README
1pkesh -- Public Key Encryption SHell script
2===========================================
3
4Usage
5-----
6# pkesh gen priv.key pub.key
7 Generates a public/private key pair.
8# pkesh enc pub.key in out
9 Encrypts "in" using the public key, writing to "out".
10# pkesh dec priv.key in out
11 Decrypts "in" using the private key, writing to "out".
12
13Note: Temporary working space is used under $TMP (or /tmp); if this is not
14a memory filesystem then keys or data may be leaked to permanent storage.
15There must be sufficient temporary space to hold the entire message.
16
17Encrypted format
18----------------
19Encrypted Message = base64([Encrypted Header][Encrypted Data])
20Encrypted Header = RSA2048-OAEP([Header])
21Header = [AES256-CBC Key][AES256-CBC IV][Hash]
22AES256-CBC Key = 256 bits (random)
23AES256-CBC IV = 128 bits (random)
24Hash = SHA256(Encrypted Data)
25Encrypted Data = AES256-CBC(Data)
26Data = arbitrary length input "in"
27
28Requirements
29------------
30
31openssl
32POSIX utilities: sh, cat, cmp, dd, od, rm, tr, wc
33non-POSIX but standard UNIX: mktemp
34