SECCURE Elliptic Curve Crypto Utility for Reliable Encryption

The seccure toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). In particular it offers public key encryption / decryption, signature generation / verification and rudimentary key establishment.

ECC schemes offer a much better key size to security ratio than classical systems (RSA, DSA). Keys are short enough to make direct specification of keys on the command line possible (sometimes this is more convenient than the management of PGP-like key rings). seccure builds on this feature and therefore is the tool of choice whenever lightweight asymmetric cryptography -- independent of key servers, revocation certificates, the Web of Trust or even configuration files -- is required.

License, Patents, Security

seccure is free software published under the GNU Lesser General Public License v3 (LGPL). To my best knowledge none of the implemented algorithms and cryptographical schemes (ECDH, ECIES, ECDSA, AES-CTR, SHA256, SHA512) is covered by software patents (see the Patent statement). All the named algorithms and all underlying elliptic curves (standardized by NIST and SECG) are considered cryptographically secure nowadays. seccure received two security audits (by Ulf Harnhammar and Brian M. Carlson of the Debian auditing team) in August 2006, neither of them detecting a problem.

Downloading, Building, Manual

First download seccure in the latest version. Then, after having made sure that libgcrypt is properly installed, run make and make install as usual.

seccure-0.5.tar.gz (SHA1: 115cbd7d9acdb7aa111de96dad6b3fbced728ad3, Aug 2014)
seccure-0.4.tar.gz (SHA1: 883e335f58cc36279c33493ab219f4940a46dab8, Apr 2009)
seccure-0.3.tar.gz (SHA1: ab72f7e26e089ace6984af4fa1f2f5899ea05a5b, Aug 2006)
seccure-0.2.tar.gz (SHA1: ccf94e77a43f8aaddfcce3439afb190a79b64f3a, Aug 2006)
seccure-0.1.tar.gz (SHA1: df7a8e9e167b61247eb4c37832e698306e223ee5, Jul 2006)

A manpage is available as groff and html version.

Read the HISTORY file for the changes between the versions. There exists a debian package for seccure. There exists an outdated freshmeat/freecode page.

How is seccure used?

First we give an example for key generation:
$ seccure-key
Assuming curve p160.
Enter private key: my private key
The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn  

Then we do some public key encryption / decryption:
$ seccure-encrypt -o private.msg '8W;>i^H0qi|J&$coR5MFpR*Vn'  
Assuming MAC length of 80 bits.
Go ahead and type your message ...
This is a very very secret message!
^D

$ seccure-decrypt -i private.msg
Assuming MAC length of 80 bits.
Assuming curve p160.
Enter private key: my private key
This is a very very secret message!
Integrity check successful, message unforged!

We try out the signature generation / verification:
$ seccure-sign
Assuming curve p160.
Enter private key: my private key
Go ahead and type your message ...
This message will be signed
^D
Signature: $HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq

$ seccure-verify '8W;>i^H0qi|J&$coR5MFpR*Vn' '$HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq'  
Go ahead and type your message ...
This message will be signed
^D
Signature successfully verified!

For a Diffie-Hellman key exchange we run two instances in parallel:
$ seccure-dh                                                        |      $ seccure-dh
Assuming curve p160.                                                |      Assuming curve p160.
Pass this key to your peer: 6cuC+ODUT5%uPnS<0HR*<F6X(               |      Pass this key to your peer: Ap]_BBbK>3hZjKr<#W+BX-z-7  
Enter your peer's key: Ap]_BBbK>3hZjKr<#W+BX-z-7                    |      Enter your peer's key: 6cuC+ODUT5%uPnS<0HR*<F6X(
Established key: $$b|qzU0~1y/f                                      |      Established key: $$b|qzU0~1y/f
Verification key: %#R.Fc+q>a1]v                                     |      Verification key: %#R.Fc+q>a1]v

Final notices

ssss: Shamir's Secret Sharing Scheme is another crypto software by the same author.

If seccure is of value for you, please consider donating some money:

bitcoin logo Bitcoin address: 13mWbY622WEnjrbaQAyxLXSVaaKJz44zyK bitcoin address


The text of this page is licensed under the GNU Lesser General Public License v3. Copyright 2006-2014 by B. Poettering (seccure AT point-at-infinity.org).
Last modified: Tue Aug 05 2014