diff --git a/.gitignore b/.gitignore deleted file mode 100644 index ea0698c..0000000 --- a/.gitignore +++ /dev/null @@ -1,19 +0,0 @@ -archives/* -!archives/README.md -keystores/* -!keystores/README.md -out/* -!out/README.md -out/contents/* -!out/contents/README.md -Encrypt-Share-Attribution -Encrypt-Share-Attribution/* - -*.sha256 -*.sha512* -*private_* -*.pub* -*.7z* -*.sig* -*/checksums.sha512 -*/attribution-checksums.sha512 \ No newline at end of file diff --git a/README (# Edit conflict 2026-05-23 ij95dmC #).md b/README (# Edit conflict 2026-05-23 ij95dmC #).md deleted file mode 100644 index 7fe138a..0000000 --- a/README (# Edit conflict 2026-05-23 ij95dmC #).md +++ /dev/null @@ -1,70 +0,0 @@ -# Verifiably, Attributably Secure Archives -For when you need to distribute information anonymously, but wish to keep it provably full and intact, but _also_ wish to have options to prove attribution. - -## Writeup -### Purpose -todo -### Method -todo -### Issues -- two-way deanonymization is assumed when either method to attribute is used - - when sha512 method is used, originator is assumed to be the owner of the ed25519 key and vice versa - - any reveal of either signed note or sha512 attribution passphrase, the other is assumed to belong to the same entity - - opsec failures can result in two-way deanonymization - -## Usage -### Installation -todo -### Usage -todo - -## todo -1. x validate attribution thing -2. ? clean up output -3. x sanity checks -4. this README.md -5. x the README-instructions.txt and placedment for archive -6. x passphrase strength/length checks -7. sha256 mode with independant passphrase(?) -8. encrypt archive option - 1. inner - 1. goes first - 2. gets passphrase - 2. tests passphrase - 3. generates txt file backup - 4. then tests with passphrase - 2. outer - 1. goes second - 2. gets passphrase - 3. tests passphrase - 4. generates txt file backup - 5. then tests with passphrase -9. random data optional - 1. `read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever you please then press any key to continue..."` - 2. x now only takes up 2Kb! - 3. only use 128 bytes (1024 bits) x 2 - 1. `openssl rand -out "$out_dir/.$RANDOM" 128` - 2. `openssl rand -out "$inner_dir/.$RANDOM" 128` - 3. `find "$out_dir" -type f -name ".*" -exec chown $USER:$USER "{}" \;` - 4. `find "$out_dir" -type f -name ".*" -exec chmod 600 "{}" \;` -10. writeup in this README -11. usage in this README -12. specification definition - 1. Specification.md -13. FileMap.md -14. function: passphrase checkin - 1. match - 2. pass cracklib-check - 3. =>35 chars long - 4. pass call to haveibeenpwned.com api -15. - -## Changelog -- reduced random data to 2x 10Kb -- reduced random data to 2x 1Kb -- added password strength check with cracklib-check -- cleaned up output -- added housekeeping - - set perms and ownership on archives and keystore to minimum - - shred all erronious files and dirs -- cleaned up code \ No newline at end of file diff --git a/archives/verifiable_archive_1779558390.7z b/archives/verifiable_archive_1779558390.7z new file mode 100644 index 0000000..e177b23 Binary files /dev/null and b/archives/verifiable_archive_1779558390.7z differ diff --git a/keystore/keystore_1779558390.7z b/keystore/keystore_1779558390.7z new file mode 100644 index 0000000..14ced0e Binary files /dev/null and b/keystore/keystore_1779558390.7z differ diff --git a/out/test_validate_passphrase.sh b/out/test_validate_passphrase.sh index 822606a..580925e 100755 --- a/out/test_validate_passphrase.sh +++ b/out/test_validate_passphrase.sh @@ -2,9 +2,13 @@ set -e attrib_hash=$(cat "./attribution-checksum.sha512") -echo "enter passphrase to test" -read passphrase -echo +if [ -z "$1" ]; then + echo "enter passphrase to test" + read passphrase + echo +else + passphrase="$1" +fi tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}')