Pretty Curved Privacy 0.2.0
    Quick Start
        ASCII Cast Demo
    Installation
    Documentation
    API Documentation
    Copyright
    Additional Copyrights
    Authors
    License

 

Pretty Curved Privacy 0.2.0

Pretty Curved Privacy (pcp1) is a commandline utility which can be used to encrypt files. pcp1 uses eliptc curve cryptography for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide accepted standard it hasn't been compromised by the NSA - which might be better, depending on your point of view.

Caution: since CURVE25519 is no accepted standard, pcp1 has to be considered as experimental software. In fact, I wrote it just to learn about the curve and see how it works.

Beside some differences it works like GNUPG. So, if you already know how to use gpg, you'll feel almost home.

Quick Start

Lets say, Alicia and Bobby want to exchange encrypted messages. Here's what the've got to do.

First, both have create a secret key:

 Alicia                             Bobby
 pcp1 -k                            pcp1 -k 

After entering their name, email address and a passphrase to protect the key, it will be stored in their vault file (by default ~/.pcpvault).

Now, both of them have to export the public key, which has to be imported by the other one. With pcp you can export the public part of your primary key, but the better solution is to export a derived public key especially for the recipient:

 Alicia                             Bobby
 pcp1 -p -r Bobby -O alicia.pub     pcp1 -p -r Alicia -O bobby.pub 

They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever

). Once exchanged, they have to import it:

 Alicia                             Bobby
 pcp1 -P -I bobby.pub               pcp1 -P -I alicia.pub 

They will see a response as this when done:

 key 0x29A323A2C295D391 added to .pcpvault. 

Now, Alicia finally writes the secret message, encrypts it and sends it to Bobby, who in turn decrypts it:

 Alicia                             Bobby
 echo "Love you, honey" > letter
 pcp1 -e -i 0x29A323A2C295D391 -I letter -O letter.z85
 cat letter.z85 | mail bobby@foo.bar 
                                    pcp1 -d -I letter.z85 | less 

And that's it.

Please note the big difference to GPG though: both Alicia AND Bobby have to enter the passphrase for their secret key! That's the way CURVE25519 works: you encrypt a message using your secret key and the recipients public key and the recipient does the opposite, he uses his secret key and your public key to actually decrypt the message.

Oh - and if you're wondering why I named them Alicia and Bobby: I was just sick of Alice and Bob. We're running NSA-free, so we're using other sample names as well.

ASCII Cast Demo

There is an aciicast demonstrating the use of pcp.

Installation

There are currently no packages available, so pcp has to be compiled from source. Follow these steps:

First, you will need libsodium:

 git clone git://github.com/jedisct1/libsodium.git
 cd libsodium
 ./autogen.sh
 ./configure && make check
 sudo make install
 sudo ldconfig
 cd .. 

Next, pcp. You can fetch the latest GIT repository, but be aware, that it is a living source, there might be current changes underway, it might not be working:

 git clone git://github.com/tlinden/pcp.git
 cd pcp
 ./configure
 sudo make install
 cd .. 

I'd rather suggest to download the current release file:

pretty-curved-privacy-0.2.0.tar.gz.

Unpack the tarball and compile with:

 ./configure
 make
 sudo make install 

Optionally, you might run the unit tests:

 make test 

Please note that you'll need some perl modules installed in order to execute the unit tests: Config::General, Test::More and Tie::IxHash.

The current source tarball authenticity can be verified using the following PCP key: pcp-key-0x4F2D3CD036D72008-tom.z85. The PCP Signature for version 0.2.0: pretty-curved-privacy-0.2.0.tar.gz.z85.

You may of course use PGP to verify the PGP signature as well: pretty-curved-privacy-0.2.0.tar.gz.gpg.

File checksums are:

 MD5    ecddcd501b096076008615e166477a87
 SHA256 b4623d5952293ef52e3d1be56edc57a3b1f34533b8c9689df14e0964a8a18185 

Documentation

To learn how to use pcp, read the manpage:

 man pcp1 

There's a HTML Version for online reading as well.

API Documentation

Documentation for the libpcp API can be read here.

Copyright

Copyright (c) 2013-2014 by T.v.Dein

Additional Copyrights

ZeroMQ Z85 encoding routine
 Copyright (c) 2007-2013 iMatix Corporation
 Copyright (c) 2009-2011 250bpm s.r.o.
 Copyright (c) 2010-2011 Miru Limited
 Copyright (c) 2011 VMware, Inc.
 Copyright (c) 2012 Spotify AB 
Tarsnap readpass helpers
 Copyright 2009 Colin Percival 
jen_hash() hash algorithm
 Bob Jenkins, Public Domain. 
UTHASH hashing macros
 Copyright (c) 2003-2013, Troy D. Hanson 
Random art image from OpenSSH keygen
 Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved. 
 Comitted by Alexander von Gernler in rev 1.7. 

Every incorporated source code is opensource and licensed under the GPL as well.

Authors

T.v.Dein

License

Licensed under the GNU GENERAL PUBLIC LICENSE version 3.