[pkgsrc/trunk]: pkgsrc/security/dhbitty Import dhbitty-20120812 into the Pack...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/dhbitty Import dhbitty-20120812 into the Pack...
From: agc <agc%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 12:47:27 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/9b3368cb367f
branches:  trunk
changeset: 607423:9b3368cb367f
user:      agc <agc%pkgsrc.org@localhost>
date:      Sat Aug 11 17:43:46 2012 +0000

description:
Import dhbitty-20120812 into the Packages Collection.

        dhbitty is a small public key encryption program written in C.  It
        uses elliptic curve Diffie-Hellman in the form of Curve25519 to
        establish a shared secret between two users, and uses that secret to
        symmetrically encrypt and authenticate messages.

        There are no private key files; only passphrases.  Never lose that
        pesky thing again.

        Both the sender and the receiver can decrypt a message.  In fact,
        there is no distinction between sender and receiver.  Both passphrases
        must be strong.

        There is no signing.  A similarly useful form of authentication occurs
        using only DH.  dhbitty attempts to be as simple as possible.  It is
        not optimized, but achieves a comfortable speed for most uses.  It
        does not use floating point numbers, or integers longer than 32 bits.
        It does not contain more algorithms than are needed.

Example

   This is how Alice generates her public key with dhbitty:
$ dhbitty generate alice_public_key.txt
username:passphrase (this is visible!): alice:Keyfiles be damned!
Done.

   Bob will do the same thing:
$ dhbitty generate bob_public_key.txt
username:passphrase (this is visible!): bob:Bob's Spectacular Passphrase
Done.

   Alice will publish her alice_public_key.txt, and Bob will publish his bob_public_key.txt. They can now access each other's
   public keys. (But they should be careful that Eve cannot surreptitiously replace either public key with her own!)

   Alice wants to send files to Bob. She packages them into a .tar archive (or any other type of archive with timestamps), along
   with her message. Then she uses dhbitty:
$ dhbitty encrypt bob_public_key.txt files_to_bob.tar files_to_bob.tar.dhbt
username:passphrase (this is visible!): alice:Keyfiles be damned!
Done.

   Alice sends files_to_bob.tar.dhbt to Bob. Bob will use dhbitty to decrypt this archive:
$ dhbitty decrypt files_to_bob.tar.dhbt files_to_bob.tar
username:passphrase (this is visible!): bob:Bob's Spectacular Passphrase
This is the public key of file's secondary owner:
0002f02b318c307bac07f3148a33c975cea04b79a870f0a5c7771cd38cc1986e
Done.

   Bob can verify that the public key dhbitty just gave him indeed is Alice's public key. He unpacks the now-decrypted archive to
   access the files Alice sent to him.

   In practice, Alice and Bob should use a system like diceware to pick passphrases, in order to be confident of their strength.
   Seven words picked using diceware is a good choice.

diffstat:

 security/dhbitty/DESCR              |   17 ++++
 security/dhbitty/Makefile           |   32 ++++++++
 security/dhbitty/PLIST              |    3 +
 security/dhbitty/distinfo           |    5 +
 security/dhbitty/files/dhbitty.html |  134 ++++++++++++++++++++++++++++++++++++
 5 files changed, 191 insertions(+), 0 deletions(-)

diffs (211 lines):

diff -r 59e321e1605a -r 9b3368cb367f security/dhbitty/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dhbitty/DESCR    Sat Aug 11 17:43:46 2012 +0000
@@ -0,0 +1,17 @@
+dhbitty is a small public key encryption program written in C.  It
+uses elliptic curve Diffie-Hellman in the form of Curve25519 to
+establish a shared secret between two users, and uses that secret to
+symmetrically encrypt and authenticate messages.
+
+There are no private key files; only passphrases.  Never lose that
+pesky thing again.
+
+Both the sender and the receiver can decrypt a message.  In fact,
+there is no distinction between sender and receiver.  Both passphrases
+must be strong.
+
+There is no signing.  A similarly useful form of authentication occurs
+using only DH.  dhbitty attempts to be as simple as possible.  It is
+not optimized, but achieves a comfortable speed for most uses.  It
+does not use floating point numbers, or integers longer than 32 bits.
+It does not contain more algorithms than are needed.
diff -r 59e321e1605a -r 9b3368cb367f security/dhbitty/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dhbitty/Makefile Sat Aug 11 17:43:46 2012 +0000
@@ -0,0 +1,32 @@
+# $NetBSD: Makefile,v 1.1.1.1 2012/08/11 17:43:46 agc Exp $
+
+DISTNAME=              dhbitty.c
+PKGNAME=               dhbitty-20120806
+CATEGORIES=            security
+MASTER_SITES=          http://cipherdev.org/rnd/
+EXTRACT_SUFX=          #empty
+
+MAINTAINER=            agc%NetBSD.org@localhost
+COMMENT=               Small public key ECDH encryption/decryption program
+HOMEPAGE=              http://cipherdev.org/dhbitty.html
+LICENSE=               public-domain
+
+PKG_INSTALLATION_TYPES=        overwrite pkgviews
+PKG_DESTDIR_SUPPORT=   user-destdir
+
+WRKSRC=                        ${WRKDIR}
+
+INSTALLATION_DIRS=     bin share/doc/dhbitty
+
+do-extract:
+       ${MKDIR} ${WRKSRC}
+       ${CP} ${DISTDIR}/dhbitty.c ${WRKSRC}/dhbitty.c
+
+do-build:
+       cd ${WRKSRC} && ${CC} ${CFLAGS} -o dhbitty dhbitty.c
+
+do-install:
+       ${INSTALL_PROGRAM} ${WRKSRC}/dhbitty ${DESTDIR}${PREFIX}/bin
+       ${INSTALL_DATA} ${FILESDIR}/dhbitty.html ${DESTDIR}${PREFIX}/share/doc/dhbitty/
+
+.include "../../mk/bsd.pkg.mk"
diff -r 59e321e1605a -r 9b3368cb367f security/dhbitty/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dhbitty/PLIST    Sat Aug 11 17:43:46 2012 +0000
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2012/08/11 17:43:46 agc Exp $
+bin/dhbitty
+share/doc/dhbitty/dhbitty.html
diff -r 59e321e1605a -r 9b3368cb367f security/dhbitty/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dhbitty/distinfo Sat Aug 11 17:43:46 2012 +0000
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2012/08/11 17:43:46 agc Exp $
+
+SHA1 (dhbitty.c) = f9b101b6be5c88ae9f9980baa2846f276d324531
+RMD160 (dhbitty.c) = 10ecd79130e23115a192e4b9c575fbf901f78e8f
+Size (dhbitty.c) = 17140 bytes
diff -r 59e321e1605a -r 9b3368cb367f security/dhbitty/files/dhbitty.html
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dhbitty/files/dhbitty.html       Sat Aug 11 17:43:46 2012 +0000
@@ -0,0 +1,134 @@
+<!DOCTYPE html>
+<html>
+<head><title>dhbitty</title>
+<style type="text/css">
+body {font-family: sans-serif; font-size: 130%;}
+div#updates {font-size: 90%;}
+span.alice {color: #a00;}
+span.bob {color: #00a;}
+span.fn {font-family: serif}
+span.dhb {font-family: serif}
+</style>
+</head>
+<body>
+
+<h1>dhbitty</h1>
+
+<div id="updates">
+<p>2012-08-06: Page created.</p>
+</div>
+
+<div id="content">
+<p><span class="dhb"><b>dhbitty</b></span> is a small public key encryption 
+program written in C. It uses elliptic curve Diffie-Hellman in the form of 
+Curve25519 to establish a shared secret between two users, and uses that secret 
+to symmetrically encrypt and authenticate messages.</p>
+
+<p><span class="dhb">dhbitty</span> differs from most other public key 
+encryption programs in a few significant ways.</p>
+
+<ul>
+<li>There are no private key files; only passphrases. Never lose that pesky 
+thing again.</li>
+<li>Both the sender and the receiver can decrypt a message. In fact, there is 
+no distinction between sender and receiver. Both passphrases must be strong.</li>
+<li>There is no signing. A similarly useful form of authentication occurs using 
+only DH.</li>
+</ul>
+
+<p><span class="dhb">dhbitty</span> attempts to be as simple as possible. It is 
+not optimized, but achieves a comfortable speed for most uses. It does not use 
+floating point numbers, or integers longer than 32 bits. It does not contain 
+more algorithms than are needed.</p>
+
+<p>Download: <a href="http://cipherdev.org/rnd/dhbitty.c";>dhbitty.c</a></p>
+
+<p>My <span class="fn">dhbitty.c</span> and this page are in the public 
+domain.</p>
+
+<hr>
+
+<h2>Example</h2>
+
+<p>This is how Alice generates her public key with dhbitty:</p>
+
+<pre>$ <span class="alice">dhbitty generate alice_public_key.txt</span>
+username:passphrase (this is visible!): <span class="alice">alice:Keyfiles be damned!</span>
+Done.</pre>
+
+<p>Bob will do the same thing:</p>
+
+<pre>$ <span class="bob">dhbitty generate bob_public_key.txt</span>
+username:passphrase (this is visible!): <span class="bob">bob:Bob's Spectacular Passphrase</span>
+Done.</pre>
+
+<p>Alice will publish her <span class="fn">alice_public_key.txt</span>, and Bob 
+will publish his <span class="fn">bob_public_key.txt</span>. They can now 
+access each other's public keys. (But they should be careful that Eve cannot 
+surreptitiously replace either public key with her own!)</p>
+
+<p>Alice wants to send files to Bob. She packages them into a 
+<span class="fn">.tar</span> archive (or any other type of archive with 
+timestamps), along with her message. Then she uses dhbitty:</p>
+
+<pre>$ <span class="alice">dhbitty encrypt bob_public_key.txt files_to_bob.tar files_to_bob.tar.dhbt</span>
+username:passphrase (this is visible!): <span class="alice">alice:Keyfiles be damned!</span>
+Done.</pre>
+
+<p>Alice sends <span class="fn">files_to_bob.tar.dhbt</span> to Bob. Bob will 
+use dhbitty to decrypt this archive:</p>
+
+<pre>$ <span class="bob">dhbitty decrypt files_to_bob.tar.dhbt files_to_bob.tar</span>
+username:passphrase (this is visible!): <span class="bob">bob:Bob's Spectacular Passphrase</span>
+This is the public key of file's secondary owner:
+0002f02b318c307bac07f3148a33c975cea04b79a870f0a5c7771cd38cc1986e
+Done.</pre>
+
+<p>Bob can verify that the public key dhbitty just gave him indeed is Alice's 
+public key. He unpacks the now-decrypted archive to access the files Alice sent 
+to him.</p>
+
+<p>In practice, Alice and Bob should use a system like diceware to pick 
+passphrases, in order to be confident of their strength. Seven words picked 
+using diceware is a good choice.</p>
+
+<hr>
+
+<h2>Technical summary</h2>
+
+<p>The key derivation function works like this: T(H(H(input) || S(H(input)))).  
+Here H is a 512-bit hash function built by using the EnRUPT block cipher in the 
+sponge construction. S is an expensive function that compresses 512 bits to 32 
+bits. Finally, T truncates 512 bits to 256 bits. The AT cost of this 
+construction is similar to 2<sup>32</sup> iterations of SHA-1; I'll reserve the 
+details for another document. The return value works directly as a Curve25519 
+private key (after fixing several bits, which is handled within the DH 
+function).</p>
+
+<p>When a file is encrypted, both public keys will be included in the output 
+file, in sorted order.</p>
+
+<p>For symmetric encryption and authentication, an EnRUPT sponge context is 
+initialized for each using the shared secret, a random 128-bit nonce, and a 
+public string ("encrypt" or "authenticate"). The data is encrypted and then 
+authenticated in a single pass.</p>
+
+<p>If on Windows, CryptGenRandom is used for randomness. Otherwise, reading 
+from /dev/urandom is attempted.</p>
+
+<p>This is the file format:</p>
+<ul>
+<li>32 bytes: public key 1</li>
+<li>32 bytes: public key 2</li>
+<li>16 bytes: nonce</li>
+<li>?? bytes: ciphertext</li>
+<li>16 bytes: tag</li>
+</ul>
+
+<hr>
+
+<a href="http://cipherdev.org/";>Cipherdev</a>
+
+</div>
+</body>
+</html>
Prev by Date: [pkgsrc/trunk]: pkgsrc/x11/vte029 Import vte029-0.32.2 as x11/vte029.
Next by Date: [pkgsrc/trunk]: pkgsrc/audio/mp3splt Update to 2.5.2
Previous by Thread: [pkgsrc/trunk]: pkgsrc/x11/vte029 Import vte029-0.32.2 as x11/vte029.
Next by Thread: [pkgsrc/trunk]: pkgsrc/audio/mp3splt Update to 2.5.2
Indexes:
Home | Main Index | Thread Index | Old Index