PrincessPi/Encrypt-Share-Attribution
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

workan

Browse Source
This commit is contained in:
Princess Pi
2026-05-23 03:56:49 -06:00
parent 888d96de8f
commit e2a3f08b51
9 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
create-attributable-archive.sh
+21 -14
View File
@@ -2,9 +2,9 @@
set -e set -e
unix_seconds=$(date +%s) unix_seconds=$(date +%s)
key_path="$PWD/private_ed25519_${unix_seconds}" key_path="./private_ed25519_${unix_seconds}"
signature_tag="file-integrity" signature_tag="file-integrity"
out_dir="$PWD/out" out_dir="./out"
inner_dir="$out_dir/contents" inner_dir="$out_dir/contents"
mkdir -p "$inner_dir" mkdir -p "$inner_dir"
@@ -25,30 +25,34 @@ checkcode () {
fi fi
} }
printf "ssh-keygen: makin new key " printf "ssh-keygen: makin new key..."
ssh-keygen -t ed25519 -f "$key_path" -C "anonymous@local" ssh-keygen -t ed25519 -f "$key_path" -C "anonymous"
checkcode $? checkcode $?
printf "ssh-keygen: creating out/anonymous_signer" printf "ssh-keygen: changing ownership on $key_path and $key_path.pub"
echo "anonymous@local namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer" chown $USER:$USER "$key_path" "$key_path.pub"
printf "ssh-keygen: fixing perms on $key_path and $key_path.pub"
chmod 600 "$key_path" "$key_path.pub"
printf "ssh-keygen: creating $out_dir/anonymous_signer..."
echo "anonymous namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
checkcode $? checkcode $?
printf "random: adding 1/2 random blocks of data to inner archive" printf "random: adding 1/2 random blocks of data to inner archive"
dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 status=progress dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1
checkcode $? checkcode $?
printf "random: adding 2/3 random blocks of data to outer archive" printf "random: adding 2/3 random blocks of data to outer archive"
dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 status=progress dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1
checkcode $? checkcode $?
printf "7z: compressing inner volume" printf "7z: compressing inner volume"
7z a "$out_dir/contents.7z" "$inner_dir" 7z a "$out_dir/contents.7z" "$inner_dir" > /dev/null 2>&1
checkcode $? checkcode $?
printf "ssh: signing out/contents.7z" printf "ssh: signing out/contents.7z"
ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" # > /dev/null 2>&1
checkcode $? checkcode $?
printf "sha512: generating sha512 checksums of files in out/ " printf "sha512: generating sha512 checksums of files in out/ "
(cd "$out_dir" && sha512sum * | tee checksums.sha512) sha512sum "$out_dir/*" >> "$out_dir/checksums.sha512"
checkcode $? checkcode $?
echo "Enter attribution passphrase:" echo "Enter attribution passphrase:"
@@ -66,14 +70,17 @@ unset attribution_passphrase_check
{ {
printf '%s' "$attribution_passphrase" printf '%s' "$attribution_passphrase"
cat "$out_dir/contents.7z" cat "$out_dir/contents.7z"
} | sha512sum | awk '{print $1}' | tee "$out_dir/attribution.sha512" } | sha512sum | awk '{print $1}' > "$out_dir/attribution.sha512"
printf "deleting $inner_dir" printf "deleting $inner_dir"
rm -rf "$inner_dir" rm -rf "$inner_dir"
checkcode $? checkcode $?
printf "sanity checking" printf "sanity checking: verification"
# todo: test verify shit bash out/verify-everything.sh
checkcode $?
printf "sanity checking: validate attribution passphrase"
bash out/test_validation_passphrase.sh
checkcode $? checkcode $?
printf "7z archiving outer dir" printf "7z archiving outer dir"
out/.12094
BIN
View File
Binary file not shown.
out/.16403
View File
out/anonymous_signer
+1
View File
@@ -0,0 +1 @@
anonymous namespaces="file-integrity" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzxs8Ok9r5JNevCm3KBvy9Iyg3baSw+Gvz1MaC4mZEE anonymous
out/contents.7z
BIN
View File
Binary file not shown.
out/contents/.19601
BIN
View File
Binary file not shown.
out/verify-everything.sh
+1 -1
View File
@@ -25,5 +25,5 @@ sha512sum -c checksums.sha512 > /dev/null 2>&1
checkcode $? checkcode $?
printf "Checking signature against provided public key... " printf "Checking signature against provided public key... "
ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous@local" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null 2>&1 ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null > /dev/null > /dev/null 2>&1
checkcode $? checkcode $?
private_ed25519_1779530180
+7
View File
@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCc8bPDpPa+STXrwptygb8vSMoN22ksPhr89TGguJmRBAAAAJCdSK3LnUit
ywAAAAtzc2gtZWQyNTUxOQAAACCc8bPDpPa+STXrwptygb8vSMoN22ksPhr89TGguJmRBA
AAAEBtkfZIlhs+mzrEMFvt/pQjtONx7dGDWste5YAjFcUzkJzxs8Ok9r5JNevCm3KBvy9I
yg3baSw+Gvz1MaC4mZEEAAAACWFub255bW91cwECAwQ=
-----END OPENSSH PRIVATE KEY-----
private_ed25519_1779530180.pub
+1
View File
@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzxs8Ok9r5JNevCm3KBvy9Iyg3baSw+Gvz1MaC4mZEE anonymous