The seccure toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). In particular it offers public key encryption / decryption, signature generation / verification and rudimentary key establishment.

ECC schemes offer a much better key size to security ratio than classical systems (RSA, DSA). Keys are short enough to make direct specification of keys on the command line possible (sometimes this is more convenient than the management of PGP-like key rings). seccure builds on this feature and therefore is the tool of choice whenever lightweight asymmetric cryptography -- independent of key servers, revocation certificates, the Web of Trust or even configuration files -- is required.

seccure is free software published under the GNU Lesser General Public License v3 (LGPL). To my best knowledge none of the implemented algorithms and cryptographical schemes (ECDH, ECIES, ECDSA, AES-CTR, SHA256, SHA512) is covered by software patents (see the Patent statement). All the named algorithms and all underlying elliptic curves (standardized by NIST and SECG) are considered cryptographically secure nowadays. seccure received two security audits (by Ulf Harnhammar and Brian M. Carlson of the Debian auditing team) in August 2006, neither of them detecting a problem.

First download seccure in the
latest version. Then, after having made sure that libgcrypt is
properly installed, run `make` and `make install`
as usual.

seccure-0.5.tar.gz (SHA1: `115cbd7d9acdb7aa111de96dad6b3fbced728ad3`, Aug 2014)

seccure-0.4.tar.gz (SHA1: `883e335f58cc36279c33493ab219f4940a46dab8`, Apr 2009)

seccure-0.3.tar.gz (SHA1: `ab72f7e26e089ace6984af4fa1f2f5899ea05a5b`, Aug 2006)

seccure-0.2.tar.gz (SHA1: `ccf94e77a43f8aaddfcce3439afb190a79b64f3a`, Aug 2006)

seccure-0.1.tar.gz (SHA1: `df7a8e9e167b61247eb4c37832e698306e223ee5`, Jul 2006)

A manpage is available as groff and html version.

Read the HISTORY file for the changes between the versions. There exists a debian package for seccure. There exists an outdated freshmeat/freecode page.

$ seccure-key Assuming curve p160. Enter private key:my private keyThe public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn

Then we do some public key encryption / decryption:

$ seccure-encrypt -o private.msg '8W;>i^H0qi|J&$coR5MFpR*Vn' Assuming MAC length of 80 bits. Go ahead and type your message ...This is a very very secret message! ^D$ seccure-decrypt -i private.msg Assuming MAC length of 80 bits. Assuming curve p160. Enter private key:my private keyThis is a very very secret message! Integrity check successful, message unforged!

We try out the signature generation / verification:

$ seccure-sign Assuming curve p160. Enter private key:my private keyGo ahead and type your message ...This message will be signed ^DSignature: $HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq $ seccure-verify '8W;>i^H0qi|J&$coR5MFpR*Vn' '$HPI?t(I*1vAYsl$|%21WXND=6Br*[>k(OR9B!GOwHqL0s+3Uq' Go ahead and type your message ...This message will be signed ^DSignature successfully verified!

For a Diffie-Hellman key exchange we run two instances in parallel:

$ seccure-dh | $ seccure-dh Assuming curve p160. | Assuming curve p160. Pass this key to your peer: 6cuC+ODUT5%uPnS<0HR*<F6X( | Pass this key to your peer: Ap]_BBbK>3hZjKr<#W+BX-z-7 Enter your peer's key:Ap]_BBbK>3hZjKr<#W+BX-z-7| Enter your peer's key:6cuC+ODUT5%uPnS<0HR*<F6X(Established key: $$b|qzU0~1y/f | Established key: $$b|qzU0~1y/f Verification key: %#R.Fc+q>a1]v | Verification key: %#R.Fc+q>a1]v

ssss: Shamir's Secret Sharing Scheme is another crypto software by the same author.

The text of this page is licensed under the GNU Lesser General Public License v3. Copyright 2006-2018 by B. Poettering (

Last modified: Tue Jan 02 2018