README ¶
🇧🇷 BR-PROT Toolkit (Prototype 1521)
Out Bolsonaro!
Multi-purpose cross-platform cryptography tool for symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password-based key derivation function (PBKDF2), shared key agreement (ECDH), digital signature (ECDSA) and TLS 1.2 for small or embedded systems.
Padrão Brasileiro (Security Suite)
Public Key Algorithms:
- BN 256/512-bit (Paulo Barreto & Michael Naehrig) (Default)
- SM9 (BN 256-bit variant) (Chinese Academy of Sciences)
- Brainpool 256/512-bit
- ECDSA (Secp256r1 and Secp521r1 for TLS)
Block Ciphers:
- Anubis (128-bit) (Paulo Barreto & Vincent Rijmen) (Default)
- Rijndael 128/192/256-bit (Joan Daemen & Vincent Rijmen)
Modes of Operation for Block Ciphers
- EAX: Encrypt-Authenticate-Translate (AEAD) (Default)
- GCM: Galois/Counter Mode (AEAD)
- OCB: Offset CodeBook (AEAD)
- CFB8: Cipher Feedback 8-bit
- CTR: Counter
- OFB: Output Feedback
Hash Digests:
- Keccak Legacy 256/512-bit (Joan Daemen)
- RIPEMD 128/256-bit
- SHA2 256/512-bit
- SHA3 256/512-bit (Joan Daemen)
- Whirlpool (512-bit) (Paulo Barreto & Vincent Rijmen) (default)
MAC Algorithm:
- Chaskey (128-bit)
Features
-
Cryptographic Functions:
- Symmetric Encryption + AEAD Modes
- Digital Signature (ECDSA)
- Recursive Hash Digest + Check
- Shared key agreement (ECDH)
- CMAC (Cipher-based message authentication code)
- PMAC (Parallelizable message authentication code)
- HMAC (Hash-based message authentication code)
- HKDF (HMAC-based key derivation function)
- PBKDF2 (Password-based key derivation function)
- TLS 1.2 (Transport Layer Security)
-
Non-Cryptographic Functions:
- Data sanitization method
- Bin to Hex/Hex to Bin string conversion
- Random Art (Public key Fingerprint)
Usage
-algorithm string Public key algorithm: brainpool256r1, fp256bn. (default "fp256bn") -bits int Key length: 128, 192 or 256. (for RAND and PBKDF2) (default 128) -check string Check hashsum file. ('-' for STDIN) -cipher string Symmetric algorithm: Rijndael or Anubis. (default "anubis") -crypt string Encrypt/Decrypt with block ciphers. -digest string Target file/wildcard to generate hashsum list. ('-' for STDIN) -hex string Encode binary string to hex format and vice-versa. -hkdf HMAC-based key derivation function with a given output bit length. -info string Associated data, additional info. (for HKDF and AEAD encryption) -iter int Iterations. (for PBKDF2 and SHRED commands) (default 1) -iv string Initialization vector. (for non-AEAD symmetric encryption) -key string Private/Public key, Secret key or Password. -mac string Compute Hash-based/Cipher-based message authentication code. -md string Hash algorithm: SHA2, SHA3 or Whirlpool. (default "whirlpool") -mode string Mode of operation: GCM, OCB, CFB8, CTR or OFB. (default "EAX") -pbkdf2 Password-based key derivation function. -pkey string Generate keypair, Derive shared secret, Sign and Verify. -pub string Remote's side Public key/remote's side Public IP. -rand Generate random cryptographic key. -recursive Process directories recursively. -salt string Salt. (for PBKDF2) -shred string Files/Path/Wildcard to apply data sanitization method. -signature string Signature. (for signature verification only) -tcp string Encrypted TCP/IP Transfer Protocol. [dump|listen|ip|send|dial]
Examples
Asymmetric EC keypair generation:
./prottk -pkey generate
./prottk -pkey text -key $prvkey
Shared key agreement:
./prottk -pkey derive -key $prvkey -pub $pubkey
Digital signature:
./prottk -pkey sign -key $prvkey < file.ext > sign.txt
sign=$(cat sign.txt)
./prottk -verify -key $pubkey -signature $sign < file.ext
echo $?
Symmetric key generation:
./prottk -rand [-bits 128]
Encryption/decryption with Anubis block cipher:
./prottk -crypt enc -key $128bitkey < plaintext.ext > ciphertext.ext
./prottk -crypt dec -key $128bitkey < ciphertext.ext > plaintext.ext
HMAC:
./prottk -mac hmac -key $128bitkey < file.ext
./prottk -mac hmac -key $128bitkey -signature $hmac < file.ext
CMAC/PMAC:
./prottk -mac cmac -key $64bitkey < file.ext
./prottk -mac cmac -key $64bitkey -signature $128bitmac < file.ext
Chaskey MAC:
./prottk -mac chaskey -key $64bitkey < file.ext
./prottk -mac chaskey -key $64bitkey -signature $128bitmac < file.ext
HKDF (HMAC-based key derivation function 128-bit output):
./prottk -hkdf [-bits 128] -key "IKM" -info "AD" -salt "salt"
PBKDF2 (password-based key derivation function 2):
./prottk -pbkdf2 -key "pass" -iter 10000 -salt "salt"
Note:
PBKDF2 function can be combined with the CRYPT, HMAC commands:
./prottk -crypt enc -pbkdf2 -key "pass" < plaintext.ext > ciphertext.ext
./prottk -mac hmac -pbkdf2 -key "pass" -salt "salt" -iter 10000 < file.ext
Shred (Data sanitization method, 25 iterations):
./prottk -shred "keypair.ini" -iter 25
Bin to Hex/Hex to Bin:
./prottk -hex enc < File.ext > File.hex
./prottk -hex dec < File.hex > File.ext
./prottk -hex dump < File.ext
TLS Layer (TCP/IP):
./prottk -tcp ip > PubIP.txt
./prottk -tcp dump [-pub "8081"] > Token.jwt
./prottk -tcp send [-pub "127.0.0.1:8081"] < Token.jwt
./prottk -tcp listen [-pub "8081"]
./prottk -tcp dial [-pub "127.0.0.1:8081"]
Random Art (Public Key Fingerprint):
./prottk -key $pubkey
./prottk -key - < Pubkey.txt
License
This project is licensed under the ISC License.
Copyright (c) 2020-2022 Pedro F. Albanese - ALBANESE Research Lab.
Documentation ¶
There is no documentation for this package.
Click to show internal directories.
Click to hide internal directories.