ALBANESE Research Lab 🔍

Software Engineering & Systems Integration Solutions

HOME | PROJECTS | UNIX TOOLS

EDGE Toolkit 🇧🇷 🇪🇬 🇧🇪 🇩🇪 🇦🇹 🇩🇰 🇷🇺 🇧🇾 🇺🇦 🇰🇷 🇨🇳 🇯🇵 🇮🇱 🇵🇭 🇫🇷 🇨🇦 🇺🇸

Encrypted Data Gateway Engine

---

Multi-purpose cross-platform hybrid cryptography tool for symmetric and asymmetric encryption, cipher-based message authentication code (CMAC/GMAC/PMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password-based key derivation function (PBKDF2/Scrypt/Argon2), password-hashing scheme (Bcrypt/Argon2/Makwa), shared key agreement (ECDH/VKO/X25519), digital signature (RSA/ECDSA/EdDSA/GOST/SPHINCS+), X.509 CSRs, CRLs and Certificates, and TCP instant server with TLS 1.3 and TLCP encryption layers for small or embedded systems.

Main References

ESAT/COSIC - Computer Security and Industrial Cryptography (Belgium)
GB Standards (People's Republic of China)
ISO/IEC - International Organization for Standardization (USA)
KISA - Korea Internet & Security Agency (South Korea)
NIST - National Institute of Standards and Technology (USA)
TC26 - Technical Committee 26 for Standardization (Russia)
DSTU - State Standards of Ukraine (Derzhavni Standarty Ukrainy)

See also:
CRYPTREC - Cryptography Research and Evaluation Committees (Japan)
ECRYPT - European Network of Excellence in Cryptology
eSTREAM (ECRYPT Stream Cipher Project)
NESSIE - New European Schemes for Signatures, Integrity and Encryption
LWC - National Institute of Standards and Technology Lightweight Cryptography
PHC - Password Hashing Competition (initiated by Jean-Philippe Aumasson)

Implements

Anubis Involutional SPN 128-bit block cipher (Barreto, ESAT/COSIC)
BSI TR-03111 Elliptic Curve Cryptography (ECC) Technical Guideline
CHASKEY Message Authentication Code (Nicky Mouha, ESAT/COSIC)
CubeHash and SipHash64/128 (Daniel J. Bernstein & JP Aumasson)
DSTU 7564:2014 A New Standard of Ukraine: The Kupyna Hash Function
DSTU 7624:2014 Encryption Standard of Ukraine: Kalyna Block Cipher
GB/T 32907-2016 - SM4 128-bit Block Cipher
GB/T 32918.4-2016 SM2 Elliptic Curve Asymmetric Encryption
GB/T 38636-2020 - Transport Layer Cryptography Protocol (TLCP)
GM/T 0001-2012 ZUC Zu Chongzhi Stream cipher 128/256-bit key
GM/T 0002-2012 SM4 Block cipher with 128-bit key
GM/T 0003-2012 SM2 Public key algorithm 256-bit
GM/T 0004-2012 SM3 Message digest algorithm 256-bit hash value
GM/T 0044-2016 SM9 Public key algorithm 256-bit
GM/T 0086-2020 Specification of key management system based on SM9
GOST 28147-89 64-bit block cipher (RFC 5830)
GOST R 34.10-2012 VKO key agreement function (RFC 7836)
GOST R 34.10-2012 Public Key Signature Function (RFC 7091)
GOST R 34.11-2012 Streebog Key Derivation Function KDF (RFC 7836)
GOST R 34.11-2012 Streebog hash function (RFC 6986)
GOST R 34.11-94 CryptoPro hash function (RFC 5831)
GOST R 34.12-2015 128-bit block cipher Kuznechik (RFC 7801)
GOST R 34.12-2015 64-bit block cipher Magma (RFC 8891)
GOST R 50.1.114-2016 GOST R 34.10-2012 and GOST R 34.11-2012 
HC-128 Stream Cipher simplified version of HC-256 (Wu, ESAT/COSIC) 
IGE (Infinite Garble Extension) Mode of Operation for Block ciphers
ISO/IEC 10118-3:2003 RIPEMD128/160/256 and Whirlpool (ESAT/COSIC)
ISO/IEC 18033-3:2010 HIGHT, SEED, Camellia and MISTY1 Block ciphers 
ISO/IEC 18033-4:2011 KCipher-2 stream cipher (RFC 7008)
ISO/IEC 29192-3:2012 Trivium Stream cipher with 80-bit key
ISO/IEC 18033-5:2015 IBE - Identity-based Encryption Mechanisms
ISO/IEC 18033-5:2015/Amd.1:2021(E) SM9 Mechanism
ISO/IEC 14888-3:2018 EC-SDSA Schnorr-based Signature Scheme
ISO/IEC 29192-2:2019 PRESENT, CLEFIA and LEA block ciphers
ISO/IEC 15946-5:2022 Barreto-Naehrig and Barreto-Lynn-Scott Curves
KS X 1213-1 ARIA 128-bit block cipher with 128/192/256-bit keys
KS X 3246 LEA - Lightweight Encryption Algorithm (TTAK.KO-12.0223)
KS X 3262 LSH - A New Fast Secure Hash Function Family (in Korean)
NIST SP800-186 X25519 Diffie-Hellman (OpenSSL compliant)
NIST SP800-38D GCM AEAD mode for 128-bit block ciphers (RFC 5288)
RFC 1423: Privacy Enhancement for Internet Electronic Mail
RFC 2104: HMAC - Keyed-Hashing for Message Authentication
RFC 2144: CAST-128 64-bit Block cipher with 128-bit key
RFC 2612: The CAST-256 Encryption Algorithm
RFC 3610: Counter with CBC-MAC Mode of Operation (CCM Mode)
RFC 4009: The SEED Encryption Algorithm (KISA)
RFC 4253: Serpent 128-bit Block cipher with 128/192/256-bit keys
RFC 4493: Cipher-based Message Authentication Code (CMAC)
RFC 4503: Rabbit Stream Cipher Algorithm with 128-bit key
RFC 4543: Galois Message Authentication Code (GMAC)
RFC 4648: Base16, Base32, and Base64 Data Encodings
RFC 4764: EAX Authenticated-Encryption Mode of Operation
RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2
RFC 5280: Internet X.509 PKI Certificate Revocation List (CRL)
RFC 5639: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves
RFC 5869: HMAC-based Key Derivation Function (HKDF)
RFC 6114: The 128-Bit Blockcipher CLEFIA (Sony)
RFC 7008: KCipher-2 Encryption Algorithm (KDDI R&D Laboratories)
RFC 7253: OCB (and PMAC) Authenticated-Encryption Algorithm
RFC 7292: PKCS #12 Personal Information Exchange Syntax v1.1
RFC 7539: ChaCha20-Poly1305 AEAD Stream cipher
RFC 7693: The BLAKE2 Cryptographic Hash and MAC (JP Aumasson)
RFC 7748: Curve25519 and Curve448: Elliptic Curves for Security
RFC 7914: The Scrypt Password-Based Key Derivation Function
RFC 8032: Ed25519 Signature a.k.a. EdDSA (Daniel J. Bernstein)
RFC 8446: Transport Layer Security (TLS) Protocol Version 1.3
RFC 9058: MGM AEAD mode for 64 and 128 bit ciphers (E. Griboedova)
RFC 9367: GOST Cipher Suites for Transport Layer Security (TLS 1.3)
SBRC 2007: Curupira 96-bit block cipher with 96/144/192-bit keys
STB 34.101.31-2011 Belorussian standard (Bel-T) block cipher
STB 34.101.45-2013 Belorussian BignV1 public key algorithhm
STB 34.101.77-2020 Belorussian standard BASH hash function
TTAS.KO-12.0004/R1 128-bit Block Cipher SEED (ISO/IEC 18033-3:2010)
TTAS.KO-12.0040/R1 64-bit Block Cipher HIGHT (ISO/IEC 18033-3:2010)
TTAS.KO-12.0011/R2 HAS-160 Korean-standardized hash algorithm
TTAK.KO-12.0015/R3 EC-KCDSA Korean Digital Signature Algorithm
TTAK.KO-12.0223 LEA 128-bit block cipher (ISO/IEC 29192-2:2019)
TTAK.KO-12.0276 LSH Message digest algorithm (KS X 3262)
US FIPS 197 Advanced Encryption Standard (AES)
US FIPS 180-2 Secure Hash Standard (SHS) SHA1 and SHA2 Algorithms 
US FIPS 202 SHA-3 Permutation-Based Hash (instance of the Keccak)
US FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism
US FIPS 204 Module-Lattice-Based Digital Signature Standard
US FIPS 205 Stateless Hash-Based Digital Signature Standard (SLH-DSA)

Both Whirlpool and GOST R 34.11-2012 (Streebog) uses Miyaguchi–Preneel construction.

---

EDGETk supports Koblitz curves, where A equals 0 and B = 7 (y²=x³+7). Supports Weierstrass curves (y²=x³+ax+b), such as ECDSA, Brainpool, SM2, SM9, BLS12-381, NUMS, GOST R 34.10-2012 256-bit paramSet B, C and D, and GOST R 34.10-2012 512-bit paramSet A and B; TwistedEdwards curves (ax²+y²=1+dx²y²), such as Ed25519, Ed448, NUMS-TE, GOST R 34.10-2012 256-bit paramSet A and GOST R 34.10-2012 512-bit paramSet C; and Montgomery curves (by²=x³+ax²+x) which are functions X25519 and X448.

---

Digital Signature Algorithms

ElGamal-based algorithms

ECDSA: Compute \( r = x([k]G) \); \( s \) must be a root of \( H(m)s^{-1} + rs^{-1}a - k \mod n \), so compute \( s \equiv k^{-1}(H(m) + ra) \mod n \).

ECGDSA: Compute \( r = x([k]G) \); \( s \) must be a root of \( r^{-1}H(m) + r^{-1}sa - k \mod n \), so compute \( s \equiv a^{-1}(kr - H(m)) \mod n \).

ECKCDSA: Compute \( r = H(x([k]G)) \); so compute \( s \equiv a \cdot \left( k - \left( r \oplus H(cQ \parallel M) \right) \mod n \right) \mod n \).

Schnorr-based algorithms

BignV1: Compute \( R = [k]G \); \( s_0 \) must be a root of \( h(OID(H) \parallel R \parallel H(X)) \), so compute \( s_1 \equiv (k - H(X) - (s_0 + 2l)d) \mod q \).

EC-SDSA: Compute \( r = Q_x, \, h = H(M \parallel Q_x), \, s \equiv k - h \cdot d \mod n \), where \( H \) is a hash function and \( d \) is the private key.

EdDSA: Compute \( R = [k]G \); \( S \equiv k + H(R \parallel m) \cdot d \mod q \), where \( H \) is a hash function and \( d \) is the private key.

Notes

1. \( H(m) \) represents the hash value of the message.

2. \( k^{-1} \) denotes the modular multiplicative inverse of \( k \) modulo \( (p-1) \).

3. \( \equiv \) indicates congruence.

4. \( \oplus \) represents the XOR operation.

---

Algorithms

Public Key Algorithms	256	512	ECDH	Sign	Encryption	PKI
ECDSA (secp256r1)	O	O	O	O	O	O
EC-GDSA (secp256r1)	O	O		O
EC-KCDSA (secp256r1)	O	O		O
EC-SDSA (secp256r1)	O	O	O	O
ANSSI (frp256v1)	O		O	O	O
Koblitz (secp256k1)	O		O	O	O
BignV1 (bign256v1)	O	O	O	O
BIP 0340 (secp256k1)	O	O	O	O
Barreto-Lynn-Scott (bls12381)	O		O	O	O	O
Barreto-Naehrig (bn256)	O		O	O	O	O
Curve25519 (Ed25519 / X25519)	O		O	O		O
Curve448 (Ed448 / X448)			O	O
GOST R 34.10-2012	O	O	O	O		O
RSA Cryptosystem (default)				O	O	O
SM2 (sm2p256v1)	O		O	O	O	O
SM9 (sm9p256v1)	O		O	O	O
NUMS (numsp256d1)	O	O	O	O	O
ElGamal Cryptosystem				O	O
EC-ElGamal Cryptosystem	O				O
Module-Lattice (ML-DSA / ML-KEM)				O	O	O
Stateless Hash (SLH-DSA)	O			O		O

Subjacent Elliptic Curves	ECDSA	EC-S/GDSA	EC-KCDSA	ECKA-EG
P-224 (secp224r1)	O	O	O
P-256 (secp256r1)	O	O	O	O
P-384 (secp384r1)	O	O	O
P-521 (secp521r1)	O	O	O
B-283 (sect283r1)			O
B-409 (sect409r1)			O
B-571 (sect571r1)			O
K-283 (sect283k1)			O
K-409 (sect409k1)			O
K-571 (sect571k1)			O
Brainpool (brainpoolp256r1)		O
Brainpool (brainpoolp384r1)		O
Brainpool (brainpoolp512r1)		O
Brainpool (brainpoolp256t1)		O
Brainpool (brainpoolp384t1)		O
Brainpool (brainpoolp512t1)		O
BLS12-381				O
Ed25519				O
Pallas				O
ANSSI (frp256v1)	O	O
Koblitz (secp256k1)	O	O		O
SM2 (sm2p256v1)	O

Supported ParamSets	A	B	C	D
GOST R 34.10-2012 256-bit	O	O	O	O
GOST R 34.10-2012 512-bit	O	O	O

Stream Ciphers	Key Size	IV	Mode
Chacha20Poly1305	256	96/192	AEAD Stream Cipher
HC-128	128	128	XOR Stream
HC-256	256	256	XOR Stream
KCipher-2	128	128	XOR Stream
Rabbit	128	64	XOR Stream
RC4 [Obsolete]	40/128	-	XOR Stream
Salsa20	256	64/192	XOR Stream
Skein512	Any	Any	MAC + XOR Stream
Spritz	Any	Any	XOR Stream
Trivium	80	80	XOR Stream
ZUC-128 (eea128)	128	128	MAC + XOR Stream
ZUC-256 (eea256)	256	184	MAC + XOR Stream

Experimental	Key Size	IV	Mode
Ascon 1.2	128	128	NIST Lightweight AEAD Stream Cipher
Grain128a	128	96	NIST Lightweight AEAD Stream Cipher
Xoodyak v2	128	128	Lightweight AEAD Permutation Cipher

Modes		Requirements
EAX	Encrypt-Authenticate-Translate	All block ciphers
GCM	Galois/Counter Mode (AEAD)	Blocks of 128-bit with 128/192/256-bit keys
OCB1	Offset Codebook v1 (AEAD)	Blocks of 128-bit with 128/192/256-bit keys
OCB3	Offset Codebook v3 (AEAD)	Blocks of 128-bit with 128/192/256-bit keys
MGM	Multilinear Galois Mode (AEAD)	Blocks of 64 or 128-bit with any key-length
CCM	Counter with CBC-MAC (AEAD)	Blocks of 128-bit with 128/192/256-bit keys
SIV	Synthetic Initialization Vector (AEAD)	All block ciphers
CBC	Cipher-Block Chaining Mode	All block ciphers
CFB-8	Cipher Feedback Mode 8-bit	All block ciphers
CFB	Cipher Feedback Mode	All block ciphers
CTR	Counter Mode (default)	All block ciphers
ECB	Eletronic Codebook [Obsolete]	All block ciphers
IGE	Infinite Garble Extension	All block ciphers
OFB	Output Feedback Mode	All block ciphers

Modes		Requirements
CMAC	Cipher-based Message Authentication Code	64 and 128-bit block ciphers
MGMAC	Multilinear Galois Message Authentication Code	64 and 128-bit block ciphers
GMAC	Galois Message Authentication Code	128-bit block ciphers
PMAC	Parallelizable Message Authentication Code	All block ciphers
VMAC	Variable Message Authentication Code	All block ciphers

256-bit> Block Ciphers	Block Size	Key Size	Modes
Kalyna256	256	256/512	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
Kalyna512	512	512	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
SHACAL-2	256	128 to 512	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
Threefish256	256	256	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
Threefish512	512	512	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
Threefish1024	1024	1024	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE

128-bit Block Ciphers	Block Size	Key Size	Modes
AES (Rijndael)	128	128/192/256	All modes supported
Anubis	128	128 to 320	All modes supported
ARIA	128	128/192/256	All modes supported
Bel-T	128	128/192/256	All modes supported
Camellia	128	128/192/256	All modes supported
CAST256	128	128/192/256	All modes supported
CLEFIA	128	128/192/256	All modes supported
CRYPTON 1.0	128	128/192/256	All modes supported
E2	128	128/192/256	All modes supported
Kalyna128	128	128/256	All modes supported
Kuznechik	128	256	All modes supported
LEA	128	128/192/256	All modes supported
LOKI97	128	128/192/256	All modes supported
MAGENTA	128	128/192/256	All modes supported
MARS	128	128 to 448	All modes supported
NOEKEON	128	128	All modes supported
RC6	128	128/192/256	All modes supported
SEED	128	128	All modes supported
Serpent	128	128/192/256	All modes supported
SM4	128	128	All modes supported
Twofish	128	128/192/256	All modes supported

96-bit Block Ciphers	Block Size	Key Size	Modes
Curupira	96	96/144/192	EAX, LETTERSOUP, ECB, CBC, CFB8, CTR, OFB, IGE

64-bit Block Ciphers	Block Size	Key Size	Modes
DES [Obsolete]	64	64	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
3DES [Almost Obsolete]	64	192	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
Blowfish	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
CAST5	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
GOST89 ParamSet Z	64	256	EAX, SIV, ECB, MGM, CFB, CTR, OFB, IGE
HIGHT	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
IDEA [Obsolete]	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
Khazad	64	128	EAX, SIV, ECB, MGM, CFB, CTR, OFB, IGE
Magma	64	256	EAX, SIV, ECB, MGM, CFB, CTR, OFB, IGE
MISTY1	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
PRESENT	64	80/128	EAX, SIV, ECB, MGM, CFB, CTR, OFB, IGE
RC2 [Obsolete]	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
RC5 [Obsolete]	64	128	EAX, SIV, ECB, CBC, CFB8, CTR, OFB, IGE
SAFER+	64	64/128	EAX, SIV, ECB, MGM, CFB, CTR, OFB, IGE
TWINE	64	80/128	EAX, SIV, ECB, MGM, CFB, CTR, OFB, IGE

Message Digest	128	160	192	256	512	MAC
BASH				O	O
Bel-T				O
BLAKE-2B				O	O	O
BLAKE-2S	O			O		O
BLAKE-3				O
BMW				O	O
Chaskey	O					O
CubeHash				O	O
ECHO				O	O
ESCH				O
Fugue				O	O
GOST94 CryptoPro				O
Groestl				O	O
Hamsi				O	O
Haraka v2				O
HAS-160 [Obsolete]		O
JH				O	O
Kupyna				O	O	O
Legacy Keccak				O	O
LSH				O	O
Luffa				O	O
MD4 [Obsolete]	O
MD5 [Obsolete]	O
MD6				O	O
Poly1305	O					O
RIPEMD	O	O		O
SHA1 [Obsolete]		O
SHA2 (default)				O	O
SHA3				O	O
SHAKE				O	O
SHAvite-3				O	O
SIMD				O	O
SipHash	O					O
SM3				O
Streebog				O	O
Tiger			O
Whirlpool					O
Xoodyak				O		O
ZUC-256 (eia256)	O					O

Features

Cryptographic Functions:




Asymmetric Encryption

Symmetric Encryption + AEAD Modes

Digital Signature

Shared Key Agreement

Recursive Hash Digest + Check

CMAC (Cipher-based message authentication code)

HMAC (Hash-based message authentication code)

HKDF (HMAC-based key derivation function)

PBKDF2 (Password-based key derivation function)

PHS (Password-hashing scheme)

TLS (Transport Layer Security v1.3)

TLCP (Transport Layer Cryptography Protocol v1.1)

PKCS12 (Personal Information Exchange Syntax v1.1)

X.509 CSRs, CRLs and Certificates

Non-cryptographic Functions:




Bin to Hex/Hex to Bin string conversion (xxd-like)

Base32 conversion

Base64 conversion

Base85 conversion

Privacy-Enhanced Mail (PEM format)

Random Art (OpenSSH-like)

Source code: https://github.com/pedroalbanese/edgetk

Download: Win32 | Win64 | Linux x86 | Linux amd64 | Linux armel | FreeBSD x86 | FreeBSD amd64

b2318928845fd314ef4dfc506492e4ba2e13459707f2df15473b75a1a747b206 *edgetk_darwin-amd64.zip
c943f87b05532b53fd7292eb64ced564c6bc2e5a00fbe3dcba78d384581d2265 *edgetk_darwin-arm64.zip
51d999da793f458a77dc440a06ad5c34d2a2da595affbb4f5cd5756348e88011 *edgetk_freebsd-amd64.zip
b63b99314194bbb42fce6fa0ee7654872fa8793a0c71c99b5d7b1791c300b1ec *edgetk_freebsd-x86.zip
a1344494ce806bf5eb618d248c008a8cf3d7b22df052615f77ecef0507bf78c2 *edgetk_linux-amd64.zip
28bdb32c127a2d3fc30cd987850edc5a4b61b851a76c06f6a613fde2d37a5994 *edgetk_linux-armel.zip
f472625008d8cc74a25ef783b33c15441e9a292319a1243e57c575493cacfce4 *edgetk_linux-x86.zip
1b110b9f18e45af009a3c4ed31188b3527fb5346be8778380ae8eda0681cd144 *edgetk_openbsd-amd64.zip
dd0cdbbf40ff97ed296240f1d293d37ba62e0b8901105dfb918566c7c42f792b *edgetk_openbsd-x86.zip
8c16c041ac3b4cc594f87051b11a0685d1291dc323d7801d822dd84f77262ade *edgetk_win32.zip
e6197c78c96c5142d046fa6dc8646855b0cee3b89ef9571380ef76b52105d2a7 *edgetk_win64.zip

---

Usage

  -algorithm string
        Public key algorithm: EC, Ed25519, GOST2012, SM2. (default "RSA")
  -base32 string
        Encode binary string to Base32 format and vice-versa. [enc|dec]
  -base64 string
        Encode binary string to Base64 format and vice-versa. [enc|dec]
  -base85 string
        Encode binary string to Base85 format and vice-versa. [enc|dec]
  -bits int
        Key length. (for keypair generation and symmetric encryption)
  -cacert string
        CA Certificate path. (for TLCP Protocol)
  -cakey string
        CA Private key. (for TLCP Protocol)
  -cert string
        Certificate path.
  -check
        Check hashsum file. ('-' for STDIN)
  -cipher string
        Symmetric algorithm: aes, blowfish, magma or sm4. (default "aes")
  -crl string
        Certificate Revocation List path.
  -crypt string
        Bulk Encryption with Stream and Block ciphers. [enc|dec|help]
  -curve string
        Subjacent curve (ECDSA, BLS12381G1 and G2.) (default "ecdsa")
  -digest
        Target file/wildcard to generate hashsum list. ('-' for STDIN)
  -factorp string
        Makwa private Factor P. (for Makwa Password-hashing Scheme)
  -factorq string
        Makwa private Factor Q. (for Makwa Password-hashing Scheme)
  -hex string
        Encode binary string to hex format and vice-versa. [enc|dump|dec]
  -hid uint
        Hierarchy Identifier. (for SM9 User Private Key) (default 1)
  -id string
        User Identifier. (for SM9 User Private Key operations)
  -info string
        Additional info. (for HKDF command and AEAD bulk encryption)
  -ipport string
        Local Port/remote's side Public IP:Port.
  -iter int
        Iter. (for Password-based key derivation function) (default 1)
  -iv string
        Initialization Vector. (for symmetric encryption)
  -kdf string
        Key derivation function. [pbkdf2|hkdf|scrypt|argon2]
  -key string
        Asymmetric key, symmetric key or HMAC key, depending on operation.
  -mac string
        Compute Hash/Cipher-based message authentication code.
  -master string
        Master key path. (for sm9 setup) (default "Master.pem")
  -md string
        Hash algorithm: sha256, sha3-256 or whirlpool. (default "sha256")
  -mode string
        Mode of operation: GCM, MGM, CBC, CFB8, OCB, OFB. (default "CTR")
  -modulus string
        Makwa modulus. (Makwa hash Public Parameter)
  -nopad
        No padding. (for Base64 and Base32 encoding)
  -params string
        ElGamal Public Parameters path.
  -paramset string
        Elliptic curve ParamSet: A, B, C, D. (for GOST2012) (default "A")
  -pass string
        Password/Passphrase. (for Private key PEM encryption)
  -passout string
        User Password. (for SM9 User Private Key PEM encryption)
  -peerid string
        Remote's side User Identifier. (for SM9 Key Exchange)
  -pkey string
        Subcommands: keygen|certgen, sign|verify|derive, text|modulus.
  -priv string
        Private key path. (for keypair generation) (default "Private.pem")
  -pub string
        Public key path. (for keypair generation) (default "Public.pem")
  -rand int
        Generate random cryptographic key with given bit length.
  -recover
        Recover Passphrase from Makwa hash with Private Parameters.
  -recursive
        Process directories recursively. (for DIGEST command only)
  -root string
        Root CA Certificate path.
  -salt string
        Salt. (for HKDF and PBKDF2 commands)
  -signature string
        Input signature. (for VERIFY command and MAC verification)
  -tcp string
        Encrypted TCP/IP Transfer Protocol. [server|ip|client]
  -version
        Print version info.
  -wrap int
        Wrap lines after N columns. (for Base64/32 encoding) (default 64)

---

Examples

RSA asymmetric keypair generation (PEM format):

./edgetk -pkey keygen -bits 4096 [-pass "pass"]

Digital Signature:

./edgetk -pkey sign -key private.pem [-pass "pass"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./edgetk -pkey verify -key public.pem -signature $sign < file.ext
echo $?

Elliptic curve asymmetric keypair generation:

./edgetk -pkey keygen -algorithm ECDSA -bits 256 [-pass "pass"]

Shared key negociation (ECDH):

./edgetk -pkey derive -key private.pem -public peerkey.pem

Encryption/decryption w/ AES symmetric cipher:

./edgetk -crypt enc -key $shared < plaintext.ext > ciphertext.ext
./edgetk -crypt dec -key $shared < ciphertext.ext > plaintext.ext

CMAC-AES:

./edgetk -mac cmac -key $128bitkey < file.ext

SHA256 hashsum (list):

./edgetk -digest [-recursive] "*.*"

SHA256 hashsum (single file):

./edgetk -digest - < file.ext

HMAC-SHA256:

./edgetk -mac hmac -key $256bitkey < file.ext

---

This project seeks to embrace everyone without squeezing anyone.

---

LICENSE

Copyright (c) 2021 Pedro F. Albanese <pedroalbanese@hotmail.com>

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

---

Industrial-Grade Reliability. Copyright © 2020-2024 ALBANESE Research Lab.

• Home
• My Projects
• Unix Tools for Windows
• EDGE Toolkit
• ElGamal Cryptosystem
• ECDSA Signature Scheme
• BN256 Cryptosystem
• ECC Encryption
• SUITE 🇧🇷
• SURF 🇧🇷
• Support Chat



Page views: 67355