GSoC Reports: Extending the functionality of NetPGP, Part 1


July 13, 2020 posted by Kamil Rytarowski

This report was prepared by Jason High as a part of Google Summer of Code 2020

NetPGP is a library and suite of tools implementing OpenPGP under a BSD license. As part of Google Summer of Code 2020, we are working to extend its functionality and work towards greater parity with similar tools. During the first phase, we have made the following contributions

  1. Added the Blowfish block cipher
  2. ECDSA key creation
  3. ECDSA signature and verification
  4. Symmetric file encryption/decryption
  5. S2K Iterated+Salt for symmetric encryption

ECDSA key generation is done using the '--ecdsa' flag with netpgpkeys or the 'ecdsa' property if using libnetpgp

[jhigh@gsoc2020nb gsoc]$ netpgpkeys --generate-key --ecdsa --homedir=/tmp
signature  secp521r1/ECDSA a0cdb04e3e8c5e34 2020-06-25 
fingerprint d9e0 2ae5 1d2f a9ae eb96 ebd4 a0cd b04e 3e8c 5e34 
uid              jhigh@localhost
Enter passphrase for a0cdb04e3e8c5e34: 
Repeat passphrase for a0cdb04e3e8c5e34: 
generated keys in directory /tmp/a0cdb04e3e8c5e34
[jhigh@gsoc2020nb gsoc]$ 

[jhigh@gsoc2020nb gsoc]$ ls -l /tmp/a0cdb04e3e8c5e34
total 16
-rw-------  1 jhigh  wheel  331 Jun 25 16:03 pubring.gpg
-rw-------  1 jhigh  wheel  440 Jun 25 16:03 secring.gpg
[jhigh@gsoc2020nb gsoc]$ 

Signing with ECDSA does not require any changes

[jhigh@gsoc2020nb gsoc]$ netpgp --sign --homedir=/tmp/a0cdb04e3e8c5e34 --detach --armor testfile.txt 
signature  secp521r1/ECDSA a0cdb04e3e8c5e34 2020-06-25 
fingerprint d9e0 2ae5 1d2f a9ae eb96 ebd4 a0cd b04e 3e8c 5e34 
uid              jhigh@localhost
netpgp passphrase: 
[jhigh@gsoc2020nb gsoc]$ 

[jhigh@gsoc2020nb gsoc]$ cat testfile.txt.asc 
-----BEGIN PGP MESSAGE-----

wqcEABMCABYFAl71EYwFAwAAAAAJEKDNsE4+jF40AAAVPgIJASyzuZgyS13FHHF/9qk6E3pYra2H
tDdkqxYzNIqKnWHaB+a4J+/R7FkZItbC/EyXH5YA68AC1dJ7tRN/tJNIWfYjAgUb75SvM2mLHk13
qmBo48S0Ai8C82G4nT7/16VF2OOUn7F/3XICghoQOyS1nxJilj8u2uphLOoy9VayL1ErORIZVw==
=p30e
-----END PGP MESSAGE-----
[jhigh@gsoc2020nb gsoc]$ 

Verification remains the same, as well.

[jhigh@gsoc2020nb gsoc]$ netpgp --homedir=/tmp/a0cdb04e3e8c5e34 --verify testfile.txt.asc 
netpgp: assuming signed data in "testfile.txt"
Good signature for testfile.txt.asc made Thu Jun 25 16:05:16 2020
using ECDSA key a0cdb04e3e8c5e34
signature  secp521r1/ECDSA a0cdb04e3e8c5e34 2020-06-25 
fingerprint d9e0 2ae5 1d2f a9ae eb96 ebd4 a0cd b04e 3e8c 5e34 
uid              jhigh@localhost
[jhigh@gsoc2020nb gsoc]$ 

Symmetric encryption is now possible using the '--symmetric' flag with netpgp or the 'symmetric' property in libnetpgp

[jhigh@gsoc2020nb gsoc]$ netpgp --encrypt --symmetric --armor testfile.txt 
Enter passphrase: 
Repeat passphrase: 
[jhigh@gsoc2020nb gsoc]$ 

[jhigh@gsoc2020nb gsoc]$ cat testfile.txt.asc 
-----BEGIN PGP MESSAGE-----

wwwEAwEIc39k1V6xVi3SPwEl2ww75Ufjhw7UA0gO/niahHWK50DFHSD1lB10nUyCTgRLe6iS9QZl
av5Nji9BuQFcrqo03I1jG/L9s/4hww==
=x41O
-----END PGP MESSAGE-----
[jhigh@gsoc2020nb gsoc]$ 

Decryption of symmetric packets requires no changes

[jhigh@gsoc2020nb gsoc]$ netpgp --decrypt testfile.txt.asc 
netpgp passphrase: 
[jhigh@gsoc2020nb gsoc]$ 

We added two new flags to support s2k mode 3: '--s2k-mode' and '--s2k-count'. See RFC4880 for details.

[jhigh@gsoc2020nb gsoc]$ netpgp --encrypt --symmetric --s2k-mode=3 --s2k-count=96 testfile.txt 
Enter passphrase: 
Repeat passphrase: 
[jhigh@gsoc2020nb gsoc]$ 


[jhigh@gsoc2020nb gsoc]$ gpg -d testfile.txt.gpg 
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
this
is
a
test
[jhigh@gsoc2020nb gsoc]$ 
[0 comments]

 



Post a Comment:
Comments are closed for this entry.