Location

To access the libpqcrypto command-line tools, add /home/libpqcrypto/command to your PATH:

    export PATH=$PATH:/home/libpqcrypto/command

You can instead put /home/libpqcrypto/command/ in front of each command name; but this does not work for the pq-*-all wrappers.

Signature systems

There is a unified interface for all signature systems; these examples use sphincsf256sha256. To generate a key pair:

    pq-keypair-sphincsf256sha256 5>publickey 9>secretkey

To sign a message:

    pq-sign-sphincsf256sha256 <message 8<secretkey >signedmessage

To verify a signed message and recover the original message:

    pq-open-sphincsf256sha256 <signedmessage 4<publickey >message

If verification fails, pq-open-sphincsf256sha256 produces an empty output, prints an error message on stderr, and exits 100.

Encryption systems

There is a unified interface for all encryption systems; these examples use mceliece8192128. To generate a key pair:

    pq-keypair-mceliece8192128 5>publickey 9>secretkey

To encrypt a message:

    pq-encrypt-mceliece8192128 <message 4<publickey >ciphertext

To decrypt a ciphertext and recover the original message:

    pq-decrypt-mceliece8192128 <ciphertext 8<secretkey >message

If decryption fails, pq-decrypt-mceliece8192128 produces an empty output, prints an error message on stderr, and exits 100.

Benchmarking

Run pq-size-all to see key sizes etc. (For picnic*fs, signature sizes are message-dependent; the maximum possible signature size is reported.) Run pq-speed-all to see key-generation times etc. Run pq-notes-all for implementation notes. The output formats are subject to change.

---

Version: This is version 2018.03.14 of the "CLI" web page.