workan

create-attributable-archive.sh

@@ -2,9 +2,9 @@
 set -e
 
 unix_seconds=$(date +%s)
-key_path="$PWD/private_ed25519_${unix_seconds}"
+key_path="./private_ed25519_${unix_seconds}"
 signature_tag="file-integrity"
-out_dir="$PWD/out"
+out_dir="./out"
 inner_dir="$out_dir/contents"
 
 mkdir -p "$inner_dir"
@@ -25,30 +25,34 @@ checkcode () {
     fi
 }
 
-printf "ssh-keygen: makin new key "
-ssh-keygen -t ed25519 -f "$key_path" -C "anonymous@local"
+printf "ssh-keygen: makin new key..."
+ssh-keygen -t ed25519 -f "$key_path" -C "anonymous"
 checkcode $?
-printf "ssh-keygen: creating out/anonymous_signer"
-echo "anonymous@local namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
+printf "ssh-keygen: changing ownership on $key_path and $key_path.pub"
+chown $USER:$USER "$key_path" "$key_path.pub"
+printf "ssh-keygen: fixing perms on $key_path and $key_path.pub"
+chmod 600 "$key_path" "$key_path.pub"
+printf "ssh-keygen: creating $out_dir/anonymous_signer..."
+echo "anonymous namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
 checkcode $?
 
 printf "random: adding 1/2 random blocks of data to inner archive"
-dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 status=progress
+dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1
 checkcode $?
 printf "random: adding 2/3 random blocks of data to outer archive"
-dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 status=progress
+dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1
 checkcode $?
 
 printf "7z: compressing inner volume"
-7z a "$out_dir/contents.7z" "$inner_dir"
+7z a "$out_dir/contents.7z" "$inner_dir" > /dev/null 2>&1
 checkcode $?
 
 printf "ssh: signing out/contents.7z"
-ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z"
+ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" # > /dev/null 2>&1
 checkcode $?
 
 printf "sha512: generating sha512 checksums of files in out/ "
-(cd "$out_dir" && sha512sum * | tee checksums.sha512)
+sha512sum "$out_dir/*" >> "$out_dir/checksums.sha512"
 checkcode $?
 
 echo "Enter attribution passphrase:"
@@ -66,16 +70,19 @@ unset attribution_passphrase_check
 {
     printf '%s' "$attribution_passphrase"
     cat "$out_dir/contents.7z"
-} | sha512sum | awk '{print $1}' | tee "$out_dir/attribution.sha512"
+} | sha512sum | awk '{print $1}' > "$out_dir/attribution.sha512"
 
 printf "deleting $inner_dir"
 rm -rf "$inner_dir"
 checkcode $?
 
-printf "sanity checking"
-# todo: test verify shit
+printf "sanity checking: verification"
+bash out/verify-everything.sh
+checkcode $?
+printf "sanity checking: validate attribution passphrase"
+bash out/test_validation_passphrase.sh
 checkcode $?
 
 printf "7z archiving outer dir"
 7z a "./out.7z" "$out_dir"
-checkcode $?
+checkcode $?

out/anonymous_signer

@@ -0,0 +1 @@
+anonymous namespaces="file-integrity" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzxs8Ok9r5JNevCm3KBvy9Iyg3baSw+Gvz1MaC4mZEE anonymous

out/verify-everything.sh

@@ -25,5 +25,5 @@ sha512sum -c checksums.sha512 > /dev/null 2>&1
 checkcode $?
 
 printf "Checking signature against provided public key... "
-ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous@local" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null 2>&1
+ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null > /dev/null > /dev/null 2>&1
 checkcode $?

private_ed25519_1779530180

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCc8bPDpPa+STXrwptygb8vSMoN22ksPhr89TGguJmRBAAAAJCdSK3LnUit
+ywAAAAtzc2gtZWQyNTUxOQAAACCc8bPDpPa+STXrwptygb8vSMoN22ksPhr89TGguJmRBA
+AAAEBtkfZIlhs+mzrEMFvt/pQjtONx7dGDWste5YAjFcUzkJzxs8Ok9r5JNevCm3KBvy9I
+yg3baSw+Gvz1MaC4mZEEAAAACWFub255bW91cwECAwQ=
+-----END OPENSSH PRIVATE KEY-----

private_ed25519_1779530180.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzxs8Ok9r5JNevCm3KBvy9Iyg3baSw+Gvz1MaC4mZEE anonymous