From 9ba397e4778268f5eb41708ab183a0b57f216c5c Mon Sep 17 00:00:00 2001 From: Frank Bischof Date: Wed, 17 Apr 2024 12:03:02 +0200 Subject: [PATCH] #3 - Seperated hash from filename --- README.md | 14 ++++++++------ crypter.sh | 20 +++++++++----------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 9f08140..2e4778e 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,14 @@ # Crypter -Script to encrypt and decrypt files easily using openssl +Script to encrypt and decrypt files easily using openssl. ## Howto - ./crypter.sh -[e/d] [inputfile] + ./crypter.sh -[e/d] [inputfile] --no-verify ### Options - -e for encrypt - -d for decrypt + -e for encrypt - Encrypts the filename and adds a hash file. + -d for decrypt - Decrypts the file and removes crypt files after hash check. + --no-verify - Decrypts the file without comparing the hash. ## Additional info Uses des-ede3-cbc pbkdf2 with salt by default but can be configured in the ~/.crypter/.algos file.\ -Files are converted using base64 encoding.\ +Files are converted using base64 encoding. -Files hash is checked uppon decrypting +Files hash is checked uppon decrypting\ +This can be ignored using the --no-verify flag. diff --git a/crypter.sh b/crypter.sh index a93d455..1663c01 100755 --- a/crypter.sh +++ b/crypter.sh @@ -28,9 +28,9 @@ source ~/.crypter/.algos case "$1" in "-e") echo "Encrypting file ${INPUT}" - HASH=$(sha256sum $INPUT | awk '{ print $1 }') - OUTPUT="${INPUT}.${HASH}.crypto" - openssl enc $ALGOS -salt -in ${INPUT} -out ${OUTPUT}.temp + OUTPUT="${INPUT}.crypt" + HASH=$(sha256sum ${INPUT} > ${OUTPUT}.hash) + openssl enc ${ALGOS} -salt -in ${INPUT} -out ${OUTPUT}.temp > /dev/null 2>&1 base64 ${OUTPUT}.temp > ${OUTPUT} rm -f ${OUTPUT}.temp if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] @@ -42,22 +42,21 @@ case "$1" in else # NOK - remove empty output file echo "CRITICAL - Output file ${OUTPUT} is 0 bytes! Not removing the source file ${INPUT}" - rm -f ${OUTPUT} + rm -f ${OUTPUT} ${INPUT}.hash exit 2 fi ;; "-d") echo "Decrypting file ${INPUT}"; - OUTPUT=$(echo $INPUT | sed 's/\.crypto//') - HASH=$(echo $OUTPUT | sed 's/^.*\.//') + OUTPUT=$(echo ${INPUT} | sed 's/\.crypt//') base64 -d ${INPUT} > ${INPUT}.temp - openssl enc -d $ALGOS -in ${INPUT}.temp -out ${OUTPUT} + openssl enc -d ${ALGOS} -in ${INPUT}.temp -out ${OUTPUT} > /dev/null 2>&1 rm -f ${INPUT}.temp if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] then # SHA256SUM CHECK - CUR_HASH=$(sha256sum ${OUTPUT} | awk '{ print $1 }') - if [ "${HASH}" != "${CUR_HASH}" ] + CUR_HASH=$(sha256sum --quiet --check ${OUTPUT}.crypt.hash) + if [ $? != 0 ] then # NOK - Hash mismatch echo "CRITICAL - Hashes mismatching!" @@ -66,8 +65,7 @@ case "$1" in else # OK - safe to delete the original input file echo "OK - Hashes matching, deleting input file" - rm -f ${INPUT} - mv ${OUTPUT} $(echo $OUTPUT | sed 's/\..*//') + rm -f ${INPUT} ${INPUT}.hash exit 0 fi else