Update reference scripts with PBKDF2 key derivation

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-03-17 20:37:19 +01:00 · 2023-03-17 20:37:19 +01:00 · cfffb71765
commit cfffb71765
parent fb05e214f1
2 changed files with 20 additions and 20 deletions
--- a/cli_create.sh
+++ b/cli_create.sh
@ -20,7 +20,7 @@ SECRET=${1:-}
 pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true)

 # Encrypt the secret
-ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 2>/dev/null)
+ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null)

 # Create a secret and extract the secret ID
 id=$(
--- a/cli_get.sh
+++ b/cli_get.sh
@ -25,4 +25,4 @@ geturl="${host}/api/get/${id}"

 # fetch secret and decrypt to STDOUT
 curl -sSf "${geturl}" | jq -r ".secret" |
-	openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 -d 2>/dev/null
+  openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 -d 2>/dev/null