Home Esplora Aiuto
Accedi
kzimmermann
/
misc-crypto
Segui 1
Vota 0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Ramo (Branch): master
Rami (Branch) Tag
misc-crypto
/
sessioncrypt

sessioncrypt 4.4 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # This program automates the encrypt / decrypt this with openssl's AES-128-CBC
    4. 

  4. # implementation.
    5. 

  5. #
    6. 

  6. # This is important because some people want to ban or outlaw encryption "apps"
    7. 

  7. # like instant messengers. But what about raw, byte-by-byte encryption? Or 
    8. 

  8. # when we paste innocent-looking text in an online form?
    9. 

  9. # Encryption will ALWAYS prevail!
    10. 

  10. #
    11. 

  11. # Copyright 2022 - kzimmermann. All rights reserved.
    12. 

  12. #
    13. 

  13. # This program is Free Software licensed under the terms and conditions of the
    14. 

  14. # GNU GPL v3.0. See https://www.gnu.org/licenses for more information.
    15. 

  15. #
    16. 

  16. # Instructions:
    17. 

  17. # 
    18. 

  18. #  At first run, this program creates $HOME/.config/sessioncrypt.conf which 
    19. 

  19. #  contains a random symmetric key. You can substitute the value there for your
    20. 

  20. #  own, but MAKE SURE IT IS ACTUALLY RANDOM!
    21. 

  21. #  Standard operation is to encrypt a plaintext using said key. Pass '-d' to 
    22. 

  22. #  make it decrypt instead.
    23. 

  23. #
    24. 

  24. 

  25. set -euo pipefail
    26. 

  26. 

  27. conf_file="$HOME/.config/sessioncrypt.conf"
    28. 

  28. 

  29. is_pipe=0
    30. 

  30. 

  31. # Test to see if you're receiving piped data. Thanks, SO.
    32. 

  32. if [ -t 0 ]
    33. 

  33. then
    34. 

  34.     is_pipe=0
    35. 

  35. else
    36. 

  36.     is_pipe=1
    37. 

  37. fi
    38. 

  38. 

  39. init() {
    40. 

  40.     # No parameters used.
    41. 

  41.     # Performs initiation sequences for Sessioncrypt program.
    42. 

  42.     # Will "reboot" configs if they already exist, so be careful.  
    43. 

  43.     # Returns: nothing.
    44. 

  44.     echo "Creating config file at $conf_file"
    45. 

  45. 

  46.     # Note the clobber right here ----------------v
    47. 

  47.     echo "# Configuration file for sessioncrypt." > "$conf_file"
    48. 

  48.     echo "# Lines beginning with a '#' are ignored." >> "$conf_file"
    49. 

  49.     echo "Generating random symmetric key..."
    50. 

  50.     rand_key=$(head -c30 /dev/urandom | base64)
    51. 

  51.     echo "KEY=$rand_key" >> "$conf_file"
    52. 

  52.     echo "Applying restrictive permissions to config file."
    53. 

  53.     
    54. 

  54.     # Yeah yeah, not really perfect, but obfuscating this would require gpg
    55. 

  55.     chmod 600 "$conf_file"
    56. 

  56. }
    57. 

  57. 

  58. encrypt() 
    59. 

  59. {
    60. 

  60.     # $1 - plaintext to be converted
    61. 

  61.     # $2 - secret key
    62. 

  62.     # Returns: string IV:ciphertext, where IV is base64-encoded.
    63. 

  63.     IV=$(openssl rand 16 | xxd -ps)
    64. 

  64.     #CT=$(echo "$1" openssl enc -salt -aes-128-cbc -pbkdf2 -iv "$IV" -in "$1" -pass pass:"$2" -a |
    65. 

  65.     CT=$(echo "$1" | openssl enc -salt -aes-128-cbc -pbkdf2 -iv "$IV" -pass pass:"$2" -a |
    66. 

  66.         tr -d "\n")
    67. 

  67.     echo "$(printf "$IV" | base64):$CT"
    68. 

  68. }
    69. 

  69. 

  70. decrypt() 
    71. 

  71. {
    72. 

  72.     # $1 - ciphertext to be decrypted, including IV.
    73. 

  73.     # $2 - secret key
    74. 

  74.     # Returns: string of plaintext
    75. 

  75.     IV=$(echo "$1" | cut -d ":" -f 1 | base64 -d) || { 
    76. 

  76.         echo "Error: IV value not found!"
    77. 

  77.         exit 1
    78. 

  78.     }
    79. 

  79.     CT=$(echo "$1" | cut -d ":" -f 2)
    80. 

  80.     echo "$CT" | openssl enc -d -salt  -aes-128-cbc -pbkdf2 -iv "$IV" -pass pass:"$2" -a
    81. 

  81. }
    82. 

  82. 

  83. # Tester function. To make sure both functions are working correctly.
    84. 

  84. dryrun() {
    85. 

  85.     input="roquefort cheese is delicious"
    86. 

  86.     echo "To encrypt: '$input'"
    87. 

  87.     printf "Password: "
    88. 

  88.     read -s key
    89. 

  89.     echo ""
    90. 

  90.     ciph=$(encrypt "$input" "$key")
    91. 

  91.     echo "---------"
    92. 

  92.     echo "Ciphertext: $ciph"
    93. 

  93.     printf "Plaintext: "
    94. 

  94.     decrypt "$ciph" "$key"
    95. 

  95. }
    96. 

  96. 

  97. main() 
    98. 

  98. {
    99. 

  99.     if [ ! -f "$conf_file" ]
    100. 

  100.     then
    101. 

  101.         echo "Preparing for first run..."
    102. 

  102.         init
    103. 

  103.     fi
    104. 

  104. 

  105.     # Parse key from config
    106. 

  106.     key=$(cat "$conf_file" | awk -F= '/KEY/ {print $2}')
    107. 

  107.     
    108. 

  108.     if [ "$#" -eq 0 ]
    109. 

  109.     then
    110. 

  110.         if [ $is_pipe -eq 1 ]
    111. 

  111.         then
    112. 

  112.             read -r plain
    113. 

  113.         else
    114. 

  114.             printf "Enter a text to encrypt: "
    115. 

  115.             read plain
    116. 

  116.             echo
    117. 

  117.         fi
    118. 

  118.         encrypt "$plain" "$key"
    119. 

  119.         exit 0
    120. 

  120.     fi
    121. 

  121. 

  122.     if [ "$1" = "-i" ]
    123. 

  123.     then
    124. 

  124.         printf "Delete current configs (including key) and create new ones? (y/n) "
    125. 

  125.         read decision
    126. 

  126.         echo " "
    127. 

  127.         if [ "$decision" = "y" ]
    128. 

  128.         then
    129. 

  129.             init
    130. 

  130.             echo "Configurations re-created. Restart the program to use."
    131. 

  131.             exit 0
    132. 

  132.         else
    133. 

  133.             exit 0
    134. 

  134.         fi
    135. 

  135.     fi
    136. 

  136. 

  137.     if [ "$1" = "-d" ]
    138. 

  138.     then
    139. 

  139.         if [ $is_pipe -eq 1 ]
    140. 

  140.         then
    141. 

  141.             read -r cipher
    142. 

  142.         else
    143. 

  143.             printf "Enter text for decryption: "
    144. 

  144.             read cipher
    145. 

  145.             echo
    146. 

  146.         fi
    147. 

  147.         decrypt "$cipher" "$key"
    148. 

  148. 

  149.     elif [ "$1" = "-D" ]
    150. 

  150.     then
    151. 

  151.         dryrun
    152. 

  152.         exit 0
    153. 

  153. 

  154.     elif [ "$1" = "-h" ]
    155. 

  155.     then
    156. 

  156.         echo "Usage: $(basename $0) [-d] [-D] [-h]"
    157. 

  157.         echo "Encrypts a message with AES-128-CBC"
    158. 

  158.         echo "Where:"
    159. 

  159.         echo " -d : decrypts text instead of encrypting"
    160. 

  160.         echo " -i : regen config (and keys)."
    161. 

  161.         echo " -D : dry-run (test)"
    162. 

  162.         echo " -h : this help text."
    163. 

  163.         exit 0
    164. 

  164.     else
    165. 

  165.         echo "Unknown option. Try -h"
    166. 

  166.         exit 1
    167. 

  167.     fi
    168. 

  168. }
    169. 

  169. 

  170. main $*
    171. 

  171.