Find the codecrypt’s manpage here: https://manpages.ubuntu.com/manpages/focal/en/man1/ccr.1.html
Key management
codecrypt is able to manage multiple keys/keypairs by assigning names to them.
Generating keys for signatures/encryption
ccr -g sig --name [sign-key-name]
ccr -g enc --name [encrypt-key-name]
The keys/keypairs are stored in ~/.ccr
Exporting public keys
ccr -pa -o [output-filename] -F [keyspec]
-p-is for exporting a public key
-a flag makes ccr operate in ASCII. In that case, you are exporting the public key in ASCII so it was easily transferable(sendable). Without that flag, ccr would export in binary
If you don’t specify the output file with -o, the key will be printed to stdout
-F filters the keys you are working with(the keys you are exporting in this case), only the keys that match the pattern will be exported. The pattern is called keyspec
Importing others’ public keys
ccr -ia -R [name-of-the-file-with-the-key] --name [new-key-name]
-i is for importing public keys
-R specifies the input file, grabs the input data from stdin by default
–name renames the imported key
Transfering secret keys
ccr -P -F [keyspec-for-keys-to-export] > [file-to-export-the-keys-to]
ccr -I < [file with-the-keys]
-P exports secret keys, the “This will export N secret keys! Continue? (y/n):” prompt can be turned off with the -y flag
-I is for importing a private key, the
Rename a key
ccr -m [old-name] -N [new-name]
Delete a key
ccr -x [key-name]
Delete keys that match the keyspec
Operations
Encrypt/sign a file
cat Document.doc | ccr -se -r [recipent-key] > EncryptedSignedDocument.ccr
-s is for sign
-e is for encrypt
You can use those together or separately
-r specifies the recipent key name so that only the owner of a private key paired with the recipient key can decrypt the contents.
@12345 keyid can be used to specify the recipient too, you can view the keys you have with ccr -k
Also I haven’t figured out how to specify the key you wanna sign the file with, so you’ll have to export the keys you need, backup the ~/.ssr folder, create an empty new one and work with that. Just move the backup folder back when you’re done
Decrypt and check the signature
cat EncryptedSignedDocument.ccr | ccr -dv -o DecryptedDocument.doc
-d is for decrypt
-v is for verify
Hashing (symmetric signing)
ccr -sS hashfile.ccr < big_data.iso
Create a hash file from the big_data.iso file
ccr -vS hashfile.ccr < the_same_big_data.iso
Verify the the_same_big_data.iso file with hashfile.ccr