PrincessPi/Encrypt-Share-Attribution
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

no bs shit

Browse Source
This commit is contained in:
Princess Pi
2026-05-23 11:47:33 -06:00
parent d8f126a128
commit 91e40493b4
5 changed files with 7 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
-19
View File
@@ -1,19 +0,0 @@
archives/*
!archives/README.md
keystores/*
!keystores/README.md
out/*
!out/README.md
out/contents/*
!out/contents/README.md
Encrypt-Share-Attribution
Encrypt-Share-Attribution/*
*.sha256
*.sha512*
*private_*
*.pub*
*.7z*
*.sig*
*/checksums.sha512
*/attribution-checksums.sha512
README (# Edit conflict 2026-05-23 ij95dmC #).md
-70
View File
@@ -1,70 +0,0 @@
# Verifiably, Attributably Secure Archives
For when you need to distribute information anonymously, but wish to keep it provably full and intact, but _also_ wish to have options to prove attribution.
## Writeup
### Purpose
todo
### Method
todo
### Issues
- two-way deanonymization is assumed when either method to attribute is used
- when sha512 method is used, originator is assumed to be the owner of the ed25519 key and vice versa
- any reveal of either signed note or sha512 attribution passphrase, the other is assumed to belong to the same entity
- opsec failures can result in two-way deanonymization
## Usage
### Installation
todo
### Usage
todo
## todo
1. x validate attribution thing
2. ? clean up output
3. x sanity checks
4. this README.md
5. x the README-instructions.txt and placedment for archive
6. x passphrase strength/length checks
7. sha256 mode with independant passphrase(?)
8. encrypt archive option
1. inner
1. goes first
2. gets passphrase
2. tests passphrase
3. generates txt file backup
4. then tests with passphrase
2. outer
1. goes second
2. gets passphrase
3. tests passphrase
4. generates txt file backup
5. then tests with passphrase
9. random data optional
1. `read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever you please then press any key to continue..."`
2. x now only takes up 2Kb!
3. only use 128 bytes (1024 bits) x 2
1. `openssl rand -out "$out_dir/.$RANDOM" 128`
2. `openssl rand -out "$inner_dir/.$RANDOM" 128`
3. `find "$out_dir" -type f -name ".*" -exec chown $USER:$USER "{}" \;`
4. `find "$out_dir" -type f -name ".*" -exec chmod 600 "{}" \;`
10. writeup in this README
11. usage in this README
12. specification definition
1. Specification.md
13. FileMap.md
14. function: passphrase checkin
1. match
2. pass cracklib-check
3. =>35 chars long
4. pass call to haveibeenpwned.com api
15.
## Changelog
- reduced random data to 2x 10Kb
- reduced random data to 2x 1Kb
- added password strength check with cracklib-check
- cleaned up output
- added housekeeping
- set perms and ownership on archives and keystore to minimum
- shred all erronious files and dirs
- cleaned up code
archives/verifiable_archive_1779558390.7z
BIN
View File
Binary file not shown.
keystore/keystore_1779558390.7z
BIN
View File
Binary file not shown.
out/test_validate_passphrase.sh
+7 -3
View File
@@ -2,9 +2,13 @@
set -e set -e
attrib_hash=$(cat "./attribution-checksum.sha512") attrib_hash=$(cat "./attribution-checksum.sha512")
echo "enter passphrase to test" if [ -z "$1" ]; then
read passphrase echo "enter passphrase to test"
echo read passphrase
echo
else
passphrase="$1"
fi
tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}') tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}')