From 888d96de8f4b2d141031a92eb5eefb19686f243f Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Sat, 23 May 2026 03:36:56 -0600 Subject: [PATCH] initial commit via gitinitshit --- cleanup.sh | 3 ++ create-attributable-archive.sh | 81 +++++++++++++++++++++++++++++++ out/.16403 | 0 out/test_validation_passphrase.sh | 15 ++++++ out/verify-everything.sh | 29 +++++++++++ 5 files changed, 128 insertions(+) create mode 100755 cleanup.sh create mode 100755 create-attributable-archive.sh create mode 100644 out/.16403 create mode 100755 out/test_validation_passphrase.sh create mode 100755 out/verify-everything.sh diff --git a/cleanup.sh b/cleanup.sh new file mode 100755 index 0000000..9f7aa81 --- /dev/null +++ b/cleanup.sh @@ -0,0 +1,3 @@ +#!/bin/bash +echo "autodeleting these files:" +find -type f -not -path "*/.git*" \( -name "*.sha512" -o -name "checksums*" -o -name "private*" -o -name ".*" -o -name "*.sig" -o -name "*.7z" -o -name "anonymous_signer" \) -print -delete diff --git a/create-attributable-archive.sh b/create-attributable-archive.sh new file mode 100755 index 0000000..8bcea3c --- /dev/null +++ b/create-attributable-archive.sh @@ -0,0 +1,81 @@ +#!/bin/bash +set -e + +unix_seconds=$(date +%s) +key_path="$PWD/private_ed25519_${unix_seconds}" +signature_tag="file-integrity" +out_dir="$PWD/out" +inner_dir="$out_dir/contents" + +mkdir -p "$inner_dir" + +checkcode () { + local retcode + if [ -z "$1" ]; then + echo -e "\n\e[31mERROR!\033[0m checkcode missing return code parameter\n" + exit 1 + else + retcode=$1 + fi + + if [ $retcode -ne 0 ]; then + echo -e "\e[31mERROR!\033[0m Response Code: $retcode" + else + printf '\e[1;32mOK!\e[0m\n' + fi +} + +printf "ssh-keygen: makin new key " +ssh-keygen -t ed25519 -f "$key_path" -C "anonymous@local" +checkcode $? +printf "ssh-keygen: creating out/anonymous_signer" +echo "anonymous@local namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer" +checkcode $? + +printf "random: adding 1/2 random blocks of data to inner archive" +dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 status=progress +checkcode $? +printf "random: adding 2/3 random blocks of data to outer archive" +dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 status=progress +checkcode $? + +printf "7z: compressing inner volume" +7z a "$out_dir/contents.7z" "$inner_dir" +checkcode $? + +printf "ssh: signing out/contents.7z" +ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" +checkcode $? + +printf "sha512: generating sha512 checksums of files in out/ " +(cd "$out_dir" && sha512sum * | tee checksums.sha512) +checkcode $? + +echo "Enter attribution passphrase:" +read -r -s attribution_passphrase +echo +echo "Enter attribution passphrase again:" +read -r -s attribution_passphrase_check +if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then + echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" >&2 + exit 1 +else + echo -e "attribution_passphrase: \033[0;32mOK!\033[0m" +fi +unset attribution_passphrase_check +{ + printf '%s' "$attribution_passphrase" + cat "$out_dir/contents.7z" +} | sha512sum | awk '{print $1}' | tee "$out_dir/attribution.sha512" + +printf "deleting $inner_dir" +rm -rf "$inner_dir" +checkcode $? + +printf "sanity checking" +# todo: test verify shit +checkcode $? + +printf "7z archiving outer dir" +7z a "./out.7z" "$out_dir" +checkcode $? diff --git a/out/.16403 b/out/.16403 new file mode 100644 index 0000000..e69de29 diff --git a/out/test_validation_passphrase.sh b/out/test_validation_passphrase.sh new file mode 100755 index 0000000..4172017 --- /dev/null +++ b/out/test_validation_passphrase.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e +attrib_hash=$(cat "./attribution.sha512") + +echo "enter passphrase to test" +read passphrase +echo + +tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}') + +if [[ "$attrib_hash" == "$tested_hash" ]]; then + echo -e "\n\nAttribution With Password $passphrase: \033[0;32mOK!\033[0m\n\n" +else + echo -e "Attribution With Password $passphrase: \033[0;31mFAIL!\033[0m" +fi diff --git a/out/verify-everything.sh b/out/verify-everything.sh new file mode 100755 index 0000000..7d31352 --- /dev/null +++ b/out/verify-everything.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -e + +checkcode () { + if [ -z "$1" ]; then + echo -e "\n\e[31mERROR!\033[0m chkcode missing return code paramater\n" + exit 1 + else + retcode=$1 + fi + + if [ $retcode -ne 0 ]; then + echo -e "\t\e[31mERROR!\033[0m Response Code: $retcode" + else + printf '\e[1;32mOK!\e[0m\n' + fi +} + +printf "Testing contents.7z integrity... " +7z t contents.7z > /dev/null 2>&1 +checkcode $? + +printf "Checking sha512 checksums... " +sha512sum -c checksums.sha512 > /dev/null 2>&1 +checkcode $? + +printf "Checking signature against provided public key... " +ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous@local" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null 2>&1 +checkcode $?