README
¶
🇧🇷 BR-PROT Toolkit (Prototype 1521)
Out Bolsonaro!
Multi-purpose cross-platform cryptography tool for symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password-based key derivation function (PBKDF2), shared key agreement (ECDH), digital signature (ECDSA) and TLS 1.2 for small or embedded systems.
Padrão Brasileiro (Security Suite)
Public Key Algorithms:
- BN 256/512-bit (Paulo Barreto & Michael Naehrig) (Default)
- SM9 (BN 256-bit variant) (Chinese Academy of Sciences)
- Brainpool 256/512-bit
- ECDSA (Secp256r1 and Secp521r1 for TLS)
Block Ciphers:
- Anubis (128-bit) (Paulo Barreto & Vincent Rijmen) (Default)
- Rijndael 128/192/256-bit (Joan Daemen & Vincent Rijmen)
Modes of Operation for Block Ciphers
- EAX: Encrypt-Authenticate-Translate (AEAD) (Default)
- GCM: Galois/Counter Mode (AEAD)
- OCB: Offset CodeBook (AEAD)
- CFB8: Cipher Feedback 8-bit
- CTR: Counter
- OFB: Output Feedback
Hash Digests:
- Keccak Legacy 256/512-bit (Joan Daemen)
- RIPEMD 128/256-bit
- SHA2 256/512-bit
- SHA3 256/512-bit (Joan Daemen)
- Whirlpool (512-bit) (Paulo Barreto & Vincent Rijmen) (default)
MAC Algorithm:
- Chaskey (128-bit)
Features
-
Cryptographic Functions:
- Symmetric Encryption + AEAD Modes
- Digital Signature (ECDSA)
- Recursive Hash Digest + Check
- Shared key agreement (ECDH)
- CMAC (Cipher-based message authentication code)
- PMAC (Parallelizable message authentication code)
- HMAC (Hash-based message authentication code)
- HKDF (HMAC-based key derivation function)
- PBKDF2 (Password-based key derivation function)
- TLS 1.2 (Transport Layer Security)
-
Non-Cryptographic Functions:
- Data sanitization method
- Bin to Hex/Hex to Bin string conversion
- Random Art (Public key Fingerprint)
Usage
-algorithm string
Public key algorithm: brainpool256r1, fp256bn. (default "fp256bn")
-bits int
Key length: 128, 192 or 256. (for RAND and PBKDF2) (default 128)
-check string
Check hashsum file. ('-' for STDIN)
-cipher string
Symmetric algorithm: Rijndael or Anubis. (default "anubis")
-crypt string
Encrypt/Decrypt with block ciphers.
-digest string
Target file/wildcard to generate hashsum list. ('-' for STDIN)
-hex string
Encode binary string to hex format and vice-versa.
-hkdf
HMAC-based key derivation function with a given output bit length.
-info string
Associated data, additional info. (for HKDF and AEAD encryption)
-iter int
Iterations. (for PBKDF2 and SHRED commands) (default 1)
-iv string
Initialization vector. (for non-AEAD symmetric encryption)
-key string
Private/Public key, Secret key or Password.
-mac string
Compute Hash-based/Cipher-based message authentication code.
-md string
Hash algorithm: SHA2, SHA3 or Whirlpool. (default "whirlpool")
-mode string
Mode of operation: GCM, OCB, CFB8, CTR or OFB. (default "EAX")
-pbkdf2
Password-based key derivation function.
-pkey string
Generate keypair, Derive shared secret, Sign and Verify.
-pub string
Remote's side Public key/remote's side Public IP.
-rand
Generate random cryptographic key.
-recursive
Process directories recursively.
-salt string
Salt. (for PBKDF2)
-shred string
Files/Path/Wildcard to apply data sanitization method.
-signature string
Signature. (for signature verification only)
-tcp string
Encrypted TCP/IP Transfer Protocol. [dump|listen|ip|send|dial]
Examples
Asymmetric EC keypair generation:
./prottk -pkey generate
./prottk -pkey text -key $prvkey
Shared key agreement:
./prottk -pkey derive -key $prvkey -pub $pubkey
Digital signature:
./prottk -pkey sign -key $prvkey < file.ext > sign.txt
sign=$(cat sign.txt)
./prottk -verify -key $pubkey -signature $sign < file.ext
echo $?
Symmetric key generation:
./prottk -rand [-bits 128]
Encryption/decryption with Anubis block cipher:
./prottk -crypt enc -key $128bitkey < plaintext.ext > ciphertext.ext
./prottk -crypt dec -key $128bitkey < ciphertext.ext > plaintext.ext
HMAC:
./prottk -mac hmac -key $128bitkey < file.ext
./prottk -mac hmac -key $128bitkey -signature $hmac < file.ext
CMAC/PMAC:
./prottk -mac cmac -key $64bitkey < file.ext
./prottk -mac cmac -key $64bitkey -signature $128bitmac < file.ext
Chaskey MAC:
./prottk -mac chaskey -key $64bitkey < file.ext
./prottk -mac chaskey -key $64bitkey -signature $128bitmac < file.ext
HKDF (HMAC-based key derivation function 128-bit output):
./prottk -hkdf [-bits 128] -key "IKM" -info "AD" -salt "salt"
PBKDF2 (password-based key derivation function 2):
./prottk -pbkdf2 -key "pass" -iter 10000 -salt "salt"
Note:
PBKDF2 function can be combined with the CRYPT, HMAC commands:
./prottk -crypt enc -pbkdf2 -key "pass" < plaintext.ext > ciphertext.ext
./prottk -mac hmac -pbkdf2 -key "pass" -salt "salt" -iter 10000 < file.ext
Shred (Data sanitization method, 25 iterations):
./prottk -shred "keypair.ini" -iter 25
Bin to Hex/Hex to Bin:
./prottk -hex enc < File.ext > File.hex
./prottk -hex dec < File.hex > File.ext
./prottk -hex dump < File.ext
TLS Layer (TCP/IP):
./prottk -tcp ip > PubIP.txt
./prottk -tcp dump [-pub "8081"] > Token.jwt
./prottk -tcp send [-pub "127.0.0.1:8081"] < Token.jwt
./prottk -tcp listen [-pub "8081"]
./prottk -tcp dial [-pub "127.0.0.1:8081"]
Random Art (Public Key Fingerprint):
./prottk -key $pubkey
./prottk -key - < Pubkey.txt
License
This project is licensed under the ISC License.
Copyright (c) 2020-2022 Pedro F. Albanese - ALBANESE Research Lab.
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.