pcp - The Pure Crypto Project encryption system
pcp [-pure] -e|-d|-s|-ss|-v file|-pipe
pcp -wipe files
This is a reference manual and therefore it is neccessarily
incomplete and assumes that you are already familiar with the
basic concepts behind public key cryptography and the Pure
You may want to access
to learn more about PCP's background.
PCP is a public key encryption software to protect email
and data files.
It runs in two different modes, the CONSERVATIVE mode,
which is the default mode uses SHA-1 as the hash algorithm
under all circumstances. The PURE mode uses the discrete
logarithm hash function SDLH for hashing that will depend
on a user's hash key (hashmodulus and generator), stored
in the key file. You can tell from a "..." you see every
time SDLH is used.
PCP can be used to perform the basic functions of encryption,
decryption, signing, verifying and wiping files. It processes
one single file or works in a pipeline when the "-pipe" option
is given on the command line instead of a file name.
When the "-wipe" option is given, PCP will process any number of
The option ensures that SDLH is used as the hash
algorithm for everything during this invocation of the
program. PURE mode can be set permanently in the config
file "pcp-mode". This option is useful especially when
files are encrypted for a user who runs PCP in PURE mode
and has his secret keys stored purely.
Encrypt a file with a user's PCP key that can be
selected by the user's identification string or
selected from a list.
The output file "file.pcp" contains only numbers giving
no clue which key has been used to encrypt it.
Decrypt a file using the encryption key in PCP's
home directory and write the clear text to "file.clear".
In case a decryption error occurs, i.e the hash chain
used for encryption can not be recovered completely
a chosen ciphertext attack is being assumed and nothing
except a warning is written to the output file.
A user who runs PCP in conservative mode will create
a SHA-1 fueled hash chain. If you decrypt such a
cryptogram runing PCP purely you will use SDLH to
recover the hash chain and consequently will fail to
decrypt the cryptogram. This is the intended
You can ask your partner to encrypt the file again
using the "-pure" option, if you insist on pure
crypto or you may downgrade your PCP to conservative
mode, implying that you use the "trusted-sha" directory
and more importantly store your encryptionkey SHA-1
protected with only 8 pointers into the random data
pool. The decision is up to you.
Sign the file using your signingkey in PCP's home
directory. The signature is appended to the message
body and stored in "file.sig".
Create a signature stored in a separate file.
The message is assumed to be in a file named without
the suffix ".sig".
Verify the integrity of a signature stored in a file.
If the signature is separate the message is assumed
to be in a file named without the suffix ".sig"
and PCP will not work within a pipeline.
Fills the files given on the command line with random
data taken from a file wipedata
and deletes it from the file system
There are two configuration files in PCP's home directory.
PURE mode is enabled with "pure" in the first line.
The default is CONSERVATIVE.
Checking the integrity of the signingkey at the
begining of every invocation is done with SHA-1 when
"fastcheck" is the second line.
All other hashing is done with SDLH, only the integrity
check at the start of pcp is speeded up.
Once you use FASTCHECK in PURE mode there will be warnings
that the signed security hash is inconsistent with the
computed one, which is indeed correct as you use coservative
hashing compared to pure security hashes on the keys used.
The first line of this file will substitute the
Are the locations under WINDOWS.
There are two files in PCP's home directory which are
security relevant for a safe performance.
This file is used to protect the secret keys.
It is of utmost importance that you spend as much
effort as possible to ensure that this file
will contain at least 1 100 000 Bytes of truely
random data. It is not sufficient to use a pseudo
random generator to generate this file.
This file contains random data used to wipe files.
Are the locations under WINDOWS.
Written by Ralf Senderek.
All rights reserved. © 2003
This is free software.
Use this software on your own risk or not at all.
There is NO warranty; not even for MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE.
pcp - the Pure Crypto Program (http://senderek.de/pcp)
protect-secretkey, read-pgpkey, read-sshkey, read-opensslkey,