Created
March 11, 2021 23:01
-
-
Save krishnact/db78c41f955c379862cf2c5ead91d9f2 to your computer and use it in GitHub Desktop.
openSSHTool.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ACTION=$1 | |
| KEY=$2 | |
| SRCFILE=$3 | |
| OUTFILE=$4 | |
| function usage(){ | |
| echo $0 '[encrypt|decrypt] KEYFILE SRCFILE OUTFILE' | |
| echo for decrypt KEYFILE is private Key file | |
| echo for encrypt KEYFILE is public Key file | |
| echo example | |
| echo $0 encrypt publicKey.pem ~/tmp/clearFile.png /tmp/encrypted.png | |
| echo $0 decrypt privateKey.pem /tmp/encrypted.png ~/tmp/decrypted.png | |
| echo To generate key files use something like this: | |
| echo | |
| echo 'echo -n secret123 > passphrase.txt' | |
| echo 'openssl genrsa -aes128 -passout file:passphrase.txt 4096 > privateKey.pem' | |
| echo 'openssl rsa -in privateKey.pem -passin file:passphrase.txt -pubout > publicKey.pem' | |
| echo | |
| } | |
| function encrypt(){ | |
| PUBKEY=$KEY | |
| cat /dev/random | dd bs=1 count=32 > tmpPass.txt | |
| openssl rsautl -in tmpPass.txt -out tmpPass.enc -pubin -inkey ${PUBKEY} -encrypt | |
| openssl bf -pbkdf2 -in ${SRCFILE} -out tmpFile.enc -pass file:tmpPass.txt -e | |
| cat tmpPass.enc tmpFile.enc > ${OUTFILE} | |
| } | |
| function decrypt(){ | |
| PVTKEY=$KEY | |
| cat ${SRCFILE} | dd bs=1 count=512 > tmpPass1.enc | |
| cat ${SRCFILE} | dd bs=1 skip=512 > tmpFile1.enc | |
| openssl rsautl -passin file:passphrase.txt -in tmpPass1.enc -out tmpPass1.txt -inkey ${PVTKEY} -decrypt | |
| openssl bf -pbkdf2 -in tmpFile1.enc -out ${OUTFILE} -pass file:tmpPass1.txt -d | |
| } | |
| if [ $# -lt 4 ]; | |
| then | |
| usage | |
| exit | |
| fi | |
| if [ "x${ACTION}" = "xencrypt" ]; | |
| then | |
| encrypt | |
| fi | |
| if [ "x${ACTION}" = "xdecrypt" ]; | |
| then | |
| decrypt | |
| fi | |
| ### How to use? | |
| ### Use case: A wants to send some sensitive file (clearFile.png) to B. | |
| ### Assuming that A and B both have this wonderful script. | |
| ### Step 1: B generates key pair as mentioned in usage example | |
| ### Step 2: B sends the publicKey.pem to A using email. Only publicKey.pem not privateKey.pem. | |
| ### Step 3: A uses this script to encrypt the file. | |
| ### ./openSSLTool.sh encrypt publicKey.pem ~/tmp/clearFile.png /tmp/encrypted.png | |
| ### Step 4: A sends /tmp/encrypted.png to B using email | |
| ### Step 5: B saved the file as /tmp/encrypted.png uses this script to decrypt the file | |
| ### ./openSSLTool.sh decrypt privateKey.pem /tmp/encrypted.png ~/tmp/decrypted.png | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment