)
GOST R 34.10-2012 public key signature function (RFC 7091)
GOST R 34.11-2012 Streebog hash function (RFC 6986)
GOST R 34.11-94 CryptoPro hash function (RFC 5831)
GOST R 34.12-2015 128-bit block cipher Kuznechik (RFC 7801)
GOST R 34.12-2015 64-bit block cipher Magma (RFC 8891)
GOST R 50.1.114-2016 GOST R 34.10-2012 and GOST R 34.11-2012
HC-128 Stream Cipher simplified version of HC-256 (Wu, ESAT/COSIC)
IGE (Infinite Garble Extension) Mode of Operation for Block ciphers
ISO/IEC 10118-3:2003 RIPEMD128/160/256 and Whirlpool (ESAT/COSIC)
ISO/IEC 18033-3:2010 HIGHT, SEED, Camellia and MISTY1 Block ciphers
ISO/IEC 18033-4:2011 KCipher-2 stream cipher (RFC 7008)
ISO/IEC 29192-3:2012 Trivium Stream cipher with 80-bit key
ISO/IEC 18033-5:2015 IBE - Identity-based Encryption Mechanisms
ISO/IEC 18033-5:2015/Amd.1:2021(E) SM9 Mechanism
ISO/IEC 29192-2:2019 PRESENT, CLEFIA and LEA block ciphers
ISO/IEC 15946-5:2022 Barreto-Naehrig and Barreto-Lynn-Scott Curves
KS X 1213-1 ARIA 128-bit block cipher with 128/192/256-bit keys
KS X 3246 LEA - Lightweight Encryption Algorithm (TTAK.KO-12.0223)
KS X 3262 LSH - A New Fast Secure Hash Function Family (in Korean)
NIST SP800-186 X25519 Diffie-Hellman (OpenSSL compliant)
NIST SP800-38D GCM AEAD mode for 128-bit block ciphers (RFC 5288)
RFC 2104: HMAC - Keyed-Hashing for Message Authentication
RFC 2144: CAST-128 64-bit Block cipher with 128-bit key
RFC 2612: The CAST-256 Encryption Algorithm
RFC 3610: Counter with CBC-MAC Mode of Operation (CCM Mode)
RFC 4009: The SEED Encryption Algorithm (KISA)
RFC 4253: Serpent 128-bit Block cipher with 128/192/256-bit keys
RFC 4493: Cipher-based Message Authentication Code (CMAC)
RFC 4503: Rabbit Stream Cipher Algorithm with 128-bit key
RFC 4543: Galois Message Authentication Code (GMAC)
RFC 4764: EAX Authenticated-Encryption Mode of Operation
RFC 4648: Base16, Base32, and Base64 Data Encodings
RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2
RFC 5280: Internet X.509 PKI Certificate Revocation List (CRL)
RFC 5297: Synthetic Initialization Vector (SIV Mode)
RFC 5869: HMAC-based Key Derivation Function (HKDF)
RFC 6114: The 128-Bit Blockcipher CLEFIA (Sony)
RFC 7008: KCipher-2 Encryption Algorithm (KDDI R&D Laboratories)
RFC 7253: OCB (and PMAC) Authenticated-Encryption Algorithm
RFC 7292: PKCS #12 Personal Information Exchange Syntax v1.1
RFC 7539: ChaCha20-Poly1305 AEAD Stream cipher
RFC 7693: The BLAKE2 Cryptographic Hash and MAC (JP Aumasson)
RFC 7748: Curve25519 and Curve448: Elliptic Curves for Security
RFC 7914: The Scrypt Password-Based Key Derivation Function
RFC 8032: Ed25519 Signature a.k.a. EdDSA (Daniel J. Bernstein)
RFC 8446: Transport Layer Security (TLS) Protocol Version 1.3
RFC 9058: MGM AEAD mode for 64 and 128 bit ciphers (E. Griboedova)
RFC 9367: GOST Cipher Suites for Transport Layer Security (TLS 1.3)
SBRC 2007: Curupira 96-bit block cipher with 96/144/192-bit keys
STB 34.101.31-2011 Belorussian standard (Bel-T) block cipher
STB 34.101.45-2013 Belorussian BignV1 public key algorithhm
STB 34.101.77-2020 Belorussian standard BASH hash function
TTAS.KO-12.0004/R1 128-bit Block Cipher SEED (ISO/IEC 18033-3:2010)
TTAS.KO-12.0040/R1 64-bit Block Cipher HIGHT (ISO/IEC 18033-3:2010)
TTAS.KO-12.0011/R2 HAS-160 Korean-standardized hash algorithm
TTAK.KO-12.0015/R3 EC-KCDSA Korean Digital Signature Algorithm
TTAK.KO-12.0223 LEA 128-bit block cipher (ISO/IEC 29192-2:2019)
TTAK.KO-12.0276 LSH Message digest algorithm (KS X 3262)
US FIPS 197 Advanced Encryption Standard (AES)
US FIPS 180-2 Secure Hash Standard (SHS) SHA1 and SHA2 Algorithms
US FIPS 202 SHA-3 Permutation-Based Hash (instance of the Keccak)
US FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
US FIPS 204 Module-Lattice-Based Digital Signature Standard (ML-DSA)
US FIPS 205 Stateless Hash-Based Digital Signature Standard (SLH-DSA)

Command-line Integrated Security Suite

Asymmetric

Public key algorithms:

Algorithm	256	512	ECDH	Signature	Encryption	PKI
ECDSA	O	O	O	O	O	O
ECGDSA	O	O		O
EC-KCDSA	O	O		O
ANSSI	O		O	O	O
Koblitz	O		O	O	O
BignV1	O	O	O	O
Curve25519	O		O	O		O
Curve448			O	O
GOST2012	O	O	O	O		O
RSA				O	O	O
SM2	O		O	O	O	O
SM9	O		O	O	O
NUMS	O	O	O	O	O
ElGamal				O	O
EC-ElGamal	O				O
ML-DSA/KEM				O	O	O
SLH-DSA	O			O		O

Subjacent Elliptic Curves:

Curve	ECDSA	EC-GDSA	EC-KCDSA	ECKA-EG
P-224 (secp224r1)	O	O	O
P-256 (secp256r1)	O	O	O	O
P-384 (secp384r1)	O	O	O
P-521 (secp521r1)	O	O	O
B-283 (sect283r1)			O
B-409 (sect409r1)			O
B-571 (sect571r1)			O
BLS12-381				O
Ed25519				O
Pallas				O
ANSSI (frp256v1)	O
Koblitz (secp256k1)	O			O
SM2 (sm2p256v1)	O

Supported ParamSets:

Algorithm A B C D

GOST R 34.10-2012 256-bit O O O O

GOST R 34.10-2012 512-bit O O O

Algorithm	A	B	C	D
GOST R 34.10-2012 256-bit	O	O	O	O
GOST R 34.10-2012 512-bit	O	O	O

Symmetric

Stream ciphers:

Cipher	Key Size	IV	Modes
Ascon 1.2	128	128	AEAD Stream Cipher
Chacha20Poly1305	256	96/192	AEAD Stream Cipher
Grain128a	128	40-96	AEAD Stream Cipher
HC-128	128	128	XOR Stream
HC-256	256	256	XOR Stream
KCipher-2	128	128	XOR Stream
Rabbit	128	64	XOR Stream
RC4 [Obsolete]	40/128	-	XOR Stream
Salsa20	256	64/192	XOR Stream
Skein512	Any	Any	MAC + XOR Stream
Spritz	Any	Any	XOR Stream
Trivium	80	80	XOR Stream
ZUC-128 Zu Chongzhi	128	128	MAC + XOR Stream
ZUC-256 Zu Chongzhi	256	184	MAC + XOR Stream

Permutation ciphers:

Cipher Key IV Mode

Xoodyak 128 128 Lightweight AEAD Permutation Cipher

Cipher	Key	IV	Mode
Xoodyak	128	128	Lightweight AEAD Permutation Cipher

256-bit> block ciphers:

Cipher	Block Size	Key Size	Modes
Kalyna256	256	256/512	EAX, SIV, CTR, OFB, IGE
Kalyna512	512	512	EAX, SIV, CTR, OFB, IGE
SHACAL-2	256	128 to 512	EAX, SIV, CTR, OFB, IGE
Threefish256	256	256	EAX, SIV, CTR, OFB, IGE
Threefish512	512	512	EAX, SIV, CTR, OFB, IGE
Threefish1024	1024	1024	EAX, SIV, CTR, OFB, IGE

128-bit block ciphers:

Cipher	Block Size	Key Size	Modes
AES (Rijndael)	128	128/192/256	All modes supported
Anubis	128	128 to 320	All modes supported
ARIA	128	128/192/256	All modes supported
Bel-T	128	128/192/256	All modes supported
Camellia	128	128/192/256	All modes supported
CAST256	128	128/192/256	All modes supported
CLEFIA	128	128/192/256	All modes supported
CRYPTON	128	128/192/256	All modes supported
E2	128	128/192/256	All modes supported
Kalyna128	128	128/256	All modes supported
Kuznechik	128	256	All modes supported
LEA	128	128/192/256	All modes supported
LOKI97	128	128/192/256	All modes supported
MARS	128	128 to 448	All modes supported
NOEKEON	128	128	All modes supported
RC6	128	128/192/256	All modes supported
SEED	128	128	All modes supported
Serpent	128	128/192/256	All modes supported
SM4	128	128	All modes supported
Twofish	128	128/192/256	All modes supported

96-bit block ciphers:

Cipher Block Size Key Size Modes

Curupira 96 96/144/192 EAX, LETTERSOUP, CTR, IGE

Cipher	Block Size	Key Size	Modes
Curupira	96	96/144/192	EAX, LETTERSOUP, CTR, IGE

64-bit block ciphers:

Cipher	Block Size	Key Size	Modes
DES [Obsolete]	64	64	EAX, CFB-8, CTR, OFB
3DES [Obsolete]	64	192	EAX, CFB-8, CTR, OFB
Blowfish	64	128	EAX, CFB-8, CTR, OFB
CAST5	64	128	EAX, CFB-8, CTR, OFB
GOST89 (TC26)	64	256	EAX, MGM, CFB-8, CTR
HIGHT	64	128	EAX, CFB-8, CTR, OFB
IDEA [Obsolete]	64	128	EAX, CFB-8, CTR, OFB
Khazad	64	128	EAX, MGM, CFB-8, CTR
Magma	64	256	EAX, CFB-8, CTR, OFB
MISTY1	64	128	EAX, CFB-8, CTR, OFB
PRESENT	64	80/128	EAX, MGM, CFB-8, CTR
RC2 [Obsolete]	64	128	EAX, CFB-8, CTR, OFB
RC5 [Obsolete]	64	128	EAX, CFB-8, CTR, OFB
SAFER+	64	64/128	EAX, CFB-8, CTR, OFB
TWINE	64	80/128	EAX, MGM, CFB-8, CTR

Modes of Operation:

Mode		Blocks	Keys
EAX	Encrypt-Authenticate-Translate	All	Any
GCM	Galois/Counter Mode (AEAD)	128	128/192/256
OCB1	Offset Codebook v1 (AEAD)	128	128/192/256
OCB3	Offset Codebook v3 (AEAD)	128	128/192/256
MGM	Multilinear Galois Mode (AEAD)	64/128	Any
CCM	Counter with CBC-MAC (AEAD)	128	128/192/256
SIV	Synthetic IV Mode (AEAD)	All	Any
CBC	Cipher-Block Chaining	All	Any
CFB	Cipher Feedback Mode	All	Any
CFB-8	Cipher Feedback Mode 8-bit	All	Any
CTR	Counter Mode (default)	All	Any
ECB	Eletronic Codebook Mode	All	Any
IGE	Infinite Garble Extension	All	Any
OFB	Output Feedback Mode	All	Any

Message Digest Algorithms:

Algorithm	128	160	192	256	512	MAC
BASH				O	O
Bel-T				O
BLAKE-2B				O	O	O
BLAKE-2S	O			O		O
BLAKE-3				O		O
BMW				O	O
Chaskey	O					O
CubeHash				O	O
ECHO				O	O
ESCH				O
Fugue				O	O
GOST94 CryptoPro				O
Grøstl				O	O
Hamsi				O	O
Haraka v2				O
HAS-160		O
JH				O	O
Kupyna				O	O	O
Legacy Keccak				O	O
LSH				O	O
Luffa				O	O
MD4 [Obsolete]	O
MD5 [Obsolete]	O
MD6				O	O
Poly1305	O					O
Radio-Gatun				O
RIPEMD	O	O		O
SHA1 [Obsolete]		O
SHA2 (default)				O	O
SHA3				O	O
SHAKE				O	O
SHAvite-3				O	O
SIMD				O	O
SipHash	O					O
Skein				O	O	O
SM3				O
Streebog				O	O
Tiger			O
Whirlpool					O
Xoodyak				O		O
ZUC-256 Zu Chongzhi	O					O

MAC refers to keyed hash function, like HMAC.

Features

Cryptographic Functions:
Asymmetric Encryption
Symmetric Encryption + AEAD Modes
Digital Signature
Recursive Hash Digest + Check
ECDH (Shared Key Agreement)
CMAC (Cipher-based message authentication code)
HMAC (Hash-based message authentication code)
HKDF (HMAC-based key derivation function)
PBKDF2 (Password-based key derivation function)
PHS (Password-hashing scheme)
TLS (Transport Layer Security v1.2 and 1.3)
TLCP (Transport Layer Cryptography Protocol v1.1)
PKCS12 (Personal Information Exchange Syntax v1.1)
X.509 CSRs, CRLs and Certificates
Non-cryptographic Functions:
Hex string encoder/dump/decoder (xxd-like)
Base32 encoder/decoder
Base64 encoder/decoder
Base85 encoder/decoder
Privacy-Enhanced Mail (PEM format)
RandomArt (OpenSSH-like)

Usage

Usage of ./edgetk:
  -algorithm string
        Public key algorithm: EC, Ed25519, GOST2012, SM2. (default "RSA")
  -base32 string
        Encode binary string to Base32 format and vice-versa. [enc|dec]
  -base64 string
        Encode binary string to Base64 format and vice-versa. [enc|dec]
  -base85 string
        Encode binary string to Base85 format and vice-versa. [enc|dec]
  -bits int
        Key length. (for keypair generation and symmetric encryption)
  -cacert string
        CA Certificate path. (for TLCP Protocol)
  -cakey string
        CA Private key. (for TLCP Protocol)
  -cert string
        Certificate path.
  -check
        Check hashsum file. ('-' for STDIN)
  -cipher string
        Symmetric algorithm: aes, blowfish, magma or sm4. (default "aes")
  -crl string
        Certificate Revocation List path.
  -crypt string
        Bulk Encryption with Stream and Block ciphers. [enc|dec|help]
  -curve string
        Subjacent curve (ECDSA, BLS12381G1 and G2.) (default "ecdsa")
  -days int
        Defines the validity of the certificate from the date of creation.
  -digest
        Target file/wildcard to generate hashsum list. ('-' for STDIN)
  -factorp string
        Makwa private Factor P. (for Makwa Password-hashing Scheme)
  -factorq string
        Makwa private Factor Q. (for Makwa Password-hashing Scheme)
  -hex string
        Encode binary string to hex format and vice-versa. [enc|dump|dec]
  -hid uint
        Hierarchy Identifier. (for SM9 User Private Key) (default 1)
  -id string
        User Identifier. (for SM9 User Private Key operations)
  -info string
        Additional info. (for HKDF command and AEAD bulk encryption)
  -ipport string
        Local Port/remote's side Public IP:Port.
  -iter int
        Iter. (for Password-based key derivation function) (default 1)
  -iv string
        Initialization Vector. (for symmetric encryption)
  -kdf string
        Key derivation function. [pbkdf2|hkdf|scrypt|argon2|lyra2re2]
  -key string
        Asymmetric key, symmetric key or HMAC key, depending on operation.
  -mac string
        Compute Hash/Cipher-based message authentication code.
  -master string
        Master key path. (for sm9 setup) (default "Master.pem")
  -md string
        Hash algorithm: sha256, sha3-256 or whirlpool. (default "sha256")
  -mode string
        Mode of operation: GCM, MGM, CBC, CFB8, OCB, OFB. (default "CTR")
  -modulus string
        Makwa modulus. (Makwa hash Public Parameter)
  -nopad
        No padding. (for Base64 and Base32 encoding)
  -params string
        ElGamal Public Parameters path.
  -paramset string
        Elliptic curve ParamSet: A, B, C, D. (for GOST2012) (default "A")
  -pass string
        Password/Passphrase. (for Private key PEM encryption)
  -passout string
        User Password. (for SM9 User Private Key PEM encryption)
  -peerid string
        Remote's side User Identifier. (for SM9 Key Exchange)
  -pkey string
        Subcommands: keygen|certgen, sign|verify|derive, text|modulus.
  -prv string
        Private key path. (for keypair generation) (default "Private.pem")
  -pub string
        Public key path. (for keypair generation) (default "Public.pem")
  -rand int
        Generate random cryptographic key with given bit length.
  -recover
        Recover Passphrase from Makwa hash with Private Parameters.
  -recursive
        Process directories recursively. (for DIGEST command only)
  -root string
        Root CA Certificate path.
  -salt string
        Salt. (for HKDF and PBKDF2 commands)
  -signature string
        Input signature. (for VERIFY command and MAC verification)
  -subj string
        Subject: Identity for which a digital certificate.
  -tcp string
        Encrypted TCP/IP Transfer Protocol. [server|ip|client]
  -tweak string
        Additional 128-bit parameter input. (for THREEFISH encryption)
  -version
        Print version info.
  -wrap int
        Wrap lines after N columns. (for Base64/32 encoding) (default 64)

Examples

Asymmetric EG keypair generation:

./edgetk -pkey setup -algorithm elgamal [-bits 4096] > ElGamalParams.pem
./edgetk -pkey keygen -algorithm elgamal -params ElGamalParams.pem [-pass "passphrase"] [-prv Private.pem] [-pub Public.pem]

EG Digital signature:

./edgetk -pkey sign -algorithm elgamal -key Private.pem [-pass "passphrase"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./edgetk -pkey verify -algorithm elgamal -key Public.pem -signature $sign < file.ext
echo $?

EG Encryption scheme:

./edgetk -pkey wrapkey -algorithm elgamal -key Public.pem > cipher.txt
ciphertext=$(cat cipher.txt|grep "Cipher"|awk '{print $2}')
./edgetk -pkey unwrapkey -algorithm elgamal -key Private.pem [-pass "passphrase"] -cipher $ciphertext

Asymmetric RSA keypair generation:

./edgetk -pkey keygen -bits 4096 [-pass "passphrase"] [-prv Private.pem] [-pub Public.pem]

Parse keys info:

./edgetk -pkey [text|modulus] [-pass "passphrase"] -key Private.pem
./edgetk -pkey [text|modulus|randomart|fingerprint] -key Public.pem

Digital signature:

./edgetk -pkey sign -key Private.pem [-pass "passphrase"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./edgetk -pkey verify -key Public.pem -signature $sign < file.ext
echo $?

Encryption/decryption with RSA algorithm:

./edgetk -pkey encrypt -key Public.pem < plaintext.ext > ciphertext.ext
./edgetk -pkey decrypt -key Private.pem < ciphertext.ext > plaintext.ext

Asymmetric EC keypair generation (256-bit):

./edgetk -pkey keygen -bits 256 -algorithm EC [-pass "passphrase"] [-prv Private.pem] [-pub Public.pem]

EC Diffie-Hellman:

./edgetk -pkey derive -algorithm EC -key Private.pem -pub Peerkey.pem

Generate Self Signed Certificate:

./edgetk -pkey certgen -key Private.pem [-pass "passphrase"] [-cert "output.crt"]

Generate Certificate Signing Request:

./edgetk -pkey req -key Private.pem [-pass "passphrase"] [-cert Certificate.csr]

Sign CSR with CA Certificate:

./edgetk -pkey x509 -key Private.pem -root CACert.pem -cert Certificate.csr > Certificate.crt

Parse Certificate info:

./edgetk -pkey [text|modulus] -cert Certificate.pem

Generate Certificate Revocation List:

./edgetk -pkey crl -cert CACert.pem -key Private.pem -crl old.crl serials.txt > NewCRL.crl

TLS Layer (TCP/IP):

./edgetk -tcp ip > MyExternalIP.txt
./edgetk -tcp server -cert Certificate.pem -key Private.pem [-ipport "8081"]
./edgetk -tcp client -cert Certificate.pem -key Private.pem [-ipport "127.0.0.1:8081"]

Symmetric key generation (256-bit):

./edgetk -rand 256

Encryption/decryption with block cipher:

./edgetk -crypt enc -key $256bitkey < plaintext.ext > ciphertext.ext
./edgetk -crypt dec -key $256bitkey < ciphertext.ext > plaintext.ext

Message digest:

./edgetk -digest [-recursive] "*.*" > hash.txt
./edgetk -check hash.txt
echo $?
or
./edgetk -check hash.txt|grep FAILED^|Not found!

Bcrypt:

./edgetk -digest -md bcrypt -key "yourkey" [-iter 10] > key.bcrypt
./edgetk -check -md bcrypt -key "yourkey" < key.bcrypt
echo $?

HMAC:

./edgetk -mac hmac -key "secret" < file.ext
./edgetk -mac hmac -key "secret" -signature $256bitmac < file.ext
echo $?

HKDF (HMAC-based key derivation function) (128-bit):

./edgetk -kdf hkdf -bits 128 -key "IKM" [-salt "salt"] [-info "AD"]

SM9 (Chinese IBE Standard)

Private Key Generation:

Generate a master key

./edgetk -pkey setup -algorithm <sm9encrypt|sm9sign> [-master "Master.pem"] [-pub "Public.pem"]

Generate a private key and a UID (User ID) and an HID (Hierarchy ID).

./edgetk -pkey keygen -algorithm <sm9encrypt|sm9sign> [-master "Master.pem"] [-prv "Private.pem"] [-id "uid"] [-hid 1]

Message Encryption:

To encrypt a message:
Use the master public key.
Include the UID and HID associated with the private key.
Perform the encryption process.

./edgetk -pkey encrypt -algorithm sm9encrypt [-key "Public.pem"] [-id "uid"] [-hid 1] < FILE

Message Decryption:

To decrypt a message:
Use the associated private key.
Use the corresponding UID.
Perform the decryption process.

./edgetk -pkey decrypt -algorithm sm9encrypt [-key "Private.pem"] [-id "uid"] < FILE

Digital Signature:

To sign a message:
Use the private key (UID and HID are associated).
Perform the signature process.

./edgetk -pkey sign -algorithm sm9sign [-key "Private.pem"] < FILE

Digital Signature Verification:

To verify the signature of a message:
Use the master public key.
Use the UID and HID associated with the private key that performed the signature.
Perform the signature verification process.

./edgetk -pkey verify -algorithm sm9sign [-key "Public.pem"] [-id "uid"] [-hid 1] [signature "sign"] < FILE

Hex Encoder/Decoder:

./edgetk -hex enc < file.ext > file.hex
./edgetk -hex dec < file.hex > file.ext
./edgetk -hex dump < file.ext

Base32/64 Encoder/Decoder:

./edgetk -base32 enc [-wrap 0] [-nopad] < file.ext > file.b32
./edgetk -base32 dec [-nopad] < file.b32 > file.ext

Try:

./edgetk -crypt help   // Describes bulk encryption usage and arguments
./edgetk -kdf help     // Describes key derivation function usage
./edgetk -mac help     // Describes message authentication code usage
./edgetk -pkey help    // Describes public key cryptography usage
./edgetk -tcp help     // Describes TLS 1.3 Protocol parameters and usage
./edgetk -help,-h      // Full list of the flags and their defaults
./edgetk -version      // Print version info

License

This project is licensed under the ISC License.

Source: README.md, updated 2024-11-11