Compare commits
20 Commits
bdf5794b59
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
| e06274cb26 | |||
| 7a5d10ad45 | |||
| b9ce826c3c | |||
| b5d5b77149 | |||
| 255529e196 | |||
| 34fc3f4f9c | |||
| 584d4e9075 | |||
| 55c6df5273 | |||
| 82426bb3f2 | |||
| 462214de78 | |||
| 2b401d6ed7 | |||
| 946f29c7e2 | |||
| afbe0e5d56 | |||
| 80cd151047 | |||
| 8a4960a6fd | |||
| 55dc3d9933 | |||
| d8a80a9ac0 | |||
| cc26042284 | |||
| 417dc33bce | |||
| f452f450e9 |
+3
-1
@@ -16,6 +16,8 @@ out/content/*
|
||||
*/*.7z
|
||||
*/*.sha512
|
||||
*/*.sha256
|
||||
*/private_*
|
||||
*/.private_*
|
||||
*.attribution_*
|
||||
*/*.sig
|
||||
*/checksums.txt
|
||||
anonymous_signer
|
||||
|
||||
@@ -21,7 +21,7 @@ todo
|
||||
## todo
|
||||
1. x validate attribution thing
|
||||
2. clean up output
|
||||
3. **fix password audit!**
|
||||
3. x **fix password audit!**
|
||||
4. x sanity checks
|
||||
5. this README.md
|
||||
6. x the README-instructions.txt and placedment for archive
|
||||
@@ -77,4 +77,9 @@ todo
|
||||
- checks online with haveibeenpwned.com
|
||||
- bug fixes
|
||||
- random data is now actually optional and is only 128 bytes (1024 bits) and are generated securely
|
||||
- better antiforensics by unsetting vars and cleaning up on exit
|
||||
- better antiforensics by unsetting vars and cleaning up on exit
|
||||
- actually workan password checks
|
||||
- actually workan nice :3 mo stable mo sanity checks mo safety settings and methods
|
||||
|
||||
hii
|
||||
|
||||
|
||||
+1
-1
@@ -1 +1 @@
|
||||
completed archives here
|
||||
completed archives here
|
||||
|
||||
@@ -0,0 +1,69 @@
|
||||
#!/bin/bash
|
||||
|
||||
# file paths
|
||||
sha256_file_path=./checksums.sha256
|
||||
md5_file_path=./checksums.md5
|
||||
error_log=./checksums_error.log
|
||||
|
||||
# text colors
|
||||
RED='\e[31m'
|
||||
GREEN='\e[32m'
|
||||
RESET='\e[0m'
|
||||
|
||||
# set these false at the start to be safe
|
||||
checksha256=false
|
||||
checkmd5=false
|
||||
|
||||
# output errors to error log
|
||||
exec 2> >(tee -a "$error_log" >&2)
|
||||
|
||||
# environment checks
|
||||
## check for presence of $sha256_file_path, fail with general error on error
|
||||
if [ ! -f "$sha256_file_path" ]; then
|
||||
echo -e "\n${RED}FAIL!${RESET} File $sha256_file_path Not Found!\n" >&2
|
||||
exit 1
|
||||
fi
|
||||
## check if $sha256_file_path is writable
|
||||
if [ ! -r "$sha256_file_path" ]; then
|
||||
echo -e "\n${RED}FAIL!${RESET} File $sha256_file_path Exists But Not Readable!\n" >&2
|
||||
exit 1
|
||||
fi
|
||||
## check for presence of $md5_file_path, fail with general error on error
|
||||
if [ ! -f "$md5_file_path" ]; then
|
||||
echo -e "\nFAIL! File $md5_file_path Not Found!\n" >&2
|
||||
exit 1
|
||||
fi
|
||||
## check if $md5_file_path is writable
|
||||
if [ ! -r "$md5_file_path" ]; then
|
||||
echo -e "\n${RED}FAIL!${RESET} File $md5_file_path Exists But Not Readable!\n" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check checksums
|
||||
## check sha256
|
||||
if sha256sum -c "$sha256_file_path" 1>/dev/null; then
|
||||
echo -e "SHA256 Checksums: ${GREEN}OK!${RESET}"
|
||||
checksha256=true
|
||||
else
|
||||
echo -e "\n\nSHA256 Checksums: ${RED}BAD!${RESET}\nDumping SHA256 Checksum Fails:" >&2
|
||||
sha256sum -c "$sha256_file_path" | grep 'FAILED' >&2
|
||||
echo -e "\nSHA256 Checksums: ${RED}BAD!${RESET}\n" >&2
|
||||
fi
|
||||
## check md5
|
||||
if md5sum -c "$md5_file_path" 1>/dev/null; then
|
||||
echo -e "MD5 checksums: ${GREEN}OK!${RESET}"
|
||||
checkmd5=true
|
||||
else
|
||||
echo -e "\n\nFAIL: MD5 Checksums: ${RED}BAD!${RESET}\n\tDumping MD5 Checksum Fails:" >&2
|
||||
md5sum -c "md5_file_path" | grep 'FAILED' >&2
|
||||
echo -e "\nMD5 Checksums: ${RED}BAD!${RESET}\n" >&2
|
||||
fi
|
||||
|
||||
# tally checks
|
||||
if [[ $checksha256 == true && $checkmd5 == true ]]; then
|
||||
echo -e "\nFile Integrity: VERIFIED! All Checksums: ${GREEN}OK!${RESET}\n"
|
||||
exit 0 # exit success
|
||||
else
|
||||
echo -e "\nFile Integrity Check: ${RED}FAILED!${RESET}\n\tSee Above or See $error_log" >&2
|
||||
exit 1 # exit general failure
|
||||
fi
|
||||
@@ -1,13 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
# packages: 7zip, shred, secure-delete, cracklib-runtime, openssl, curl
|
||||
|
||||
set -o errtrace
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
IFS=$'\n\t'
|
||||
|
||||
IFS=$'\n\t'
|
||||
unix_seconds=$(date +%s)
|
||||
key_path="./private_ed25519_${unix_seconds}"
|
||||
key_path=".private_ed25519_${unix_seconds}"
|
||||
attribution_keystore=".attribution_passphrase_${unix_seconds}"
|
||||
signature_tag="file-integrity"
|
||||
out_dir="./out"
|
||||
inner_dir="$out_dir/contents"
|
||||
@@ -55,7 +54,7 @@ run_cmd() {
|
||||
|
||||
reset() {
|
||||
printf 'Autoshredding known artifacts...\n'
|
||||
find . -maxdepth 1 -type f \( -name 'private_*' -o -name 'attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
|
||||
find . -maxdepth 1 -type f \( -name '.private_*' -o -name '.attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
|
||||
checkcode $?
|
||||
|
||||
if compgen -G 'private_*' >/dev/null 2>&1; then
|
||||
@@ -100,7 +99,7 @@ reset() {
|
||||
checkcode $?
|
||||
|
||||
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
|
||||
find "$dir" -type f \( -name 'private_ed25519_*' -o -name 'attribution_passphrase_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
|
||||
find "$dir" -type f \( -name '.private_*' -o -name '.attribution_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
|
||||
find "$dir" -type f -exec chmod 600 '{}' +
|
||||
checkcode $?
|
||||
fi
|
||||
@@ -209,17 +208,11 @@ exit_cleanup() {
|
||||
printf "cleaning up on exit"
|
||||
reset > /dev/null 2>&1
|
||||
checkcode $?
|
||||
|
||||
# todo: uset vars
|
||||
}
|
||||
|
||||
trap error_handle ERR
|
||||
trap exit_cleanup EXIT
|
||||
|
||||
yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU
|
||||
|
||||
audit_passphrase "yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU" "yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU"
|
||||
|
||||
require_dependencies
|
||||
printf 'Setting up environment...\n'
|
||||
reset
|
||||
@@ -229,7 +222,7 @@ read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever yo
|
||||
printf '\n'
|
||||
|
||||
printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
|
||||
ssh-keygen -t ed25519 -f "$key_path" -C 'anonymous' -N '' >/dev/null 2>&1
|
||||
ssh-keygen -t ed25519 -C 'anonymous' -N '' -f "$key_path" >/dev/null 2>&1
|
||||
checkcode $?
|
||||
|
||||
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
|
||||
@@ -245,12 +238,12 @@ read -r random
|
||||
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
|
||||
echo -e "No random data added. ${GREEN}OK!${RESET}\n"
|
||||
else
|
||||
printf 'random: adding 1/2 random blocks of data (128 bytes) to outer archive...\n'
|
||||
openssl rand -out "$out_dir/.$RANDOM" 128 >/dev/null 2>&1
|
||||
printf 'random: adding 1/2 random blocks of data (32 bytes) to outer archive...\n'
|
||||
openssl rand -out "$out_dir/.$RANDOM" >/dev/null 2>&1
|
||||
checkcode $?
|
||||
|
||||
printf 'random: adding 2/2 random blocks of data (128 bytes) to inner archive...\n'
|
||||
openssl rand -out "$inner_dir/.$RANDOM" 128 >/dev/null 2>&1
|
||||
printf 'random: adding 2/2 random blocks of data (32 bytes) to inner archive...\n'
|
||||
openssl rand -out "$inner_dir/.$RANDOM" 32 >/dev/null 2>&1
|
||||
checkcode $?
|
||||
fi
|
||||
|
||||
@@ -285,9 +278,13 @@ read -r -s attribution_passphrase_check
|
||||
printf '\n'
|
||||
|
||||
printf 'Auditing attribution passphrase...\n'
|
||||
ret=$(audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check")
|
||||
ret=`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"`
|
||||
echo "$ret"
|
||||
|
||||
printf 'Saving Attribution Passphrase'
|
||||
echo "$attribution_passphrase" > "$attribution_keystore"
|
||||
checkcode $?
|
||||
|
||||
printf 'Unsetting attribution_passphrase_check...\n'
|
||||
unset attribution_passphrase_check
|
||||
|
||||
@@ -332,7 +329,7 @@ read -r -s keystore_passphrase_check
|
||||
printf '\n'
|
||||
|
||||
printf 'Auditing keystore passphrase...\n'
|
||||
ret="$(audit_passphrase \"$keystore_passphrase\" \"$keystore_passphrase_check\")"
|
||||
ret=`audit_passphrase "$keystore_passphrase" "$keystore_passphrase_check"`
|
||||
echo -e "$ret"
|
||||
|
||||
printf 'Unsetting keystore_passphrase_check...\n'
|
||||
@@ -341,8 +338,8 @@ unset keystore_passphrase_check
|
||||
printf 'Archiving keys...\n'
|
||||
set +u
|
||||
shopt -s nullglob
|
||||
private_files=(private_*)
|
||||
passphrase_files=(attribution_passphrase_*)
|
||||
private_files=(.private_*)
|
||||
passphrase_files=(.attribution_*)
|
||||
shopt -u nullglob
|
||||
set -u
|
||||
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
Tuesday, May 26 2026 at 06:42:27 PM MDT (unix seconds 1779842547)
|
||||
Reference in New Issue
Block a user