Update reference scripts with PBKDF2 key derivation
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
fb05e214f1
commit
cfffb71765
GPG key ID:
D91C3E91E4CAD6F5
2 changed files with 20 additions and 20 deletions
|
|
@ -3,33 +3,33 @@ set -euo pipefail
|
||||||
|
|
||||||
deps=(curl jq)
|
deps=(curl jq)
|
||||||
for cmd in "${deps[@]}"; do
|
for cmd in "${deps[@]}"; do
|
||||||
which ${cmd} >/dev/null || {
|
which ${cmd} >/dev/null || {
|
||||||
echo "'${cmd}' util is required for this script"
|
echo "'${cmd}' util is required for this script"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
done
|
done
|
||||||
|
|
||||||
# Get secret from CLI argument
|
# Get secret from CLI argument
|
||||||
SECRET=${1:-}
|
SECRET=${1:-}
|
||||||
[[ -n $SECRET ]] || {
|
[[ -n $SECRET ]] || {
|
||||||
echo "Usage: $0 'secret to share'"
|
echo "Usage: $0 'secret to share'"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
# Generate a random 8 character password
|
# Generate a random 8 character password
|
||||||
pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true)
|
pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true)
|
||||||
|
|
||||||
# Encrypt the secret
|
# Encrypt the secret
|
||||||
ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 2>/dev/null)
|
ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null)
|
||||||
|
|
||||||
# Create a secret and extract the secret ID
|
# Create a secret and extract the secret ID
|
||||||
id=$(
|
id=$(
|
||||||
curl -sSf \
|
curl -sSf \
|
||||||
-X POST \
|
-X POST \
|
||||||
-H 'content-type: application/json' \
|
-H 'content-type: application/json' \
|
||||||
-d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
|
-d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
|
||||||
https://ots.fyi/api/create |
|
https://ots.fyi/api/create |
|
||||||
jq -r '.secret_id'
|
jq -r '.secret_id'
|
||||||
)
|
)
|
||||||
|
|
||||||
# Display URL to user
|
# Display URL to user
|
||||||
|
|
|
||||||
14
cli_get.sh
14
cli_get.sh
|
|
@ -3,17 +3,17 @@ set -euo pipefail
|
||||||
|
|
||||||
deps=(curl jq)
|
deps=(curl jq)
|
||||||
for cmd in "${deps[@]}"; do
|
for cmd in "${deps[@]}"; do
|
||||||
which ${cmd} >/dev/null || {
|
which ${cmd} >/dev/null || {
|
||||||
echo "'${cmd}' util is required for this script"
|
echo "'${cmd}' util is required for this script"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
done
|
done
|
||||||
|
|
||||||
# Get URL from CLI argument
|
# Get URL from CLI argument
|
||||||
url="${1:-}"
|
url="${1:-}"
|
||||||
[[ -n $url ]] || {
|
[[ -n $url ]] || {
|
||||||
echo "Usage: $0 'URL to get the secret'"
|
echo "Usage: $0 'URL to get the secret'"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
# normalize url and extract parts
|
# normalize url and extract parts
|
||||||
url="${url/|/%7C}"
|
url="${url/|/%7C}"
|
||||||
|
|
@ -25,4 +25,4 @@ geturl="${host}/api/get/${id}"
|
||||||
|
|
||||||
# fetch secret and decrypt to STDOUT
|
# fetch secret and decrypt to STDOUT
|
||||||
curl -sSf "${geturl}" | jq -r ".secret" |
|
curl -sSf "${geturl}" | jq -r ".secret" |
|
||||||
openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 -d 2>/dev/null
|
openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 -d 2>/dev/null
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue