Created
September 29, 2016 17:06
-
-
Save elfgoh/6186960a44a2239a9f3fd7f911c6a757 to your computer and use it in GitHub Desktop.
A simple git pre-commit hook that checks if any public keys in the current directory with extension .pub is secure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # A simple git pre-commit hook that checks if any public keys in the current directory with extension .pub is secure | |
| for i in $(ls pubkeys/*.pub) | |
| do | |
| # DSA is insecure | |
| f=$(ssh-keygen -l -f $i | cut -d "(" -f2 | cut -d ")" -f1) | |
| echo "$f" | |
| [ "$f" = "DSA" ] && echo "DSA is insecure: $i" && exit 1 | |
| #RSA < 2096 bits is not that secure | |
| b=$(ssh-keygen -l -f $i | awk -F\ '{print $1}') | |
| [ "$f" = "RSA" ] && [ "$b" -lt 4096 ] && echo "RSA should not be < 4096 bits: $i" && exit 1 | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment