From cfffb71765c90089c4636b239a1df974a6326e53 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Fri, 17 Mar 2023 20:37:19 +0100 Subject: [PATCH] Update reference scripts with PBKDF2 key derivation Signed-off-by: Knut Ahlers --- cli_create.sh | 26 +++++++++++++------------- cli_get.sh | 14 +++++++------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/cli_create.sh b/cli_create.sh index 4529c8e..31f1cdc 100644 --- a/cli_create.sh +++ b/cli_create.sh @@ -3,33 +3,33 @@ set -euo pipefail deps=(curl jq) for cmd in "${deps[@]}"; do - which ${cmd} >/dev/null || { - echo "'${cmd}' util is required for this script" - exit 1 - } + which ${cmd} >/dev/null || { + echo "'${cmd}' util is required for this script" + exit 1 + } done # Get secret from CLI argument SECRET=${1:-} [[ -n $SECRET ]] || { - echo "Usage: $0 'secret to share'" - exit 1 + echo "Usage: $0 'secret to share'" + exit 1 } # Generate a random 8 character password pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true) # Encrypt the secret -ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 2>/dev/null) +ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null) # Create a secret and extract the secret ID id=$( - curl -sSf \ - -X POST \ - -H 'content-type: application/json' \ - -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \ - https://ots.fyi/api/create | - jq -r '.secret_id' + curl -sSf \ + -X POST \ + -H 'content-type: application/json' \ + -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \ + https://ots.fyi/api/create | + jq -r '.secret_id' ) # Display URL to user diff --git a/cli_get.sh b/cli_get.sh index 137fa93..03ce712 100644 --- a/cli_get.sh +++ b/cli_get.sh @@ -3,17 +3,17 @@ set -euo pipefail deps=(curl jq) for cmd in "${deps[@]}"; do - which ${cmd} >/dev/null || { - echo "'${cmd}' util is required for this script" - exit 1 - } + which ${cmd} >/dev/null || { + echo "'${cmd}' util is required for this script" + exit 1 + } done # Get URL from CLI argument url="${1:-}" [[ -n $url ]] || { - echo "Usage: $0 'URL to get the secret'" - exit 1 + echo "Usage: $0 'URL to get the secret'" + exit 1 } # normalize url and extract parts url="${url/|/%7C}" @@ -25,4 +25,4 @@ geturl="${host}/api/get/${id}" # fetch secret and decrypt to STDOUT curl -sSf "${geturl}" | jq -r ".secret" | - openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 -d 2>/dev/null + openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 -d 2>/dev/null