encrypted network tunneling using salsa20 from libnettle and GPG from libgpgme
C Other Makefile
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
LICENSE
Makefile
README.md
pgp.h
salsa.h
salsamsg.1
salsamsg.c
util.h

README.md

Overview:

Exchanges Salsa20 keys encrypted with GPG between two peers connected through a socket.
It then uses the exchanged Salsa20 keys to exchange encrypted messages, read in and out
through supplied file descriptors. Once the 'nonce' had gone though it's permutations,
a new session key will be generated and transmitted, no nonce/key re-use!
Contains a very simple example program 'salsamsg'.

Prerequisites:

GPGME - Used to retrieve known public/private keys to exchange the salsa session keys securely...
    Available from: http://www.gnupg.org/related_software/gpgme/
nettle - We use nettles salsa20 algorithm to encrypt and decrypt the actual message content once we've exchanged salsa20 keys.
    Available from: http://www.lysator.liu.se/~nisse/nettle/

Known Issues:

Ubuntu Linux - The current nettle version in the ubuntu repositories is outdated and does not have a salsa20 cipher
available. I recommend compiling the library yourself from the web address above. Version 2.7 or greater is recommended.

Compile:

$ gcc -Wall -Wextra -O2 -o "salsamsg" "salsamsg.c" -lnettle -lgpgme

Usage:

salsamsg -m <Mode> -i <IP> -p <Port> -l <Local PGP ID> -r <Remote PGP ID>
  Mode -
    If 'c' for Connect (Client)
    If 'l' for Listen (Server)
  IP -
    If Mode is 'c' then the remote IP to connect to
    If Mode is 'l' then the local IP to bind to
  Port -
    If Mode is 'c' then the remote Port to connect to
    If Mode is 'l' then the local Port to bind to
  Local PGP ID -
    The PGP ID for the Private Key to decrypt incoming Salsa keys (Your PGP ID)
  Remote PGP ID -
    The PGP ID for the Public Key to encrypt outing Salsa keys (Their PGP ID)

TODO:

Improve error handling...
Encrypt and decrypt the message 'size', as this is currently transmitted plaintext (its an infoleak).