SharedSecret homepage

Copyright (C) 2004, 2005 by Arvydas Juskaitis. You can send a message to the author here.

The software was released under GNU GPL. You may view the full copyright text at

SharedSecret is a program used to negotiate a shared secret (password) between two hosts in secure way over the Internet. It is written in C, based on client/server architecture with initial intention to run on POSIX-Compliant Operating Systems. Client application is provided, so it could be used to agree on password between two users or create preshared-key for VPN. It could also be used from other applications; possibly simple API will be provided to hide communication details. The 1st version of protocol is going to support digitally signed requests/responses. Signature can be calculated with pre-shared key as HMAC-SHA1 digest or MD5 hash values with RSA encryption.

Functionality Overview:
Functionality is quite simple. A daemon is running on each side (no root privileges required) which accepts requests from peer and initiates key exchange upon client request. It uses Diffie-Hellman key agreement algorithm and very simple protocol based on TCP to exchange payloads. See Detail Design Description, shsec(1), shsecd(8), shsecd.conf(5) for further details.

Download and Install:
Project Summary contains links to download page, just take the latest source code, unpack, read INSTALL file and follow instructions there.

Future Plans:
I have some plans to release a stable and fully functional version of daemon and client according to design for the 1st version. If you have some thoughts how to improve usability of the program or have some notes, please, just let me know.


Date Version Changes
2005-01-19 0.3.4 Default setting for VIM editor to all source files were added.
Bugfix in installation, variable DESTDIR was ignored in makefile.
2005-01-16 0.3.3 ACLs implementation.
Port to *BSD system. It vas tested on FreeBSD 4.10 only.
Several bug fixes, including shsecd crash in daemon mode.
Updates to shsecd.conf(5) with details on ACL.
2005-01-05 0.3.2 Compilation/installation process is moved to autoconf/automake.
2005-01-01 0.3.1 Authentication with pre-shared key - HMAC-SHA1 signatures.
2004-12-29 0.3.0 Data payloads in communication replaced by DER-encoded messages.
Several small bugfixes.
2004-12-16 0.2.2 More infomtative messages sent to output.
Version number assignment was automated.
Bug related to listen() is fixed.
Signal handling.
2004-12-16 0.2.1 Documentation, user manuals, installation support were added.
Minor changes in configuration.
Client program was renamed into 'shsec'.
2004-12-12 0.2.0 Configuration file was added.
Some command line options were moved to shsecd.conf.
2004-12-10 0.1.2 Ability to run several instancies on the same system.
2004-12-06 0.1.1 I added some instructions how to install.
2004-12-05 0.1.0 Initial release - source code was released for the first time.