SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

$Id: README,v 1.15 2004/07/25 12:10:25 stes Exp $

ECC

ECC is a set of commands for Elliptic Curve Cryptography:

ec-keygen

This command creates a private and public key.

The command:

ec-keygen -l

lists curves (nicknames). There are curves with coefficients in

  • Z mod p (p = 2 or p prime > 2)
  • F_{p^n}, finite fields with p = 2 or p prime > 2

The command:

ec-keygen -i secp160r1

prints some more info on that specific system.

To generate a pair of private and public key, use the command:

ec-keygen -o stes -e secp384r1

This creates a public and private key using the curve with nickname secp384r1. The result (because of -o stes) is saved in the file 'stes.pub' and 'stes.prv'.

The permission on the .pub file is 644. The permissions on the .prv file are 600. The idea is that the 'private' (prv) file is kept secret. The .pub file can be sent to other people.

ec-crypt

This command encrypts a (possibly large) file using a "stream cipher", i.e. using "symmetric encryption", such as DES, 3DES, RC4, RC5, AES etc.

The key for the symmetric encryption is read from /dev/urandom. (an alternative source for random bytes may be specified with the -r option).

The random bytes are encrypted using a ECC public key, and this encrypted key is written to the output file, followed then by the encoded contents of the input file.

ec-crypt -v -c aes-128-cbc -k key.pub -f myfile -o myfile.ecc -s myfile.key

This creates two files : myfile.ecc and myfile.key

The idea is that only the owner of the corresponding ECC private key can decode the encrypted random bytes (the AES key), and hence obtain the key, to apply the "stream cipher" with the correct key to decode the encoded file.

ec-decrypt

Decrypts an ECC encoded key, and uses that key to decrypt the file.

For example,

ec-decrypt -v -k key.prv -f myfile.ecc -s myfile.key -o myfile

ec-sign

This command computes a digest (using MD2, MD5, SHA, SHA1 etc.) and encrypts the digest with a ECC private key.

For example,

ec-sign -v -c sha1 -k key.prv -f myfile -s mydigest

or

ec-sign -vG -c md5 -k key.prv -f myfile -s mydigest

The -G option chooses an El Gamal signature instead of the default DSA.

ec-verify

This command verifies the digest computed by "ec-sign", by decrypting the digest with a ECC public key.

For example,

ec-verify -v -s mydigest -k key.pub -f myfile

INSTALLATION

You need OpenSSL for the symmetric encryption (stream ciphers). ECC doesn't come with its own RC4, DES, 3DES, RC5, SHA etc. It uses the OpenSSL versions of these stream ciphers. Make sure you install OpenSSL 0.9.6 or higher.

To compile the ECC extensions, you need my Objective-C compiler. See,

http://users.pandora.be/stes/compiler.html

NOTE: you need version 3.2.5 or higher (see objc --version)

Finally, simply, 

        ./configure --prefix=/usr/local --with-openssl=/usr/local
        make
        make install

To build the ec-* commands with ECC support.

--
David Stes,
Email: stes@pandora.be


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.