NAME #
axpad - AXPad (Authenticated Crosspad) file encryption and decryption utility
SYNOPSIS #
axpad [options] encrypt
axpad [options] decrypt
axpad [options] encrypt-files
axpad [options] decrypt-files
axpad [options] xor
axpad [options] rng
axpad [options] dtest
axpad [options] sign
axpad [options] unsign
axpad [options] hfilter
axpad [options] cfilter
DESCRIPTION #
axpad is a file encryption and decryption utility program utilizing the AXPad (Authenticated Crosspad) method to protect some categories of especially sensitive information with authentication.
axpad applies the AXPad method with a pad size of \(2^{14}=16384\) bytes and a selector address of \(64\) bytes ( \(512\) bits ).
This results in a random input material size of 256MB which is getting expanded to an addressable pad space of \(2^{512}\) unique result pads with \(2^{14}=16384\) bytes each.
If taken or non-destructively derived from a true random source, the total amount of entropy in this random input material file is \(2^{31}\) bits.
Each encrypted message is authenticated with SHA256 together with the selector value, a sequence number, a timestamp, the length of the padded message and the contents of all input pads together.
Since the selector address is chosen randomly during encryption for each message, an attacker would be left with the challenge to identify and recall two (or even more) distinct ciphertext messages with the same selector address and referencing the same pad space (and passphrase) to gain further insights. With the “birthday paradox” formula applied, this results in an unreduced collision resistency of \(2^{256}\) .
The following instructions are available:
axpad [options] encrypt -m material
This instructs axpad to encrypt based on the specified material. The plaintext is read from the file or character device / bytestream specified with -i (or stdin if not specified), the encrypted and authenticated ciphertext consisting of alternating headers and payload data is written to the file or bytestream specified with -o (or to stdout if omitted).
axpad [options] decrypt -m material
This instructs axpad to decrypt based on the specified material. In that case, the ciphertext (alternating headers and payload data) is read from the file or character device / bytestream specified with -i (or stdin if not specified) and the plaintext is written to the file or bytestream specified with -o (or to stdout if omitted).
If there’s extra data detected after bytestream decryption, a warning message is shown on stderr.
axpad [options] encrypt-files -m material
This allows to encrypt multiple files in one go, the semantics are as follows: A list of pathnames - one per line - is collected from stdin (or from the file specified with -i). Each single file is encrypted with the specified material and the result is created at the same directory place by appending .axp to the original filename. When the option --unlink is present, the source files are deleted when the encryption succeeds.
axpad [options] decrypt-files -m material
This allows to decrypt multiple files in one go, the semantics are as follows: A list of pathnames - one per line - is collected from stdin (or from the file specified with -i). Each single file with an .axp extension (required) is decrypted with the specified material and the result is stored at the same directory place as a file with the .axp extension removed. Note: Only filenames with a trailing .axp are accepted, receiving everything else is an error and the batch decryption process stops at this point. When the option --unlink is present, the source files are deleted after successful decryption.
axpad [options] xor -m file
This instructs axpad to perform a bytewise XOR operation on files (or bytestreams). The files specified with -m and -i (stdin if not specified) are bytewise XORed and the result is written to the file specified with -o (or stdout if not specified). The size of the resulting file equals the size of the smaller input file. All other options except -v are ignored.
axpad [options] rng -m material
This instructs axpad to operate as a random number generator (RNG). When working self-referential, this RNG has a period of \(2^{506}2^{14} = 2^{520}\) bytes, otherwise the period is unspecified. The random data is written to stdout indefinitely. See the EXAMPLES section below how to pass this into the dieharder random number test suite. The material needs to be specified with -m, the -i and -o options are ignored.
axpad [options] dtest -m material
This performs a simple non-overlapping distribution test on 2^16 bits (2 bytes) in the 256MB of material as specified and calculates the chi squared value of the observed distribution. When the chi squared test result is higher than a fixed critical value (66732.84) the test fails, otherwise it passes. This is the same test that axpad sign performs before it accepts a material file as valid for signing. The test result is reported on stderr. When the test passes, this invocation exits with value 0 (EXIT_SUCCESS), and with EXIT_FAILURE otherwise.
axpad [options] sign -m unsigned-material-file
This appends a SHA256 signature to a unsigned material file with a size of 268435456 bytes (256MB), when the built-in chi squared test succeeds. The resulting file size is 268435488 bytes (268435456+32).
axpad [options] unsign -m signed-material-file
This removes a valid SHA256 signature from a signed material file reducing its size back to 268435456 bytes. The option --force allows to remove an invalid signature.
axpad [options] hfilter -m material
This Header Filter accepts an encrypted bytestream from stdin (or from the file specified with -i), filters out the headers, reverts the partial header obfuscation and sends a stream of only the headers to stdout (or to the file specified with -o). This is done by following the sequence numbers and the length fields only, the random input material is required.
axpad [options] cfilter -m material
This Ciphertext Filter accepts an encrypted bytestream from stdin (or from the file specified with -i), filters out the payload ciphertext (removing the headers) and sends a stream of the result to stdout (or to the file specified with -o). This is done only by following the sequence numbers and the length fields, the random input material is required.
OPTIONS #
axpad accepts single-character (classic) options, as well as GNU-style long options of the form --name and --name=value. Common options have both forms; less frequent and specialized options have only the long form. Note that the form --name value (without the equal sign) will not work as expected on options with required values.
-m material
--material=material
This specifies the random material source and is mandatory for most axpad instructions. If the material specified is a regular file it needs to be signed with axpad sign, a character device is accepted without a signature. axpad also accepts the environment variable AXPADMATERIAL (when this is left unspecified on the command line but needed). A slight exception is axpad xor: In that case the -m option specifies just a file or character device being combined (without initializing the internal material and without the signature requirement).
-i input
--input=input
This specifies the input source for most axpad instructions. It may be a regular file or a character device / pipe. If not specified the input data is retrieved from stdin.
-o output
--output=output
This specifies the output destination for most axpad instructions. It may be a regular file path or also a character device / pipe. If not specified the output data is written to stdout.
--passphrase
--passphrase=passphrase
This allows to modify the entire random source material and thus its combinational result with a passphrase for encryption and decryption. If the argument is omitted, the user is prompted for it interactively with a short dialog from the controlling terminal (with verification for encryption). Note: When used with an argument, the passphrase is visible in process memory and also usually included in the shell history.
-v
--verbose
This option enables verbose mode and causes axpad to print debugging and informational messages about its progress. These messages are printed to stderr (with suitable priority colors if stderr is connected to a terminal).
--force
This option allows axpad unsign to remove an invalid signature from a material file.
--overwrite
This option allows an already existing result file to be overwritten.
--unlink
This option applies to axpad encrypt-files and axpad decrypt-files: After successful encryption or decryption of a file, the source file will be removed.
--urandom
This option makes axpad to retrieve needed random data from /dev/urandom (instead from the internal expanded pad space, which is the default).
--timestamp
This option instructs to include a timestamp in the header field during encryption only, thus revealing the time of creation of that particular header. Bytes 3-7 of the timestamp header field are set.
-r --release
This option displays the axpad release on stdout, everything else is ignored.
--do-not-obfuscate
This disables “partial header obfuscation” and is for testing/QA purposes only. Neither recommended nor needed for regular production use.
--license.key=key
This stores a license key in /opt/AXPad/license.key. The license key format is a 64 character hexadecimal string. The directory /opt/AXPad/ is required to exist (which it does when installed from a .rpm/.deb/.pkg distribution package). All other options and arguments are ignored. This invocation requires super user (root) privileges.
EXIT STATUS #
axpad exits with value 0 (EXIT_SUCCESS) on success, and with EXIT_FAILURE otherwise.
EXAMPLES #
Encryption: #
$ axpad encrypt -m material.random -i example.txt -o example.txt.axp
Decryption: #
$ axpad decrypt -m material.random -i example.txt.axp -o example.txt
Encrypt multiple files: #
$ ls *.pdf | axpad encrypt-files -m $HOME/material.random
Decrypt multiple files: #
$ ls *.axp | axpad decrypt-files -m $HOME/material.random
Using stdin and stdout with axpad: #
$ export AXPADMATERIAL=$HOME/material.random
$ echo TEST | axpad encrypt | axpad decrypt
TEST
$
XOR combination of two files: #
$ axpad xor -i first.file -m second.file -o result.file
Random number generation test with dieharder: #
$ axpad rng -m random.material | dieharder -g 200 -a -Y 1 -k 2
Note: The dieharder options -Y 1 -k 2
resolve ambiguities for tests returning
a WEAK assessment result in the first place. This happens “randomly”
even with otherwise perfect RNGs.
Executing the built-in chi squared serial distribution test separately: #
$ axpad dtest -m /dev/urandom
[NTC] /dev/urandom PASSED
$ echo $?
0
$
Signing a random material file: #
$ axpad sign -m material.random
$
Unsigning a random material file: #
$ axpad unsign -m material.random
$
Removing an invalid signature: #
$ axpad unsign --force -m material.random
$
Storing a license key in /opt/AXPad/license.key: #
$ sudo axpad --license.key=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
$