bash script to encrypt data using a users ssh public key https://sshenc.sh
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 1.9KB

2 years ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. # ![sshenc.sh](logo.png)
  2. **bash script to encrypt data using a users ssh public key**
  3. If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command without installing anything:
  4. ```
  5. bash <(curl -s https://sshenc.sh/sshenc.sh) -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt
  6. ```
  7. sshenc.sh uses openssl under the hood, so you need to have that installed in your path to make it work.
  8. ## Install
  9. ```
  10. curl -O https://sshenc.sh/sshenc.sh
  11. chmod +x sshenc.sh
  12. ```
  13. ## Examples
  14. ### encrypt a file using your own ssh public key
  15. ```
  16. sshenc.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
  17. ```
  18. ### encrypt a file using multiple recipients (broadcast encryption)
  19. ```
  20. sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-text-file.txt > encrypted.txt
  21. ```
  22. ### encrypt a file using the public key of a github user
  23. ```
  24. sshenc.sh -g S2- < plain-text-file.txt
  25. ```
  26. this line fetches the public keys for the github user S2- and encrypts the file plain-text-file.txt using its key(s).
  27. ### decrypt a file
  28. ```
  29. sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt
  30. ```
  31. ## Notes
  32. [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1/man1/openssl-enc.html) introduced a not backwards compatible change: the default digest to create a key from the passphrase changed from md5 to sha-256.
  33. Also, a new `-iter` parameter to explicitly specify a given number of iterations on the password in deriving the encryption key was added.
  34. Before OpenSSL 1.1.1 this option was not available.
  35. Since the new parameters are more secure, `sshenc.sh` changed to adopt them, so since 2019-11-26, files encrypted with a previous version of `sshenc.sh` will not decrypt.
  36. To do so, use the prevous `sshenc.sh` script, located at [https://sshenc.sh/sshenc-pre1.1.1.sh](https://sshenc.sh/sshenc-pre1.1.1.sh).
  37. ## License
  38. [MIT](https://opensource.org/licenses/MIT)