Minimal Unix-style command line crypto tool (moving towards not-vaporware)
Fix licence blurb text
Add contributing information
Add LICENSE, expand README, edit before publication


browse  log 



You can also use your local clone with git send-email.


noseplumbs is a simple Unix-style command line encryption tool. It's written in POSIX C99 and has no dependencies.

It's a work in progress, but it will generate keys and sign messages.


$ nopl genkey > sign.key
$ nopl sign sign.key < message.txt > message.sig
$ nopl pubkey < sign.key > pub.key
$ nopl verify pub.key message.sig < message.txt
Good signature.
$ echo $?
$ cat message.txt message.txt | nopl verify pub.key message.sig
Invalid signature.
$ echo $?

#Planned Usage

$ nopl genkey -e > enc.key
$ nopl genkey -s > sign.key
$ echo "Hello world!" > cleartext.txt
$ nopl encrypt enc.key < cleartext.txt > ciphertext.bin
$ nopl sign sign.key < cleartext.txt > cleartext.sig
$ nopl decrypt secret.key < ciphertext.bin > cleartext.txt
$ cat cleartext.txt
Hello world!
$ nopl pubkey < sign.key > pub.key
$ cat pub.key | base64 > /dev/lp # hand printout to friend
$ nopl verify pub.key cleartext.sig < cleartext.txt
Good signature.
$ echo $?

#Implementation Notes

  • Keys can be for signing or encryption or both, but separate keys recommended
  • Output format should specify the algorithm used and a serialization version
  • Which will always be ed25519/x25519 via AES
  • Output is binary, if you want armor pipe it through base64
$ cat ciphertext.bin
ed25519:1:[terminal proceeds to shit itself]
$ cat cyphertext.sig
ed25519:1:[terminal shits itself less so]
$ cat pub.key
ed25519 public key:1:[terminal shits itself only 32 bytes edition]
$ openssl asn1parse -inform DER -in sign.key
    0:d=0  hl=2 l=  46 cons: SEQUENCE
    2:d=1  hl=2 l=   1 prim: INTEGER           :00
    5:d=1  hl=2 l=   5 cons: SEQUENCE
    7:d=2  hl=2 l=   3 prim: OBJECT            :ED25519
   12:d=1  hl=2 l=  34 prim: OCTET STRING      [HEX DUMP]:04209D61B19DEFFD5A60BA844AF492EC2CC44449C5697B326919703BAC031CAE7F60
  • Mandatory -O0 to prevent gcc bullshit from doing stupid bullshit
  • mlockall
  • Randomness comes from /dev/urandom


Thanks to Drew DeVault for the specification of the project.

This project contains code adapted from the fiat crypto project. It is currently entirely confined to src/ed25519.c, such code is MIT licensed (reproduced in src/ed25519.c). Other ed25519 code is adapted from the public domain ref10 implementation of ed25519 in SUPERCOP.


Please send patches to ~cdv/public-inbox@lists.sr.ht.


GPL-3.0-only, See LICENSE file.

Copyright (C) 2019 Christopher Vittal

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3 as
published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.