No more clear text passwords

Stop the nonsense

PM_RSA(1)                         Authentication                         PM_RSA(1)

       pm_rsa  -  Poor man's RSA. Use RSA to transmit encrypted passwords, but not
       to fight men in the middle.

       pm_rsa_server [options] [file] [number]

       pm_rsa_server is a utility which receives an hex message  and  decrypts  it
       using  RSA  with  PKCS-1 padding, by means of a private key. The message is
       supposedly the hex dump of the encryption of a plaintex  using  the  corre-
       sponding public key (otherwise, it would be noise).

       The program is an attempt at providing 'more-than-plaintext'-safe authenti-
       cation on the Internet. It is intended to be  used  wrapped  up  by  a  CGI
       server  (think of a login CGI script), communicating only with the wrapper,
       because at the end of the process, the server emits the cleartext  message.

       It  is obvious that some web applications, like blogs, require secret keys,
       but not necessarily secrecy of the complete communication channel  (as  SSL
       and  TLS  provide),  because  all  of  the content on those applications is
       intended to be public.

       Users of webmail servers may also be eager to trade  non-privacy  of  their
       mail (letting it go through the web on the clear) for secure authentication
       (safe encryption of the login protocol). Actually,  they  are  trading  for
       nothing nowadays in most cases.

       The  server  pm_rsa_server  expects a message of the appropriate size as an
       hex string, and returns the decryption of that message using the  specified
       private key (or the default /etc/pm_1024). This key has to be stored in the
       same computer running the program.

       The received message is (should be) the hex dump of  the  encryption  of  a
       PKCS-1  padded cleartext using the public key (which the user, application,
       web browser or whatever should have available).

       pm_rsa_server supports the following options:

       -k filename    Specify  the  location   of   the   private   key   (default

       -s             Run  as  a  server  (on  LOCALHOST, will not listen on other

       -P port        If run as a server, listen on port port. Otherwise, useless.

       -d             If run as a server, dump each hex message and its decryption
                      to stderr, otherwise useless.

       On success, pm_rsa_server outputs the decrypted message, if run as a stand-
       alone  application.  If run as a server, it awaits for connections and when
       one is accepted, it reads from the client the hex  dump  of  the  encrypted
       message  and returns the decrypted text, closing the connection afterwards.
       If run in demo mode (see OPTIONS), it also sends to  stderr  on  the  local
       server a pair of messages with the hex dump and the cleartext.

       The application includes a program pm_rsa_client to test the server and its

       To try the standalone server, issue the following commands  (assumming  you
       are  at the distribution directory, ./pm_1024 is the 'private' key included
       in the distribution, which you should never use in production systems).

       $ u=`./pm_rsa_client 'my password' $ ./pm_rsa_server  -k  ./pm_1024  $u  my

       To try the socket server, create the encrypted message

       $ u=`./pm_rsa_client 'my password'

       start the server:

       $ ./pm_rsa_server -k ./pm_1024 -s

       and connect to it sending it the encrypted text

       $ echo $u | nc localhost 16387

       the password should appear before the prompt. To kill the server, issue

       $ killall -9 pm_rsa_server

       This  program  does  only what is hereby specified. In order to provide no-
       reply mechanisms, the wrapper function should create single-use keys or any
       other  type  of key to be padded after the message to be encrypted. This is
       not this program's issue because each vendor has its own concerns.  In  any
       case,  recall  that  once  a  message is encrypted with a public key, it is
       usable as is at any time. The no-reply mechanism is not part of RSA per se,
       it is part of the security environment.

       The exit status is 0 on successful completion and non-zero otherwise.

       There are no known bugs up to date.


       Pedro  Fortuny  Ayuso <info at>
       Rafael Casado Sanchez <rafacas at>

       Copyright (C) 2008 Pedro Fortuny Ayuso and Rafael Casado Sanchez

       Permission to use, copy, modify, and/or distribute this  software  for  any
       purpose  with  or  without  fee  is hereby granted, provided that the above
       copyright notice and this permission notice appear in all copies.