edgetk

module
v1.2.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2023 License: ISC

README

EDGE Toolkit

ISC License GoDoc GitHub downloads Go Report Card GitHub go.mod Go version GitHub release (latest by date)

Multi-purpose cross-platform hybrid cryptography tool for symmetric and asymmetric encryption, cipher-based message authentication code (CMAC/PMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), Password-based key derivation function (PBKDF2), shared key agreement (ECDH/VKO), digital signature (RSA/ECDSA/EdDSA) and TLS 1.3 for small or embedded systems.

Fully OpenSSL/LibreSSL/RHash/Mcrypt compliant

Command-line Integrated Security Suite

Asymmetric

  • Public key algorithms:

    Algorithm 256 512 ECDH ECDSA Encryption TLS
    ECDSA O O O O O O
    Ed25519 O O O O
    GOST2012 O O O O O
    RSA O O O
    SM2 O O O O O
Symmetric

  • Stream ciphers:

    Cipher Key Size IV Modes
    Chacha20Poly1305 256 96/192 AEAD Stream Cipher
    HC-128 128 128 XOR Stream
    HC-256 256 256 XOR Stream
    KCipher-2 128 128 XOR Stream
    Rabbit 128 64 XOR Stream
    RC4 [Obsolete] 40/128 - XOR Stream
    Salsa20 256 64/192 XOR Stream
    Skein512 256 256 XOR Stream
    ZUC-128 Zu Chongzhi 128 128 MAC + XOR Stream
    ZUC-256 Zu Chongzhi 256 184 MAC + XOR Stream

  • 128-bit block ciphers:

    Cipher Block Size Key Size Modes
    AES (Rijndael) 128 128/192/256 All modes supported
    Anubis 128 128 All modes supported
    ARIA 128 128/192/256 All modes supported
    Camellia 128 128/192/256 All modes supported
    Grasshopper 128 256 All modes supported
    LEA 128 128/192/256 All modes supported
    SEED 128 128 All modes supported
    Serpent 128 128/192/256 All modes supported
    SM4 128 128 All modes supported
    Twofish 128 128/192/256 All modes supported

  • 64-bit block ciphers:

    Cipher Block Size Key Size Modes
    DES [Obsolete] 64 64 CBC, CFB-8, CTR, OFB
    3DES [Obsolete] 64 192 CBC, CFB-8, CTR, OFB
    Blowfish 64 128 CBC, CFB-8, CTR, OFB
    CAST5 64 128 CBC, CFB-8, CTR, OFB
    GOST89 (TC26) 64 256 MGM, CFB-8, CTR, OFB
    HIGHT 64 128 CBC, CFB-8, CTR, OFB
    IDEA [Obsolete] 64 128 CBC, CFB-8, CTR, OFB
    Magma 64 256 MGM, CFB-8, CTR, OFB
    MISTY1 64 128 CBC, CFB-8, CTR, OFB
    RC2 [Obsolete] 64 128 CBC, CFB-8, CTR, OFB
    RC5 [Obsolete] 64 128 CBC, CFB-8, CTR, OFB

  • Modes of Operation:

    Mode Blocks Keys
    EAX Encrypt-Authenticate-Translate 128 128/192/256
    GCM Galois/Counter Mode (AEAD) 128 128/192/256
    OCB1 Offset Codebook v1 (AEAD) 128 128/192/256
    OCB3 Offset Codebook v3 (AEAD) 128 128/192/256
    MGM Multilinear Galois Mode (AEAD) 64/128 Any
    CBC Cipher-Block Chaining All Any
    CFB Cipher Feedback Mode All Any
    CFB-8 Cipher Feedback Mode 8-bit All Any
    CTR Counter Mode (default) All Any
    ECB Eletronic Codebook Mode All Any
    IGE Infinite Garble Extension All Any
    OFB Output Feedback Mode All Any

  • Message Digest Algorithms:

    Algorithm 128 160 192 256 512 MAC
    BLAKE-2B O O O
    BLAKE-2S O O O
    Chaskey O O
    Cubehash O
    GOST94 CryptoPro O
    Grøstl O
    JH O
    Legacy Keccak O O
    LSH O O
    MD4 [Obsolete] O
    MD5 [Obsolete] O
    Poly1305 O O
    RIPEMD O O O
    SHA1 [Obsolete] O
    SHA2 (default) O O
    SHA3 O O
    SipHash O O
    Skein O O O
    SM3 O
    Streebog O O
    Tiger O
    Whirlpool O
    Xoodyak O O
    ZUC-256 Zu Chongzhi O O
    • MAC refers to keyed hash function, like HMAC.

  • Experimental:

    Cipher Key IV Mode
    Xoodyak 128 128 Lightweight AEAD Permutation Cipher
    Ascon 1.2 128 128 NIST Lightweight AEAD Stream Cipher
    Grain128a 128 40-96 NIST Lightweight AEAD Stream Cipher
AEAD

Authenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Provides both authenticated encryption (confidentiality and authentication) and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear.

XOR

XOR (Exclusive OR) is a logical operator that works on bits. Let’s denote it by ^. If the two bits it takes as input are the same, the result is 0, otherwise it is 1. This implements an exclusive or operation, i.e. exactly one argument has to be 1 for the final result to be 1. We can show this using a truth table:

  • exclusive or

    x y x^y
    0 0 0
    0 1 1
    1 0 1
    1 1 0
Key sizes

  • Bit-length Equivalence

    Symmetric Key Size RSA and DSA Key Size ECC Key Size
    80 1024 160
    112 2048 224
    128 3072 256
    192 7680 384
    256 15360 512
IKM (input key material value)

Keying material is in general to include things like shared Diffie-Hellman secrets (which are not suitable as symmetric keys), which have more structure than normal keys.

Features

  • Cryptographic Functions:

    • Asymmetric Encryption
    • Symmetric Encryption + AEAD Modes
    • Digital Signature
    • Recursive Hash Digest + Check
    • ECDH (Shared Key Agreement)
    • CMAC (Cipher-based message authentication code)
    • PMAC (Parallelizable message authentication code)
    • HMAC (Hash-based message authentication code)
    • HKDF (HMAC-based key derivation function)
    • PBKDF2 (Password-based key derivation function)
    • TLS (Transport Layer Security 1.2 and 1.3)
    • TLCP (Transport Layer Cryptography Protocol)
    • PKCS12 (Personal Information Exchange Syntax v1.1)
    • X.509 CSRs and Certificates

  • Non-cryptographic Functions:

    • Hex string encoder/dump/decoder (xxd-like)
    • Privacy-Enhanced Mail (PEM format)
    • RandomArt (OpenSSH-like)

Usage

 -algorithm string
       Public key algorithm: RSA, ECDSA, Ed25519 or SM2. (default "RSA")
 -bits int
       Key length. (for keypair generation and symmetric encryption)
 -cert string
       Certificate path. (default "Certificate.pem")
 -check string
       Check hashsum file. ('-' for STDIN)
 -cipher string
       Symmetric algorithm: aes, blowfish, magma or sm4. (default "aes")
 -crypt string
       Encrypt/Decrypt with bulk ciphers. [enc|dec]
 -digest
       Target file/wildcard to generate hashsum list. ('-' for STDIN)
 -hex string
       Encode binary string to hex format and vice-versa. [enc|dump|dec]
 -hkdf int
       HMAC-based key derivation function with given bit length.
 -info string
       Additional info. (for HKDF command and AEAD bulk encryption)
 -ipport string
       Local Port/remote's side Public IP:Port.
 -iter int
       Iter. (for Password-based key derivation function) (default 1)
 -iv string
       Initialization Vector. (for symmetric encryption)
 -key string
       Asymmetric key, symmetric key or HMAC key, depending on operation.
 -mac string
       Compute Hash-based message authentication code.
 -md string
       Hash algorithm: sha256, sha3-256 or whirlpool. (default "sha256")
 -mode string
       Mode of operation: GCM, MGM, CBC, CFB, OCB, OFB. (default "CTR")
 -pbkdf2
       Password-based key derivation function.
 -pkey string
       Subcommands: keygen|certgen, sign|verify|derive, text|modulus.
 -private string
       Private key path. (for keypair generation) (default "Private.pem")
 -public string
       Public key path. (for keypair generation) (default "Public.pem")
 -pwd string
       Password. (for Private key PEM encryption)
 -rand int
       Generate random cryptographic key with given bit length.
 -recursive
       Process directories recursively. (for DIGEST command only)
 -salt string
       Salt. (for HKDF and PBKDF2 commands)
 -signature string
       Input signature. (for VERIFY command and MAC verification)
 -tcp string
       Encrypted TCP/IP Transfer Protocol. [server|ip|client]

Examples

Asymmetric RSA keypair generation:
./edgetk -pkey keygen -bits 4096 [-pwd "pass"]
Parse keys info:
./edgetk -pkey [text|modulus] [-pwd "pass"] -key private.pem
./edgetk -pkey [text|modulus|randomart] -key public.pem
Digital signature:
./edgetk -pkey sign -key private.pem [-pwd "pass"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./edgetk -pkey verify -key public.pem -signature $sign < file.ext
echo $?
Encryption/decryption with RSA algorithm:
./edgetk -pkey encrypt -key public.pem < plaintext.ext > ciphertext.ext
./edgetk -pkey decrypt -key private.pem < ciphertext.ext > plaintext.ext
Asymmetric EC keypair generation (256-bit):
./edgetk -pkey keygen -bits 256 -algorithm EC [-pwd "pass"]
EC Diffie-Hellman:
./edgetk -pkey derive -algorithm EC -key private.pem -public peerkey.pem
Generate Self Signed Certificate:
./edgetk -pkey certgen -key private.pem [-pwd "pass"] [-cert "output.ext"]
Generate Certificate Signing Request:
./edgetk -pkey req -key private.pem [cert.csr]
Sign CSR with CA Certificate:
./edgetk -pkey x509 -key private.pem -cert cacert.pem cert.csr [cert.crt]
Parse Certificate info:
./edgetk -pkey [text|modulus] -cert certificate.pem
TLS Layer (TCP/IP):
./edgetk -tcp ip > MyExternalIP.txt
./edgetk -tcp server -cert certificate.pem -key private.pem [-ipport "8081"]
./edgetk -tcp client -cert certificate.pem -key private.pem [-ipport "127.0.0.1:8081"]
Symmetric key generation (256-bit):
./edgetk -rand 256
Encryption/decryption with block cipher:
./edgetk -crypt enc -key $256bitkey < plaintext.ext > ciphertext.ext
./edgetk -crypt dec -key $256bitkey < ciphertext.ext > plaintext.ext
HMAC:
./edgetk -mac hmac -key "secret" < file.ext
./edgetk -mac hmac -key "secret" -signature $256bitmac < file.ext
echo $?
HKDF (HMAC-based key derivation function) (128-bit):
./edgetk -hkdf 128 -key "IKM" [-salt "salt"] [-info "AD"]
Hex Encoder/Decoder:
./edgetk -hex enc < file.ext > file.hex
./edgetk -hex dec < file.hex > file.ext
./edgetk -hex dump < file.ext

Contribute

Use issues for everything

  • You can help and get help by:
    • Reporting doubts and questions
  • You can contribute by:
    • Reporting issues
    • Suggesting new features or enhancements
    • Improve/fix documentation

License

This project is licensed under the ISC License.

Directories

Path Synopsis
cmd
edgetk

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.