README ¶
NUFF Toolkit: Bernstein's Cryptosystem
Multi purpose cross-platform cryptography tool for symmetric encryption, digital signature (EdDSA), shared key agreement (X25519), message authentication code (MAC), hash digest, hash-based message authentication code (HMAC) and PBKDF2 function for small or embedded systems.
Algorithms:
- BLAKE2 Message digest algorithm with 128/256/512-bit hash value.
- Chacha20Poly1305 Stream cipher with 256-bit key (AEAD mode)
- Salsa20 Stream cipher with 256-bit key.
- Ed25519/curve25519 Public key algorithm 256-bit
- Poly1305 Message authentication code algorithm 128-bit
- SipHash Message authentication code algorithm 128-bit
All by the same author except BLAKE2 (hash function based on Chacha20).
Hash Algorithms:
- blake2b256 (key optative)
- blake2b512 (key optative)
- blake2s128 (key imperative)
- blake2s256 (key optative)
Cryptographic Functions:
- Symmetric Encryption/Decryption
- Digital Signature (EdDSA)
- Shared Key Agreement (ECDH)
- Recusive Hash Digest + Check
- MAC (Poly1305-based message authentication code)
- HMAC (Hash-based message authentication code)
- PBKDF2 (Password-based key derivation function 2)
- TLS (Transport Layer Security)
Non-Cryptographic Functions:
- Data sanitization method
- Bin to Hex/Hex to Bin string conversion
- Random Art Public key Fingerprint (ssh-keygen equivalent)
Usage:
-check string Check hashsum file. (- for STDIN) -crypt string Encrypt/Decrypt with Chacha20 stream cipher AEAD mode. -derive Derive shared secret key. -digest string Target file/wildcard to generate hashsum list. (- for STDIN) -hex string Encode/Decode bin to hex and vice-versa -hmac BLAKE2 hash-based message authentication code. -host string Comma-separated hostnames and IPs. (for TLS) (default "localhost") -iter int Iterations. (for PBKDF2 and SHRED commands) (default 1) -key string Private/Public key, Secret key or Password. -keygen Generate ed25519 asymmetric keypair. -md string Message Digest algorithm. (default "blake2b256") -pbkdf2 Password-based key derivation function. -pub string Remote's side Public key. -rand Generate random cryptographic key. -recursive Process directories recursively. -salt string Salt. (for PBKDF2) -shred string File/Path/Wildcard to apply data sanitization method. -sign Sign with Private key. -signature string Signature. -tcp string Encrypted TCP/IP Transfer Protocol. [dump|ip|send] -verbose Verbose mode. (for CHECK command) -verify Verify with Public key.
Examples:
Asymmetric Ed25519 keypair generation (for sign/verify):
./nufftk -keygen
Signature (EdDSA):
./nufftk -sign -key $PrivateKey < file.ext > sign.txt sign=$(cat sign.txt) ./nufftk -verify -key $PublicKey -signature $sign < file.ext echo $?
Asymmetric curve25519 keypair generation (for shared key derivation):
./nufftk -keygen -derive
Derive shared secret key (X25519):
./nufftk -derive -key $PrivateKey -pub $PublicKey
Symmetric encryption/decryption with Chacha20 stream cipher:
./nufftk -crypt enc -key $256bitkey < plaintext.ext > ciphertext.ext ./nufftk -crypt dec -key $256bitkey < ciphertext.ext > plaintext.ext
MAC (Poly1305-based message authentication code):
./nufftk -mac -key $SecretKey < file.ext
BLAKE2 hashsum (list):
./nufftk -digest "*.*" [-recursive] [-key $secretkey]
BLAKE2 hashsum (single):
./nufftk -digest - [-key $secretkey] < file.ext
BLAKE2-HMAC (hash-based message authentication code):
./nufftk -hmac -key $SecretKey < file.ext
PBKDF2 (password-based key derivation function 2):
./nufftk -pbkdf2 -key "pass" -iter 10000 -salt "salt"
Note:
The PBKDF2 function can be combined with the CRYPT and HMAC commands:
./nufftk -crypt -pbkdf2 -key "pass" < plaintext.ext > ciphertext.ext ./nufftk -hmac -pbkdf2 -key "pass" -iter 10000 -salt "salt" < file.ext
Shred (Data sanitization method, 25 iterations):
Prevents data recovery using standard recovery tools.
./nufftk -shred keypair.ini -iter 25
Bin to Hex/Hex to Bin:
echo somestring|./nufftk -hex enc echo hexstring|./nufftk -hex dec
TCP/IP Dump/Send:
./nufftk -tcp ip > PublicIP.txt ./nufftk -tcp dump [-pub "8081"] echo $Pubkey|./nufftk -tcp send [-pub "8081" -host "127.0.0.1"]
Random Art (Public Key Fingerprint):
./nufftk -key $pubkey or ./nufftk -key - < PubKey.pem
License
This project is licensed under the ISC License.
Military Grade Reliability. Copyright (c) 2020-2021 Pedro Albanese - ALBANESE Research Lab.
Click to show internal directories.
Click to hide internal directories.