Pretty Curved Privacy

Pretty Curved Privacy (also known as pcp1) is an open source and complely free command-line software implemented in C and designed from the offset to be used for encrypting files under GNU/Linux, BSD and other UNIX-like operating systems. It runs on 64-bit (x86_64) and 32-bit (x86) computers.

Makes use of the elliptic curve cryptography method

It is called Pretty Curved Privacy because it uses the elliptic curve cryptography method for the actual encryption (CURVE25519 by Dan J. Bernstein), which has not yet been compromised by the NSA (National Security Agency).

CURVE25519 is a non-standard, state-of-the-art Diffie-Hellman function that can be used on a wide range of applications. Because of this, Pretty Curved Privacy should be considered an experimental software and it should be used only by experienced users who have some knowledge about encryption technologies.

Getting started with Pretty Curved Privacy

To install and use the Pretty Curved Privacy program in your GNU/Linux operating system, you must download the latest release of the project from Softoware using the dedicated download button above, save the archive somewhere on your PC.

Extract its contents using the built-in archive manager utility and open a terminal emulator application to navigate to the location of the extracted archive files using the ‘cd’ command (e.g. cd /home/softoware/pretty-curved-privacy-0.2.0).

Then, still in the terminal emulator window, run the ‘./configure && make’ command to configure and compile the program. After a successful compilation, run the ‘sudo make install’ command as a privileged user or the ‘make install’ command if you’re root to install it system wide.

You can find a comprehensive Quick Start tutorial on how to use the Pretty Curved Privacy tool to encrypt files on a GNU/Linux operating system on the official website of the project (see link below).

What is new in this release:

• ED25519 and Curve25519 keys are now generated separately (previously they were generated from one random seed, the curve had been derived from the ed key).
• To encrypt the secret keys, we're now using a key derived from the user passphrase generated using the scrypt() function, incorporated from tarsnap via scrypt-1.1.6.
• The "derived pcp key" feature has been dropped.
• Encrypted file format/scheme changed. Previously I included the sender's key-id with the encrypted cipher as a hash. So, encrypted message do no more contain pk material.
• Changed signature scheme completely. Binary signature follow the pbp scheme: calculate blake2 hash of the content, sign the hash, write out original content, add "\nnacl-", add the signature, add the hash. Armored signatures are calculated the same way but output follows the pgp scheme instead.
• Detached signatures are still supported as before, for the user everything with them is as known, but the commandline option -f (--sigfile) have to be applied. Internally, however, inputs will be read in 32k blockwise as well. Detached signatures are now z85 encoded always.
• Now you can also crypt+sign files with pcp1. Signatures of encrypted files are always binary appended as is, no offset designator. This leads to a couple of problems which need to be solved somehow in the future: recipient doesn't know whether to decrypt the file or to decrypt and verify it. Also it's unclear how to behave if decryption works but the signature doesn't verify. Currently pcp1 failes in this case, but leaves the decrypted result on disk.
• The default encryption mode with pcp (and pbp as of this writing) is ECB. Each 32k block is encrypted independently. While ECB is generally a bad choice, the 32k blocksize compensates for it. However, just to have to option, if we decide to use CBC instead, I already implemented it. It must be enabled at compile time with ./configure --enable-cbc. CBC mode in PCP uses a blocksize of 1k.
• Added PBP public key import and export compatibility (untested against pbp yet), use -b when exporting a public key, or when importing one.