From 9ba397e4778268f5eb41708ab183a0b57f216c5c Mon Sep 17 00:00:00 2001 From: Frank Bischof Date: Wed, 17 Apr 2024 12:03:02 +0200 Subject: [PATCH 1/2] #3 - Seperated hash from filename --- README.md | 14 ++++++++------ crypter.sh | 20 +++++++++----------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 9f08140..2e4778e 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,14 @@ # Crypter -Script to encrypt and decrypt files easily using openssl +Script to encrypt and decrypt files easily using openssl. ## Howto - ./crypter.sh -[e/d] [inputfile] + ./crypter.sh -[e/d] [inputfile] --no-verify ### Options - -e for encrypt - -d for decrypt + -e for encrypt - Encrypts the filename and adds a hash file. + -d for decrypt - Decrypts the file and removes crypt files after hash check. + --no-verify - Decrypts the file without comparing the hash. ## Additional info Uses des-ede3-cbc pbkdf2 with salt by default but can be configured in the ~/.crypter/.algos file.\ -Files are converted using base64 encoding.\ +Files are converted using base64 encoding. -Files hash is checked uppon decrypting +Files hash is checked uppon decrypting\ +This can be ignored using the --no-verify flag. diff --git a/crypter.sh b/crypter.sh index a93d455..1663c01 100755 --- a/crypter.sh +++ b/crypter.sh @@ -28,9 +28,9 @@ source ~/.crypter/.algos case "$1" in "-e") echo "Encrypting file ${INPUT}" - HASH=$(sha256sum $INPUT | awk '{ print $1 }') - OUTPUT="${INPUT}.${HASH}.crypto" - openssl enc $ALGOS -salt -in ${INPUT} -out ${OUTPUT}.temp + OUTPUT="${INPUT}.crypt" + HASH=$(sha256sum ${INPUT} > ${OUTPUT}.hash) + openssl enc ${ALGOS} -salt -in ${INPUT} -out ${OUTPUT}.temp > /dev/null 2>&1 base64 ${OUTPUT}.temp > ${OUTPUT} rm -f ${OUTPUT}.temp if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] @@ -42,22 +42,21 @@ case "$1" in else # NOK - remove empty output file echo "CRITICAL - Output file ${OUTPUT} is 0 bytes! Not removing the source file ${INPUT}" - rm -f ${OUTPUT} + rm -f ${OUTPUT} ${INPUT}.hash exit 2 fi ;; "-d") echo "Decrypting file ${INPUT}"; - OUTPUT=$(echo $INPUT | sed 's/\.crypto//') - HASH=$(echo $OUTPUT | sed 's/^.*\.//') + OUTPUT=$(echo ${INPUT} | sed 's/\.crypt//') base64 -d ${INPUT} > ${INPUT}.temp - openssl enc -d $ALGOS -in ${INPUT}.temp -out ${OUTPUT} + openssl enc -d ${ALGOS} -in ${INPUT}.temp -out ${OUTPUT} > /dev/null 2>&1 rm -f ${INPUT}.temp if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] then # SHA256SUM CHECK - CUR_HASH=$(sha256sum ${OUTPUT} | awk '{ print $1 }') - if [ "${HASH}" != "${CUR_HASH}" ] + CUR_HASH=$(sha256sum --quiet --check ${OUTPUT}.crypt.hash) + if [ $? != 0 ] then # NOK - Hash mismatch echo "CRITICAL - Hashes mismatching!" @@ -66,8 +65,7 @@ case "$1" in else # OK - safe to delete the original input file echo "OK - Hashes matching, deleting input file" - rm -f ${INPUT} - mv ${OUTPUT} $(echo $OUTPUT | sed 's/\..*//') + rm -f ${INPUT} ${INPUT}.hash exit 0 fi else From d66ca83f95c667f2b9bbe0456c16a5747e0e00be Mon Sep 17 00:00:00 2001 From: Frank Bischof Date: Wed, 17 Apr 2024 12:17:09 +0200 Subject: [PATCH 2/2] #4 - Adding ignore hash --- README.md | 2 +- crypter.sh | 31 +++++++++++++++++++------------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2e4778e..27ee2d4 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Crypter Script to encrypt and decrypt files easily using openssl. ## Howto - ./crypter.sh -[e/d] [inputfile] --no-verify + ./crypter.sh -[e/d] inputfile [--no-verify] ### Options -e for encrypt - Encrypts the filename and adds a hash file. -d for decrypt - Decrypts the file and removes crypt files after hash check. diff --git a/crypter.sh b/crypter.sh index 1663c01..099bae0 100755 --- a/crypter.sh +++ b/crypter.sh @@ -12,7 +12,7 @@ then exit 2 fi else - echo "Usage: ./crypter.sh -[e/d] [inputfile]"; + echo "Usage: ./crypter.sh -[e/d] inputfile [--no-verify]"; exit 1 fi @@ -42,7 +42,7 @@ case "$1" in else # NOK - remove empty output file echo "CRITICAL - Output file ${OUTPUT} is 0 bytes! Not removing the source file ${INPUT}" - rm -f ${OUTPUT} ${INPUT}.hash + rm -f ${OUTPUT} ${OUTPUT}.hash exit 2 fi ;; @@ -54,20 +54,27 @@ case "$1" in rm -f ${INPUT}.temp if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] then - # SHA256SUM CHECK - CUR_HASH=$(sha256sum --quiet --check ${OUTPUT}.crypt.hash) - if [ $? != 0 ] + if [ "$3" != '--no-verify' ] then - # NOK - Hash mismatch - echo "CRITICAL - Hashes mismatching!" - rm -f ${OUTPUT} - exit 2 + # SHA256SUM CHECK + CUR_HASH=$(sha256sum --quiet --check ${OUTPUT}.crypt.hash) + if [ $? != 0 ] + then + # NOK - Hash mismatch + echo "CRITICAL - Hashes mismatching!" + rm -f ${OUTPUT} + exit 2 + else + # OK - safe to delete the original input file + echo "OK - Hashes matching, deleting input file" + rm -f ${INPUT} ${INPUT}.hash + exit 0 + fi else - # OK - safe to delete the original input file - echo "OK - Hashes matching, deleting input file" + echo "Ignoring hash verify" rm -f ${INPUT} ${INPUT}.hash - exit 0 fi + else # NOK - remove empty output file echo "CRITICAL - Output file is 0 bytes! Not removing the input file"