0.3.0 Changed publuc key signature storage, previously I didn't add the actual signature, therefore a public key could have been verified only during import but never thereafter. This affects exported public keys (32 byte larger) and vault storage, but is backwards compatible. Added JSON output support using libjansson (-j), supported by -t, -p, -s and -K. Abandoned YAML, perl and C key export support, better doing one external format but doing it good. Also, I had no importers for those formats. Removed -y for YAML vault export as well. Maybe I'll add a parameter to -p or -s so one can select which key[s] to export. removed hand-written padding stuff and using libsodiums _easy() functions for crypto now instead of the raw nacl ones. instead we use the _easy variants of the crypto_*box functions, which libsodium provides. I didn't use them so far because I wasn't aware of their existence. using secure memory where applicable. changed encryption protocol, now we're using counter mode for stream encryption. we use the nonce, which is required by crypto_secretbox anyway, as a counter. our counter has a variable size and starts with one byte. the first byte of the nonce signifies the counter size and the following byte(s) are used as the counter. if it is larger than one byte, it will be converted to big endian. maximum possible counter size is 184 bit, current maximum implemented counter size is 64 bit. removed CBC mode support, it wasn't enabled by default anyway. using libsodium memory protection facilities where applicable (keys, passwords, hashes). fixed compilation failure when using clang. fixed self-mode crypto. now -m enables symmetric encryption, while -M adds the senders primary pub key to the list of recipients in asymmetric mode. added automated tests using travis-ci: https://travis-ci.org/TLINDEN/pcp/ fixed several use-after-free bugs in encryption code. made configure more portable, esp. fixed finding of libsodium. replaced star's incorporated scrypt() with the one libsodium now provides. breaks compatibility to older pcp versions, but is more portable and removes to burden to keep this code up to date. added option -X (read passphrase from file). Symmetric decryption doesn't require a vault anymore. Added -C: create a blake2 checksum of one or more files. 0.2.4 fixed compiler macro misplacement (github#4). fixed invalid free (github#5). fixed invalid memset(0) in ps_close(). added python binding, not enabled by default, use --with-python-binding to turn it on. certain generated files are no more generated by autogen.sh, but manually by myself and put into git, because the generation isn't portable. also fixes github#3. disabled conftests when cross compiling. 0.2.3 Z85 block encoding changed. 4 bytes are appended to each input block to denote if and how many zeroes have been used for padding, necessary since z85 doesn't have any native padding scheme, and only padding with zeroes is insuffucient. This change breaks - currently - compatibility to pbp. Added new option --anonymous (-A) which uses a generated keypair for encryption and puts the public part into the encrypted message. Fixed lots of memory leaks. 0.2.2 Enhanded --edit-key a little, it's now possible to make a secret the primary one. Added new option -v (the previous -v has moved to --version only) for verbose. Currently only supported by --list-keys. In this mode more details will be printed. Also added a couple of alias options for existing ones (e.g. -a for armor which is an alias for -z). Removed options -P and -S, replaced by -K (long: --import-key) used to import a key. The key type is now determined automatically as well as the encoding. Made libpcp threadsafe by removing all global vars and putting that stuff into the new PCP Context class (ptx.h), which now holds errors and key hashes. Use 64bit integers for time values in exported keys (we use 64 bit internaly already), to be year 2038 safe. Added a new file type (PCP_ASYM_CIPHER_SIG) which marks encrypted+signed files. This is incompatible to pbp, but it doesn't support that feature anyway. To decrypt encrypted+signed files the option -c is therefore no more required, since pcp2 can now determine the file mode itself. 0.2.1 My crypt+sign implementation were wrong (better: defect). It worked but a legal recipient could re-encrypt the message and attach the original signature, fooling a third party. Now the signature is being made of the encrypted recipient list, the cleartext content (both hashed together) and encrypted afterwards. Re-implemented pcp_readz85string() function, it's now much more fault tolerant and flexible and save against overflows. It is able to catch a multitude of z85 encoded inputs, such as multiline z85 data, oneline z85 data, including or without headers/footers and it considers any single line of content which ends with [\r]\n and contains a whitespace as comment. Added Buffer 'class' internal api to make it easier to work with binary data in various, flexible and error prone ways. Cribbed from the code in openssh/buffer.c. Import and export of keys is now being done in the lib and no more in src. Src only opens files and asks for passwords and stuff like this. Changed public key export format to RFC4880, see include/pcp/mgmt.h for details. Pcp uses only a small subset of what the rfc provides, I left out most of the bloat. Also our keys are incompatible with OpenPGP of course, since our ciphers are different. But it's a standardized format, easy to work with and flexible. From this point on it should be possible to import old public keys even if the internal structure changed. This wasn't possible in the past. The secret key export format changed as well. It is proprietary but more flexible than the old one as well. It now only contains static data, whatever can be calculated later isn't stored. Everything is being put into one stream and completely encrypted symmetrically. As with the new pubkey export format this one as well is independent of internal structs in pcp and should therefore be future proof. Internal api change: added pcpstream, which is a wrapper around file i/o or buffer i/o. It's used in libpcp/crypto.c (more to follow), so it depends on the caller if it works on files or on buffers. Pcpstreams also automatically encode/decode Z85. Due to the new pcpstream class pcp now supports armored encrypted files, which it didn't previously. Lots of refactoring have been done to clear things out and make the system work with the changes above. Added various convenience pubkey export formats, beside pbp and pcp also supported are now perl, c and yaml code. A programmer can use this to put a public key in a small program. Finally found the bug that leaded to the unittests sometimes fail as previously described in the TODO file: the function libpcp/z85.c:_buffer_is_binary() shall return a non-zero value if it finds a binary character in the input. However, if the first char of the input was binary it returned 0, which was then interpreted later such that the input is ascii. To fix this, the function now starts at position 1 to search. Added API doc for libpcp, generated using doxygen in man/html/. Latest API docs can be found on http://www.daemon.de/libpcp/. At this point I'd like to thank Liquid Soul. Only thanks to their music I was able to do those heavy changes. It's like a drug boosting the brain. Love U, man! 0.2.0 ED25519 and Curve25519 keys are now generated separately (previously they were generated from one random seed, the curve had been derived from the ed key). To encrypt the secret keys, we're now using a key derived from the user passphrase generated using the scrypt() function, incorporated from tarsnap via scrypt-1.1.6. The "derived pcp key" feature has been dropped. Encrypted file format/scheme changed. Previously I included the sender's key-id with the encrypted cipher as a hash. So, encrypted message do no more contain pk material. Changed signature scheme completely. Binary signature follow the pbp scheme: calculate blake2 hash of the content, sign the hash, write out original content, add "\nnacl-", add the signature, add the hash. Armored signatures are calculated the same way but output follows the pgp scheme instead. Detached signatures are still supported as before, for the user everything with them is as known, but the commandline option -f (--sigfile) have to be applied. Internally, however, inputs will be read in 32k blockwise as well. Detached signatures are now z85 encoded always. Now you can also crypt+sign files with pcp1. Signatures of encrypted files are always binary appended as is, no offset designator. This leads to a couple of problems which need to be solved somehow in the future: recipient doesn't know whether to decrypt the file or to decrypt and verify it. Also it's unclear how to behave if decryption works but the signature doesn't verify. Currently pcp1 failes in this case, but leaves the decrypted result on disk. Hm... The default encryption mode with pcp (and pbp as of this writing) is ECB. Each 32k block is encrypted independently. While ECB is generally a bad choice, the 32k blocksize compensates for it. However, just to have to option, if we decide to use CBC instead, I already implemented it. It must be enabled at compile time with ./configure --enable-cbc. CBC mode in PCP uses a blocksize of 1k. Added PBP public key import and export compatibility (untested against pbp yet), use -b when exporting a public key, or when importing one. 0.1.5 Fixed a segmentation fault when using pcp1 -t on a public key. I added a double free() there by purpose to test segfault catching I added in unittest.pl and forgot to remove it. The good news is, that I found the double free() immediately thanks to the segfault catching of unittest.pl :) Fixed use of unencrypted secret keys, added proper unittests for this case. Note: a secret key will be stored unencrypted if the user doesn't enter a password when asked. In addition to the fix I added a question if the user is sure about what he does. Moved config.h to include/pcp/ so it will be installed as well. Removed the conditional include of config.h in platform.h, that was stupid. Added generation of a pkg-config configuration in libpcp/libpcp1.pc.in. Added -O support to -k. So now you can generate a new secret key and export it directly into a file. In this case the key will not be stored to the vault. The -t option now accepts an inputfile (-I) and determines what kind of file that might be and if it finds out, prints some info about it to stdout. Useful if you've got a z85 encoded file without headers and comments and don't know what it is. Moved all uthash (key lists) related code into keyhash.c, so nowhere will be used any HASH* macros directly. Fixed various malloc/free errors. Found them on the gcc compilefarm, thanks to the gcc guys providing access to it. Fixed alternate arc4random*() implementation in platform.h, now we just use the random functions of libsodium if they're not available. Added C++ language binding (bindings/cpp/), look at tests/cpptest.cpp for usage examples. Fixed problem under big-endian platforms where encryption didn't work due a missing sodium_init() call. Thanks to Frank Denis. See https://github.com/jedisct1/libsodium/issues/100 0.1.4 Changed key format (again), now the main secret is the ED25519 secret key, which will be encrypted. Everything else will be derived from that. Thanks to S.Neives and "CodesInChaos" from the libsodium mailinglist for clarifying it and helping me to understand it. 0.1.3 Added signature support using ED25519. Key format has changed it now contains the ed25519 public key part as well, required for signing. Key version is now 0x2 and vault version 0x2. There's no backwards compatibility, since this is still beta. Re-organized header files. Added support for self encryption using the users own key pair for encryption and decryption. Backport of issue https://github.com/zeromq/zeromq4-x/issues/29 Fixed key export, now uses big endianess as well. Updated POD documentation. Fixed a couple of minor bugs which lead to crashes. Options -r and -R exchanged: -R = remove key, -r = recipient. Added support for derived keys (using -r). Added more precautions when writing to the vault, we now always use a tmp vault for writing and if that works, we copy it back. In case something fails on the way, the tmp file will be retained or the original vault will not be altered. 0.1.2 Fixed bug in pcp_derivekey() which derives encryption keys. it generated collisions due coding error, e.g. passphase 'a' resulted in the same encryptionkey as passphase 'r'. Now uses SHA256 witout the xor stuff, which was the cause for the bug. This also fixes a segmentation fault which occured invariably by entering an invalid passphrase. Added support for derived public keys using the -R option, which allows two peers to encrypt messages without the need to reveal their primary public keys. That way each peer will have another public key of the same source. Added more unit tests to reflect the above changes. 0.1.1 Changed output format of encrypted keys. now we encode it properly with the Z85 encoding and add a header and footer to it: -----BEGN CURVE25519 SECRET KEY----- 0q<1MspXp=x>mBZsUJF:2#)o*!.nTKR8SK}0IfuMBmC1a&*?)JD4%$%I5