Spiped (pronounced "ess-pipe-dee") is a utility for creatingsymmetrically encrypted and authenticated pipes between socketaddresses, so that one may connect to one address (e.g., a UNIXsocket on localhost) and transparently have a connection establishedto another address (e.g., a UNIX socket on a different system). Thisis similar to 'ssh -L' functionality, but does not use SSH andrequires a pre-shared symmetric key.

Spiped uses strong and well-understood cryptographic components: Theinitial key negotiation is performed using HMAC-SHA256 and anauthenticated Diffie-Hellman key exchange over the standard 2048-bit"group 14"; following the completion of key negotiation, packets aretransmitted encrypted with AES-256 in CTR mode and authenticatedusing HMAC-SHA256. The simplicity of the code — about 4000lines of C code in total, of which under 1000 are specific to spiped(the rest is library code originating fromkivaloo andTarsnap) — makes it unlikely thatspiped has any security vulnerabilities.

On the author's 2.5 GHz Intel Core 2 laptop, spiped operates atapproximately 200 Mbps.

Download

The following versions of spiped are available:

Version	Release date	SHA256 hash
spiped 1.3.1	2013-04-13	8a58a983be460b88ed5a105201a0f0afacb83382208761837a62871dcca42fee
spiped 1.3.0	2013-04-06	6f3d512dbdc8e5e893fb533908d4f8bcd1fd23db783f63c7bc37cf5660c139d0
spiped 1.2.2	2012-11-15	a9eb4681e4ccd5d86b8a2d4e16785db8ba10d8a9f7f732485511fd4b92dff1ec
spiped 1.2.1	2012-08-31	4e2e532b2a7df8e9a771c27a1bc2889f0d834e986d4f4a02a2a12174560ea44b
spiped 1.2.0	2012-08-30	46fb94da62bf1f074513047519f2d4f5faf103e5b8555e14a375a42b74508a6b
spiped 1.1.0	2011-09-10	b727b902310d217d56c07d503c4175c65387ff07c9cd50a24584903faf9f3dc3
spiped 1.0.0	2011-07-04	82df05533bf8d8580f57e6dbec7d7e2966eabd3ea7a0a0bb06f87000947969a3

Mailing list

The spiped secure pipe daemon is discussed on thespiped@tarsnap.com mailing list.