Multi-recipient encryption software which protect a file in confidentiality and integrity.

Once the file is protected, it is sent to N recipients. If the recipient is legitimate, he can unprotect it, otherwise he cannot do anything with it.

Each participant has an RSA-2048 key pair for the encryption / decryption and an RSA-2048 key pair for signing.

• Protect file confidentiality:
  • Kc : random()
  • IV : random()
  • C = AES-CBC-256(input, Kc, IV)
  • RSA PKCS#1 OAEP
• Protect file integrity:
  • Sign the entire message to be sent
  • RSA PKCS#1 PSS

SHA256(kpub-1) || RSA_kpub-1(Kc) || ... || SHA256(kpub-N) || RSA_kpub-N(Kc) || 0xDEADBEEF || IV || C || Sign

Install python3 and pip:

sudo apt install python3 python3-pip

Install PyCryptodome:

pip3 install pycryptodome

Generate cipher keys:

openssl genrsa 2048 > my_ciph_priv.pem
openssl rsa -in my_ciph_priv.pem -pubout > my_ciph_pub.pem

Generate sign keys:

openssl genrsa 2048 > my_sign_priv.pem
openssl rsa -in my_sign_priv.pem -pubout > my_sign_pub.pem

Protect an input_file:

python3 multi_protect.py -e input_file output_file my_sign_priv.pem my_ciph_pub.pem [user1_ciph_pub.pem ... [userN_ciph_pub.pem]]

Unprotect an input_file:

python3 multi_protect.py -d input_file output_file my_priv_ciph.pem my_pub_ciph.pem sender_sign_pub.pem

Print help:

python3 multi_protect.py -h

This project is licensed under the GPLv3 License - see the LICENSE file for details.