Update reference scripts with PBKDF2 key derivation

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-03-17 20:37:19 +01:00 · 2023-03-17 20:37:19 +01:00 · cfffb71765
commit cfffb71765
parent fb05e214f1
2 changed files with 20 additions and 20 deletions
--- a/cli_create.sh
+++ b/cli_create.sh
@ -3,33 +3,33 @@ set -euo pipefail

 deps=(curl jq)
 for cmd in "${deps[@]}"; do
-	which ${cmd} >/dev/null || {
-		echo "'${cmd}' util is required for this script"
-		exit 1
-	}
+  which ${cmd} >/dev/null || {
+    echo "'${cmd}' util is required for this script"
+    exit 1
+  }
 done

 # Get secret from CLI argument
 SECRET=${1:-}
 [[ -n $SECRET ]] || {
-	echo "Usage: $0 'secret to share'"
-	exit 1
+  echo "Usage: $0 'secret to share'"
+  exit 1
 }

 # Generate a random 8 character password
 pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true)

 # Encrypt the secret
-ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 2>/dev/null)
+ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null)

 # Create a secret and extract the secret ID
 id=$(
-	curl -sSf \
-		-X POST \
-		-H 'content-type: application/json' \
-		-d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
-		https://ots.fyi/api/create |
-		jq -r '.secret_id'
+  curl -sSf \
+    -X POST \
+    -H 'content-type: application/json' \
+    -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \
+    https://ots.fyi/api/create |
+    jq -r '.secret_id'
 )

 # Display URL to user
--- a/cli_get.sh
+++ b/cli_get.sh
@ -3,17 +3,17 @@ set -euo pipefail

 deps=(curl jq)
 for cmd in "${deps[@]}"; do
-	which ${cmd} >/dev/null || {
-		echo "'${cmd}' util is required for this script"
-		exit 1
-	}
+  which ${cmd} >/dev/null || {
+    echo "'${cmd}' util is required for this script"
+    exit 1
+  }
 done

 # Get URL from CLI argument
 url="${1:-}"
 [[ -n $url ]] || {
-	echo "Usage: $0 'URL to get the secret'"
-	exit 1
+  echo "Usage: $0 'URL to get the secret'"
+  exit 1
 }
 # normalize url and extract parts
 url="${url/|/%7C}"
@ -25,4 +25,4 @@ geturl="${host}/api/get/${id}"

 # fetch secret and decrypt to STDOUT
 curl -sSf "${geturl}" | jq -r ".secret" |
-	openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 -d 2>/dev/null
+  openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 -d 2>/dev/null