Softpedia >Linux >Security >Pretty Curved Privacy >  Changelog

Pretty Curved Privacy Changelog

What's new in Pretty Curved Privacy 0.2.0

Feb 5, 2014
  • ED25519 and Curve25519 keys are now generated separately (previously they were generated from one random seed, the curve had been derived from the ed key).
  • To encrypt the secret keys, we're now using a key derived from the user passphrase generated using the scrypt() function, incorporated from tarsnap via scrypt-1.1.6.
  • The "derived pcp key" feature has been dropped.
  • Encrypted file format/scheme changed. Previously I included the sender's key-id with the encrypted cipher as a hash. So, encrypted message do no more contain pk material.
  • Changed signature scheme completely. Binary signature follow the pbp scheme: calculate blake2 hash of the content, sign the hash, write out original content, add "\nnacl-", add the signature, add the hash. Armored signatures are calculated the same way but output follows the pgp scheme instead.
  • Detached signatures are still supported as before, for the user everything with them is as known, but the commandline option -f (--sigfile) have to be applied. Internally, however, inputs will be read in 32k blockwise as well. Detached signatures are now z85 encoded always.
  • Now you can also crypt+sign files with pcp1. Signatures of encrypted files are always binary appended as is, no offset designator. This leads to a couple of problems which need to be solved somehow in the future: recipient doesn't know whether to decrypt the file or to decrypt and verify it. Also it's unclear how to behave if decryption works but the signature doesn't verify. Currently pcp1 failes in this case, but leaves the decrypted result on disk.
  • The default encryption mode with pcp (and pbp as of this writing) is ECB. Each 32k block is encrypted independently. While ECB is generally a bad choice, the 32k blocksize compensates for it. However, just to have to option, if we decide to use CBC instead, I already implemented it. It must be enabled at compile time with ./configure --enable-cbc. CBC mode in PCP uses a blocksize of 1k.
  • Added PBP public key import and export compatibility (untested against pbp yet), use -b when exporting a public key, or when importing one.