Compare commits
20 Commits
bdf5794b59
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
| e06274cb26 | |||
| 7a5d10ad45 | |||
| b9ce826c3c | |||
| b5d5b77149 | |||
| 255529e196 | |||
| 34fc3f4f9c | |||
| 584d4e9075 | |||
| 55c6df5273 | |||
| 82426bb3f2 | |||
| 462214de78 | |||
| 2b401d6ed7 | |||
| 946f29c7e2 | |||
| afbe0e5d56 | |||
| 80cd151047 | |||
| 8a4960a6fd | |||
| 55dc3d9933 | |||
| d8a80a9ac0 | |||
| cc26042284 | |||
| 417dc33bce | |||
| f452f450e9 |
+3
-1
@@ -16,6 +16,8 @@ out/content/*
|
|||||||
*/*.7z
|
*/*.7z
|
||||||
*/*.sha512
|
*/*.sha512
|
||||||
*/*.sha256
|
*/*.sha256
|
||||||
*/private_*
|
*/.private_*
|
||||||
|
*.attribution_*
|
||||||
*/*.sig
|
*/*.sig
|
||||||
|
*/checksums.txt
|
||||||
anonymous_signer
|
anonymous_signer
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ todo
|
|||||||
## todo
|
## todo
|
||||||
1. x validate attribution thing
|
1. x validate attribution thing
|
||||||
2. clean up output
|
2. clean up output
|
||||||
3. **fix password audit!**
|
3. x **fix password audit!**
|
||||||
4. x sanity checks
|
4. x sanity checks
|
||||||
5. this README.md
|
5. this README.md
|
||||||
6. x the README-instructions.txt and placedment for archive
|
6. x the README-instructions.txt and placedment for archive
|
||||||
@@ -77,4 +77,9 @@ todo
|
|||||||
- checks online with haveibeenpwned.com
|
- checks online with haveibeenpwned.com
|
||||||
- bug fixes
|
- bug fixes
|
||||||
- random data is now actually optional and is only 128 bytes (1024 bits) and are generated securely
|
- random data is now actually optional and is only 128 bytes (1024 bits) and are generated securely
|
||||||
- better antiforensics by unsetting vars and cleaning up on exit
|
- better antiforensics by unsetting vars and cleaning up on exit
|
||||||
|
- actually workan password checks
|
||||||
|
- actually workan nice :3 mo stable mo sanity checks mo safety settings and methods
|
||||||
|
|
||||||
|
hii
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -1 +1 @@
|
|||||||
completed archives here
|
completed archives here
|
||||||
|
|||||||
@@ -0,0 +1,69 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# file paths
|
||||||
|
sha256_file_path=./checksums.sha256
|
||||||
|
md5_file_path=./checksums.md5
|
||||||
|
error_log=./checksums_error.log
|
||||||
|
|
||||||
|
# text colors
|
||||||
|
RED='\e[31m'
|
||||||
|
GREEN='\e[32m'
|
||||||
|
RESET='\e[0m'
|
||||||
|
|
||||||
|
# set these false at the start to be safe
|
||||||
|
checksha256=false
|
||||||
|
checkmd5=false
|
||||||
|
|
||||||
|
# output errors to error log
|
||||||
|
exec 2> >(tee -a "$error_log" >&2)
|
||||||
|
|
||||||
|
# environment checks
|
||||||
|
## check for presence of $sha256_file_path, fail with general error on error
|
||||||
|
if [ ! -f "$sha256_file_path" ]; then
|
||||||
|
echo -e "\n${RED}FAIL!${RESET} File $sha256_file_path Not Found!\n" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
## check if $sha256_file_path is writable
|
||||||
|
if [ ! -r "$sha256_file_path" ]; then
|
||||||
|
echo -e "\n${RED}FAIL!${RESET} File $sha256_file_path Exists But Not Readable!\n" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
## check for presence of $md5_file_path, fail with general error on error
|
||||||
|
if [ ! -f "$md5_file_path" ]; then
|
||||||
|
echo -e "\nFAIL! File $md5_file_path Not Found!\n" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
## check if $md5_file_path is writable
|
||||||
|
if [ ! -r "$md5_file_path" ]; then
|
||||||
|
echo -e "\n${RED}FAIL!${RESET} File $md5_file_path Exists But Not Readable!\n" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# check checksums
|
||||||
|
## check sha256
|
||||||
|
if sha256sum -c "$sha256_file_path" 1>/dev/null; then
|
||||||
|
echo -e "SHA256 Checksums: ${GREEN}OK!${RESET}"
|
||||||
|
checksha256=true
|
||||||
|
else
|
||||||
|
echo -e "\n\nSHA256 Checksums: ${RED}BAD!${RESET}\nDumping SHA256 Checksum Fails:" >&2
|
||||||
|
sha256sum -c "$sha256_file_path" | grep 'FAILED' >&2
|
||||||
|
echo -e "\nSHA256 Checksums: ${RED}BAD!${RESET}\n" >&2
|
||||||
|
fi
|
||||||
|
## check md5
|
||||||
|
if md5sum -c "$md5_file_path" 1>/dev/null; then
|
||||||
|
echo -e "MD5 checksums: ${GREEN}OK!${RESET}"
|
||||||
|
checkmd5=true
|
||||||
|
else
|
||||||
|
echo -e "\n\nFAIL: MD5 Checksums: ${RED}BAD!${RESET}\n\tDumping MD5 Checksum Fails:" >&2
|
||||||
|
md5sum -c "md5_file_path" | grep 'FAILED' >&2
|
||||||
|
echo -e "\nMD5 Checksums: ${RED}BAD!${RESET}\n" >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# tally checks
|
||||||
|
if [[ $checksha256 == true && $checkmd5 == true ]]; then
|
||||||
|
echo -e "\nFile Integrity: VERIFIED! All Checksums: ${GREEN}OK!${RESET}\n"
|
||||||
|
exit 0 # exit success
|
||||||
|
else
|
||||||
|
echo -e "\nFile Integrity Check: ${RED}FAILED!${RESET}\n\tSee Above or See $error_log" >&2
|
||||||
|
exit 1 # exit general failure
|
||||||
|
fi
|
||||||
@@ -1,13 +1,12 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# packages: 7zip, shred, secure-delete, cracklib-runtime, openssl, curl
|
|
||||||
|
|
||||||
set -o errtrace
|
set -o errtrace
|
||||||
set -o nounset
|
set -o nounset
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
IFS=$'\n\t'
|
|
||||||
|
|
||||||
|
IFS=$'\n\t'
|
||||||
unix_seconds=$(date +%s)
|
unix_seconds=$(date +%s)
|
||||||
key_path="./private_ed25519_${unix_seconds}"
|
key_path=".private_ed25519_${unix_seconds}"
|
||||||
|
attribution_keystore=".attribution_passphrase_${unix_seconds}"
|
||||||
signature_tag="file-integrity"
|
signature_tag="file-integrity"
|
||||||
out_dir="./out"
|
out_dir="./out"
|
||||||
inner_dir="$out_dir/contents"
|
inner_dir="$out_dir/contents"
|
||||||
@@ -55,7 +54,7 @@ run_cmd() {
|
|||||||
|
|
||||||
reset() {
|
reset() {
|
||||||
printf 'Autoshredding known artifacts...\n'
|
printf 'Autoshredding known artifacts...\n'
|
||||||
find . -maxdepth 1 -type f \( -name 'private_*' -o -name 'attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
|
find . -maxdepth 1 -type f \( -name '.private_*' -o -name '.attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
if compgen -G 'private_*' >/dev/null 2>&1; then
|
if compgen -G 'private_*' >/dev/null 2>&1; then
|
||||||
@@ -100,7 +99,7 @@ reset() {
|
|||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
|
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
|
||||||
find "$dir" -type f \( -name 'private_ed25519_*' -o -name 'attribution_passphrase_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
|
find "$dir" -type f \( -name '.private_*' -o -name '.attribution_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
|
||||||
find "$dir" -type f -exec chmod 600 '{}' +
|
find "$dir" -type f -exec chmod 600 '{}' +
|
||||||
checkcode $?
|
checkcode $?
|
||||||
fi
|
fi
|
||||||
@@ -209,17 +208,11 @@ exit_cleanup() {
|
|||||||
printf "cleaning up on exit"
|
printf "cleaning up on exit"
|
||||||
reset > /dev/null 2>&1
|
reset > /dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
# todo: uset vars
|
|
||||||
}
|
}
|
||||||
|
|
||||||
trap error_handle ERR
|
trap error_handle ERR
|
||||||
trap exit_cleanup EXIT
|
trap exit_cleanup EXIT
|
||||||
|
|
||||||
yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU
|
|
||||||
|
|
||||||
audit_passphrase "yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU" "yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU"
|
|
||||||
|
|
||||||
require_dependencies
|
require_dependencies
|
||||||
printf 'Setting up environment...\n'
|
printf 'Setting up environment...\n'
|
||||||
reset
|
reset
|
||||||
@@ -229,7 +222,7 @@ read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever yo
|
|||||||
printf '\n'
|
printf '\n'
|
||||||
|
|
||||||
printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
|
printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
|
||||||
ssh-keygen -t ed25519 -f "$key_path" -C 'anonymous' -N '' >/dev/null 2>&1
|
ssh-keygen -t ed25519 -C 'anonymous' -N '' -f "$key_path" >/dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
|
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
|
||||||
@@ -245,12 +238,12 @@ read -r random
|
|||||||
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
|
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
|
||||||
echo -e "No random data added. ${GREEN}OK!${RESET}\n"
|
echo -e "No random data added. ${GREEN}OK!${RESET}\n"
|
||||||
else
|
else
|
||||||
printf 'random: adding 1/2 random blocks of data (128 bytes) to outer archive...\n'
|
printf 'random: adding 1/2 random blocks of data (32 bytes) to outer archive...\n'
|
||||||
openssl rand -out "$out_dir/.$RANDOM" 128 >/dev/null 2>&1
|
openssl rand -out "$out_dir/.$RANDOM" >/dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
printf 'random: adding 2/2 random blocks of data (128 bytes) to inner archive...\n'
|
printf 'random: adding 2/2 random blocks of data (32 bytes) to inner archive...\n'
|
||||||
openssl rand -out "$inner_dir/.$RANDOM" 128 >/dev/null 2>&1
|
openssl rand -out "$inner_dir/.$RANDOM" 32 >/dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -285,9 +278,13 @@ read -r -s attribution_passphrase_check
|
|||||||
printf '\n'
|
printf '\n'
|
||||||
|
|
||||||
printf 'Auditing attribution passphrase...\n'
|
printf 'Auditing attribution passphrase...\n'
|
||||||
ret=$(audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check")
|
ret=`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"`
|
||||||
echo "$ret"
|
echo "$ret"
|
||||||
|
|
||||||
|
printf 'Saving Attribution Passphrase'
|
||||||
|
echo "$attribution_passphrase" > "$attribution_keystore"
|
||||||
|
checkcode $?
|
||||||
|
|
||||||
printf 'Unsetting attribution_passphrase_check...\n'
|
printf 'Unsetting attribution_passphrase_check...\n'
|
||||||
unset attribution_passphrase_check
|
unset attribution_passphrase_check
|
||||||
|
|
||||||
@@ -332,7 +329,7 @@ read -r -s keystore_passphrase_check
|
|||||||
printf '\n'
|
printf '\n'
|
||||||
|
|
||||||
printf 'Auditing keystore passphrase...\n'
|
printf 'Auditing keystore passphrase...\n'
|
||||||
ret="$(audit_passphrase \"$keystore_passphrase\" \"$keystore_passphrase_check\")"
|
ret=`audit_passphrase "$keystore_passphrase" "$keystore_passphrase_check"`
|
||||||
echo -e "$ret"
|
echo -e "$ret"
|
||||||
|
|
||||||
printf 'Unsetting keystore_passphrase_check...\n'
|
printf 'Unsetting keystore_passphrase_check...\n'
|
||||||
@@ -341,8 +338,8 @@ unset keystore_passphrase_check
|
|||||||
printf 'Archiving keys...\n'
|
printf 'Archiving keys...\n'
|
||||||
set +u
|
set +u
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
private_files=(private_*)
|
private_files=(.private_*)
|
||||||
passphrase_files=(attribution_passphrase_*)
|
passphrase_files=(.attribution_*)
|
||||||
shopt -u nullglob
|
shopt -u nullglob
|
||||||
set -u
|
set -u
|
||||||
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then
|
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
Tuesday, May 26 2026 at 06:42:27 PM MDT (unix seconds 1779842547)
|
||||||
Reference in New Issue
Block a user