initial commit via gitinitshit

cleanup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "autodeleting these files:"
+find -type f  -not -path "*/.git*" \( -name "*.sha512" -o -name "checksums*" -o -name "private*" -o -name ".*" -o -name "*.sig" -o -name "*.7z" -o -name "anonymous_signer" \) -print -delete

create-attributable-archive.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+set -e
+
+unix_seconds=$(date +%s)
+key_path="$PWD/private_ed25519_${unix_seconds}"
+signature_tag="file-integrity"
+out_dir="$PWD/out"
+inner_dir="$out_dir/contents"
+
+mkdir -p "$inner_dir"
+
+checkcode () {
+    local retcode
+    if [ -z "$1" ]; then
+        echo -e "\n\e[31mERROR!\033[0m checkcode missing return code parameter\n"
+        exit 1
+    else
+        retcode=$1
+    fi
+
+    if [ $retcode -ne 0 ]; then
+        echo -e "\e[31mERROR!\033[0m Response Code: $retcode"
+    else
+        printf '\e[1;32mOK!\e[0m\n'
+    fi
+}
+
+printf "ssh-keygen: makin new key "
+ssh-keygen -t ed25519 -f "$key_path" -C "anonymous@local"
+checkcode $?
+printf "ssh-keygen: creating out/anonymous_signer"
+echo "anonymous@local namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
+checkcode $?
+
+printf "random: adding 1/2 random blocks of data to inner archive"
+dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 status=progress
+checkcode $?
+printf "random: adding 2/3 random blocks of data to outer archive"
+dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 status=progress
+checkcode $?
+
+printf "7z: compressing inner volume"
+7z a "$out_dir/contents.7z" "$inner_dir"
+checkcode $?
+
+printf "ssh: signing out/contents.7z"
+ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z"
+checkcode $?
+
+printf "sha512: generating sha512 checksums of files in out/ "
+(cd "$out_dir" && sha512sum * | tee checksums.sha512)
+checkcode $?
+
+echo "Enter attribution passphrase:"
+read -r -s attribution_passphrase
+echo
+echo "Enter attribution passphrase again:"
+read -r -s attribution_passphrase_check
+if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then
+    echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" >&2
+    exit 1
+else
+    echo -e "attribution_passphrase: \033[0;32mOK!\033[0m"
+fi
+unset attribution_passphrase_check
+{
+    printf '%s' "$attribution_passphrase"
+    cat "$out_dir/contents.7z"
+} | sha512sum | awk '{print $1}' | tee "$out_dir/attribution.sha512"
+
+printf "deleting $inner_dir"
+rm -rf "$inner_dir"
+checkcode $?
+
+printf "sanity checking"
+# todo: test verify shit
+checkcode $?
+
+printf "7z archiving outer dir"
+7z a "./out.7z" "$out_dir"
+checkcode $?

out/test_validation_passphrase.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+attrib_hash=$(cat "./attribution.sha512")
+
+echo "enter passphrase to test"
+read passphrase
+echo
+
+tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}')
+
+if [[ "$attrib_hash" == "$tested_hash" ]]; then
+    echo -e  "\n\nAttribution With Password $passphrase: \033[0;32mOK!\033[0m\n\n"
+else
+    echo -e "Attribution With Password $passphrase: \033[0;31mFAIL!\033[0m"
+fi

out/verify-everything.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+checkcode () {
+    if [ -z "$1" ]; then
+        echo -e "\n\e[31mERROR!\033[0m chkcode missing return code paramater\n"
+        exit 1
+    else
+        retcode=$1
+    fi
+
+    if [ $retcode -ne 0 ]; then
+        echo -e "\t\e[31mERROR!\033[0m Response Code: $retcode"
+    else
+        printf '\e[1;32mOK!\e[0m\n'
+    fi
+}
+
+printf "Testing contents.7z integrity... "
+7z t contents.7z > /dev/null 2>&1
+checkcode $?
+
+printf "Checking sha512 checksums... "
+sha512sum -c checksums.sha512 > /dev/null 2>&1
+checkcode $?
+
+printf "Checking signature against provided public key... "
+ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous@local" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null 2>&1
+checkcode $?