s2/sshenc.sh
1
0
Fork 0
mirror of https://github.com/5im-0n/sshenc.sh.git synced 2025-08-02 19:30:05 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: s2:c83123b09ab67563983c5ad517f7c5afb9e3a7a5
Branches Tags
s2:master
...
compare: s2:7524cf078a263cdfd40407f643bd65b1533e6da5
Branches Tags
s2:master

3 Commits
c83123b09a ... 7524cf078a

Author SHA1 Message Date
s2
7524cf078a use $me instead of basename, so it works better when it comes from stdin 2019-01-16 22:36:40 +01:00
s2
6cc79ed5b4 don't write empty key tag 2019-01-16 22:30:03 +01:00
s2
928d45a383 make subtext bold 2019-01-16 21:34:13 +01:00
2 changed files with 10 additions and 9 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,5 +1,5 @@
# sshenc.sh
> bash script to encrypt data using a users ssh public key.
**bash script to encrypt data using a users ssh public key**
If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command without installing anything:
```

17
sshenc.sh
View File

@@ -41,8 +41,8 @@ shift $((OPTIND -1))
[ "$1" = "--" ] && shift
temp_dir="$(mktemp -d -t "$me.XXXXXX")"
temp_file_key="$(mktemp "$temp_dir/$(basename "$0").XXXXXX.key")"
temp_file="$(mktemp "$temp_dir/$(basename "$0").XXXXXX.cypher")"
temp_file_key="$(mktemp "$temp_dir/$me.XXXXXX.key")"
temp_file="$(mktemp "$temp_dir/$me.XXXXXX.cypher")"
trap cleanup EXIT
#encrypt
@@ -54,13 +54,14 @@ if [[ "${#public_key[@]}" > 0 ]]; then
for pubkey in "${public_key[@]}"
do
if [[ -e "$pubkey" ]]; then
echo "-- key"
convertedpubkey=$temp_dir/$(basename "$pubkey").pem
ssh-keygen -f "$pubkey" -e -m PKCS8 > $convertedpubkey
#encrypt key with public keys
openssl rsautl -encrypt -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc
openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
echo "-- /key"
if openssl rsautl -encrypt -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc; then
echo "-- key"
openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
echo "-- /key"
fi
fi
done
echo "-- /keys"
@@ -92,8 +93,8 @@ elif [[ -e "$private_key" ]]; then
if ((echo "$key" | openssl base64 -d | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
if echo "$cypher" | openssl base64 -d | openssl aes-256-cbc -d -pass file:"$temp_file"; then
decrypted=true
fi;
fi;
fi
fi
done
if [ $decrypted = false ]; then