SYNOPSIS
sks-ecc command [args]
DESCRIPTION
sks-ecc is a public key application for encryption/authentication, based on Elliptic Curve Cryptografy (ECC). Its minimalist design points to simple, light, fast, easy to use and multiplatform product, unencumbered by patents that is indeed distributed under GPL. All these features are given along with high quality cryptografy.Its cryptografic elements are:
- Public key module: elliptic curve over GF (2^191)
- Simmetric key module: AES 192-bits key, with CTR mode
- Hash (for signatures, HMAC and passwords): TIGER (192 bits)
- PRNG module: /dev/urandom. User can provide her own entropy source
OPTIONS
- -l
- Shows license terms.
Commands in interactive mode
- -c|-C pfile cfile
- Ciphers conventionally pfile and outputs cfile. Uppercase precompress pfile. Password is asked.
- -e|-E pfile cfile [keyid] [...]
- Ciphers pfile with public key(s) identified by keyid(s). Output is driven to cfile. Uppercase precompress pfile.
- -d cfile pfile
- Deciphers cfile onto pfile, whatever the ciphering mode was. Password is asked.
- -s pfile dsign
- Signs pfile and outputs detached signature to dsign. Password is asked.
- -S pfile
- Signs printable pfile and outputs through stdout the clearsigned text. Password is asked.
- -v pfile dsign
- Verifies that dsign is a valid signature of pfile. A verify report is output to stderr. If verification is OK, date and key id. of signer are given.
- -V pfile
- Verifies clearsigned texts on pfile and outputs through stdout the original texts. Verify report are output to stderr. Wheather a good verification is found, date and key id. of signer are given.
- -r pfile [...]
- Outputs the TIGER-hash of given pfile(s), in a 'md5sum' fashion.
Commands in filter mode. Text filter is introduced by -f. Binary filter is introduced by -b
- -fc|-fC|-bc|-bC "passw"
- Ciphers conventionally stdin with password string passw, and gives output through stdout. Uppercase precompress input.
- -fe|-fE|-be|-bE [keyid] [...]
- Ciphers stdin with public(s) key(s) identified by keyid(s). Output is driven to stdout. Uppercase precompress input.
- -fd|-bd "passw"
- Deciphers stdin onto stdout by means of password string passw, whatever the ciphering mode was.
- -fS "passw"
- Signs stdin with password string passw, and outputs through stdout the clearsigned text.
- -fV
- Verifies clearsigned texts on stdin and outputs through stdout the original texts. Verify reports are output to stderr. Wheather a good verification is found, date and key id. of signer are given.
Commands to manage keyring.
- -kg
- Public/private key generation. It asks for a descriptive identifier and then asks for a password. Both can be input in a pipe through stdin: the first line is taken as the identifier and the second as the password. The public key is stored in keyring and is output to stdout. The private key is not stored.
- -ki keyfile
- Imports all keys in keyfile. Alternatively, keyfile can be piped through stdin.
- -kd numid
- Deletes key identified by hexadecimal id. numid.
- -kl [keyid] [...]
- Lists the hexadecimal and description ids. of keys matched by keyid(s).
- -kf [keyid] [...]
- List the fingerprint of keys matched by keyid(s). Fingerprint is given in base 36, with ICAO alfabet.
- -ke [keyid] [...]
- Exports the keys matched by keyid(s) through stdout.
HINTS
All files are parsed in a streamish almost unbuffered mode. This means that in interactive mode, pfile and cfile must not coincide. Unpredictible results may occur otherwise.All keys that matches the patterns given by keyid parameters are selected. keyid(s) can match partially hexadecimal and/or description identifiers. If no keyid is given, all keys will be selected. Exception is -kd command, that only admits one hexadecimal pattern that completely matches the target key hexadecimal id.