PrincessPi/Encrypt-Share-Attribution
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

this is my life now. infinite frustration cast upon me by an evil curse

Browse Source
This commit is contained in:
Princess Pi
2026-05-23 11:33:43 -06:00
parent 738a794d89
commit 568ee014d4
2 changed files with 107 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
create-attributable-archive.sh
+102 -18
View File
@@ -25,7 +25,7 @@ checkcode() {
reset() { reset() {
printf "autoshredding these files..." printf "autoshredding these files..."
find . -type f \( -path ".git" -o -path "keystore" -o -path "archives" \) -prune \( -name "*.sha512" -o -name "checksums*" -o -name "private_*" -o -name ".*" -o -name "*.sig" -o -name "*.7z" -o -name "anonymous_signer" \) -print -exec shred -uz {} \; find . \( -path "./.git" -o -path "./keystore" -o -path "./archives" \) -prune -o -type f \( -name "*.sha512" -o -name "checksums*" -o -name "private_*" -o -name ".*" -o -name "*.sig" -o -name "*.7z" -o -name "anonymous_signer" \) -print -exec shred -uz {} \;
checkcode $? checkcode $?
if compgen -G "private_*"; then if compgen -G "private_*"; then
@@ -49,7 +49,7 @@ reset() {
mkdir -p "$inner_dir" > /dev/null 2>&1 mkdir -p "$inner_dir" > /dev/null 2>&1
checkcode $? checkcode $?
printf "updating $inner_dir/READMD.md..." printf "updating $inner_dir/README.md..."
echo "put files to verifiably archive in here" > "$inner_dir/README.md" echo "put files to verifiably archive in here" > "$inner_dir/README.md"
checkcode $? checkcode $?
@@ -57,7 +57,7 @@ reset() {
echo "# todo: make this nice" > "$out_dir/README.md" echo "# todo: make this nice" > "$out_dir/README.md"
checkcode $? checkcode $?
printf "making "$out_dir"/test_validate_passphrase.sh..." printf "making $out_dir/test_validate_passphrase.sh..."
cp test_validate_passphrase.txt "$out_dir/test_validate_passphrase.sh" > /dev/null 2>&1 cp test_validate_passphrase.txt "$out_dir/test_validate_passphrase.sh" > /dev/null 2>&1
checkcode $? checkcode $?
@@ -69,7 +69,7 @@ reset() {
cp verify-everything.txt "$out_dir"/verify-everything.sh > /dev/null 2>&1 cp verify-everything.txt "$out_dir"/verify-everything.sh > /dev/null 2>&1
checkcode $? checkcode $?
printf "making $out_dir/verify-everything.sh executable"... printf "making $out_dir/verify-everything.sh executable..."
chmod +x "$out_dir/verify-everything.sh" > /dev/null 2>&1 chmod +x "$out_dir/verify-everything.sh" > /dev/null 2>&1
checkcode $? checkcode $?
@@ -87,7 +87,7 @@ reset() {
find "$dir" -mindepth 1 -type d -exec srm -r -z -l -l "{}" \; > /dev/null 2>&1 find "$dir" -mindepth 1 -type d -exec srm -r -z -l -l "{}" \; > /dev/null 2>&1
checkcode $? checkcode $?
printf "finding and shredding erronious files in ${dir}..." printf "finding and shredding erroneous files in ${dir}..."
find "$dir" -type f \( -name "private_ed25519_*" -o -name "attribution_passphrase_*" \) -exec shred -uz "{}" \; > /dev/null 2>&1 find "$dir" -type f \( -name "private_ed25519_*" -o -name "attribution_passphrase_*" \) -exec shred -uz "{}" \; > /dev/null 2>&1
checkcode $? checkcode $?
@@ -97,6 +97,86 @@ reset() {
done done
} }
# some heinously vibe coded shit pls forgiv
audit_passphrase() {
local raw_password="$1"
local check_password="$2"
if [[ -z "$raw_password" ]]; then
echo "[ERROR] No passphrase provided for validation." >&2
exit 2
fi
if [[ -z "$check_password" ]]; then
echo "[ERROR] No check passphrase provided for validation." >&2
exit 2
fi
if [[ "$raw_password" != "$check_password" ]]; then
echo "[ERROR] Passphrases do not match!" >&2
exit 2
fi
unset check_password
# --------------------------------------------------------------------------
# GATE 1: Minimum Length Verification (35+ Characters)
# --------------------------------------------------------------------------
local pass_len="${#raw_password}"
if [ "$pass_len" -lt 35 ]; then
echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35."
exit 1
fi
echo " [PASS] Length verification satisfied ($pass_len characters)."
# --------------------------------------------------------------------------
# GATE 2: Local Dictionary Check (cracklib-check)
# --------------------------------------------------------------------------
# cracklib-check reads from stdin and outputs 'password: status'
# If secure, the status string reads "OK"
if ! command -v cracklib-check &> /dev/null; then
echo "[WARN] cracklib-check binary not found. Skipping dictionary audit." >&2
else
local cracklib_result
cracklib_result=$(echo "$raw_password" | cracklib-check | cut -d':' -f2 | xargs)
if [[ "$cracklib_result" != "OK" ]]; then
echo "❌ REJECTED by cracklib-check: $cracklib_result"
exit 1
fi
echo " [PASS] Local dictionary and structural complexity audit clear."
fi
# --------------------------------------------------------------------------
# GATE 3: Remote Anonymized Leak Check (HIBP API via k-Anonymity)
# --------------------------------------------------------------------------
local full_hash
full_hash=$(echo -n "$raw_password" | openssl dgst -sha1 | awk '{print toupper($2)}')
local prefix="${full_hash:0:5}"
local suffix="${full_hash:5}"
local api_url="https://api.pwnedpasswords.com/range/$prefix"
local response
if ! response=$(curl -s -H "User-Agent: Bash-Passphrase-Audit-Script" "$api_url"); then
echo "[FATAL] Failed to communicate with HIBP API." >&2
exit 3
fi
local match
match=$(echo "$response" | grep -i "^$suffix:")
if [[ -n "$match" ]]; then
local pwn_count
pwn_count=$(echo "$match" | cut -d':' -f2 | tr -d $'\r')
echo "❌ VULNERABLE: This passphrase has appeared in $pwn_count known public breaches."
exit 1
else
echo "✅ SUCCESS: Passphrase meets all local criteria and was not found in HIBP records."
return 0
fi
}
printf "setting up environment..." printf "setting up environment..."
reset reset
@@ -165,15 +245,19 @@ echo "Enter attribution passphrase again:"
read -r -s attribution_passphrase_check read -r -s attribution_passphrase_check
echo echo
if printf "$attribution_passphrase" | cracklib-check | grep -q 'OK'; then printf "auditing attribution passphrase"
echo -e "attribution passphrase strength: \033[0;32mOK!\033[0m" audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"
else checkcode $?
echo -e "\n\n\033[0;31mAttribution passphrase ia not secure enough! Exiting!\033[0m\n\n" > /dev/null 2>&1
exit 1 # if printf "%s" "$attribution_passphrase" | cracklib-check | grep -q 'OK'; then
fi # echo -e "attribution passphrase strength: \033[0;32mOK!\033[0m"
# else
# echo -e "\n\n\033[0;31mAttribution passphrase is not secure enough! Exiting!\033[0m\n\n"
# exit 1
# fi
if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then
echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1 echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n"
exit 1 exit 1
else else
echo -e "attribution_passphrase: \033[0;32mOK!\033[0m" echo -e "attribution_passphrase: \033[0;32mOK!\033[0m"
@@ -196,7 +280,7 @@ cd "$out_dir" > /dev/null 2>&1
checkcode $? checkcode $?
printf "sanity checking: verification..." printf "sanity checking: verification..."
bash verify-everything.sh "$attribution_passhrase" bash verify-everything.sh "$attribution_passphrase"
checkcode $? checkcode $?
printf "sanity checking: validate attribution passphrase..." printf "sanity checking: validate attribution passphrase..."
@@ -227,25 +311,25 @@ echo "input keystore passphrase (again):"
read -r -s keystore_passphrase_check read -r -s keystore_passphrase_check
echo echo
if printf "$keystore_passphrase" | cracklib-check | grep -q 'OK'; then if printf "%s" "$keystore_passphrase" | cracklib-check | grep -q 'OK'; then
echo -e "keystore passphrase strength: \033[0;32mOK!\033[0m" echo -e "keystore passphrase strength: \033[0;32mOK!\033[0m"
else else
echo -e "\n\n\033[0;31mKeystore passphrase not strong enough! Exiting!\033[0m\n\n" > /dev/null 2>&1 echo -e "\n\n\033[0;31mKeystore passphrase not strong enough! Exiting!\033[0m\n\n"
exit 1 exit 1
fi fi
if [[ "$keystore_passphrase" != "$keystore_passphrase_check" ]]; then if [[ "$keystore_passphrase" != "$keystore_passphrase_check" ]]; then
echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1 echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n"
exit 1 exit 1
else else
echo -e "keystore passphrases... \e[1;32mOK!\e[0m" echo -e "keystore passphrases... \e[1;32mOK!\e[0m"
fi fi
printf "unsetting keystore passphrase checl" printf "unsetting keystore passphrase check"
unset keystore_passphrase_check > /dev/null 2>&1 unset keystore_passphrase_check > /dev/null 2>&1
checkcode $? checkcode $?
printf "archivin keys..." printf "archiving keys..."
7z a "keystore/keystore_${unix_seconds}.7z" "private_*" "attribution_passphrase_*" -p"$keystore_passphrase" -mhe=on > /dev/null 2>&1 7z a "keystore/keystore_${unix_seconds}.7z" "private_*" "attribution_passphrase_*" -p"$keystore_passphrase" -mhe=on > /dev/null 2>&1
checkcode $? checkcode $?
vibecoded_audit_pass.sh
+5 -5
View File
@@ -13,7 +13,7 @@ audit_passphrase() {
if [[ -z "$raw_password" ]]; then if [[ -z "$raw_password" ]]; then
echo "[ERROR] No passphrase provided for validation." >&2 echo "[ERROR] No passphrase provided for validation." >&2
return 2 exit 2
fi fi
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
@@ -22,7 +22,7 @@ audit_passphrase() {
local pass_len="${#raw_password}" local pass_len="${#raw_password}"
if [ "$pass_len" -lt 35 ]; then if [ "$pass_len" -lt 35 ]; then
echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35." echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35."
return 1 exit 1
fi fi
echo " [PASS] Length verification satisfied ($pass_len characters)." echo " [PASS] Length verification satisfied ($pass_len characters)."
@@ -39,7 +39,7 @@ audit_passphrase() {
if [[ "$cracklib_result" != "OK" ]]; then if [[ "$cracklib_result" != "OK" ]]; then
echo "❌ REJECTED by cracklib-check: $cracklib_result" echo "❌ REJECTED by cracklib-check: $cracklib_result"
return 1 exit 1
fi fi
echo " [PASS] Local dictionary and structural complexity audit clear." echo " [PASS] Local dictionary and structural complexity audit clear."
fi fi
@@ -57,7 +57,7 @@ audit_passphrase() {
if ! response=$(curl -s -H "User-Agent: Bash-Passphrase-Audit-Script" "$api_url"); then if ! response=$(curl -s -H "User-Agent: Bash-Passphrase-Audit-Script" "$api_url"); then
echo "[FATAL] Failed to communicate with HIBP API." >&2 echo "[FATAL] Failed to communicate with HIBP API." >&2
return 3 exit 3
fi fi
local match local match
@@ -67,7 +67,7 @@ audit_passphrase() {
local pwn_count local pwn_count
pwn_count=$(echo "$match" | cut -d':' -f2 | tr -d $'\r') pwn_count=$(echo "$match" | cut -d':' -f2 | tr -d $'\r')
echo "❌ VULNERABLE: This passphrase has appeared in $pwn_count known public breaches." echo "❌ VULNERABLE: This passphrase has appeared in $pwn_count known public breaches."
return 1 exit 1
else else
echo "✅ SUCCESS: Passphrase meets all local criteria and was not found in HIBP records." echo "✅ SUCCESS: Passphrase meets all local criteria and was not found in HIBP records."
return 0 return 0