Compare commits

..

115 Commits

Author SHA1 Message Date
PrincessPi 462214de78 migration 2026-05-26 20:50:31 -06:00
PrincessPi 2b401d6ed7 migration 2026-05-26 20:41:44 -06:00
PrincessPi 946f29c7e2 v1.2 2026-05-23 14:58:59 -06:00
PrincessPi afbe0e5d56 v1.2 2026-05-23 14:58:48 -06:00
PrincessPi 80cd151047 meatballs i wanted meatballs god damn it 2026-05-23 14:53:42 -06:00
PrincessPi 8a4960a6fd meatballs i wanted meatballs god damn it 2026-05-23 14:51:51 -06:00
PrincessPi 55dc3d9933 meatballs i wanted meatballs god damn it 2026-05-23 14:51:25 -06:00
PrincessPi d8a80a9ac0 meatballs i wanted meatballs god damn it 2026-05-23 14:40:28 -06:00
PrincessPi cc26042284 meatballs i wanted meatballs god damn it 2026-05-23 14:38:45 -06:00
PrincessPi 417dc33bce meatballs i wanted meatballs god damn it 2026-05-23 14:37:04 -06:00
PrincessPi f452f450e9 hhh 2026-05-23 14:36:10 -06:00
PrincessPi bdf5794b59 meatballs i wanted meatballs god damn it 2026-05-23 14:35:56 -06:00
PrincessPi c50aa04517 meatballs i wanted meatballs god damn it 2026-05-23 14:34:16 -06:00
PrincessPi af06164cd3 meatballs i wanted meatballs god damn it 2026-05-23 14:26:53 -06:00
PrincessPi 78de4d315b meatballs i wanted meatballs god damn it 2026-05-23 14:23:04 -06:00
PrincessPi c99e75e4ab meatballs i wanted meatballs god damn it 2026-05-23 14:20:23 -06:00
PrincessPi 2bc28a462d hhh 2026-05-23 14:11:54 -06:00
PrincessPi c5b9309880 meatballs i wanted meatballs god damn it 2026-05-23 13:59:47 -06:00
PrincessPi c3486904f8 meatballs i wanted meatballs god damn it 2026-05-23 13:59:14 -06:00
PrincessPi eb484b7c98 meatballs i wanted meatballs god damn it 2026-05-23 13:57:08 -06:00
PrincessPi 07398c73f6 meatballs i wanted meatballs god damn it 2026-05-23 13:56:05 -06:00
PrincessPi 6512dbd0e9 meatballs i wanted meatballs god damn it 2026-05-23 13:54:17 -06:00
PrincessPi 56380beb68 meatballs i wanted meatballs god damn it 2026-05-23 13:52:49 -06:00
PrincessPi c50dfc6785 meatballs i wanted meatballs god damn it 2026-05-23 13:44:17 -06:00
PrincessPi 79b922435a meatballs i wanted meatballs god damn it 2026-05-23 13:43:44 -06:00
PrincessPi b89b06eebe meatballs i wanted meatballs god damn it 2026-05-23 13:42:51 -06:00
PrincessPi ee5be2d9eb meatballs i wanted meatballs god damn it 2026-05-23 13:42:10 -06:00
PrincessPi af8c18f19c meatballs i wanted meatballs god damn it 2026-05-23 13:35:19 -06:00
PrincessPi a748c72a96 meatballs i wanted meatballs god damn it 2026-05-23 13:33:57 -06:00
PrincessPi ba89a8423d meatballs i wanted meatballs god damn it 2026-05-23 13:33:16 -06:00
PrincessPi 4ce18be210 meatballs i wanted meatballs god damn it 2026-05-23 13:25:01 -06:00
PrincessPi eebdba57ec idk im tired 2026-05-23 13:02:50 -06:00
PrincessPi 21fd38a34e v1.1 2026-05-23 12:09:54 -06:00
PrincessPi 192e3ef2f7 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 12:08:19 -06:00
PrincessPi 6a58e3a3e6 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 12:06:45 -06:00
PrincessPi c5bc56f136 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 12:03:49 -06:00
PrincessPi d342908563 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:58:48 -06:00
PrincessPi a71bff6a6c this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:56:10 -06:00
PrincessPi 96ffe5e70a this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:54:02 -06:00
PrincessPi ce90c2f6fd this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:52:10 -06:00
PrincessPi ed0079c399 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:49:13 -06:00
PrincessPi 74aaad2dd0 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:48:53 -06:00
PrincessPi 91e40493b4 no bs shit 2026-05-23 11:47:33 -06:00
PrincessPi d8f126a128 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:46:19 -06:00
PrincessPi 26ca778dd1 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:44:19 -06:00
PrincessPi 6b71b15408 this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:40:03 -06:00
PrincessPi bc20acec0f this is my life now. infinite frustration cast upon me by an evil curse \ 2026-05-23 11:35:05 -06:00
PrincessPi 568ee014d4 this is my life now. infinite frustration cast upon me by an evil curse 2026-05-23 11:33:43 -06:00
PrincessPi 738a794d89 sum silly shitty 2026-05-23 11:24:11 -06:00
PrincessPi 55822d0bcb sum silly shitty 2026-05-23 11:02:51 -06:00
PrincessPi a45bd78978 sum silly shitty 2026-05-23 10:52:04 -06:00
PrincessPi 67ddff8c64 release v1 2026-05-23 09:59:28 -06:00
PrincessPi c85b8547b6 releas?v 2026-05-23 09:56:21 -06:00
PrincessPi 7f466a6256 releas?v 2026-05-23 09:46:51 -06:00
PrincessPi b8727e8ed4 releas? 2026-05-23 09:43:49 -06:00
PrincessPi 2c6f0d7288 releas? 2026-05-23 09:42:39 -06:00
PrincessPi 2e3527394e releas? 2026-05-23 09:40:39 -06:00
PrincessPi 76c92fa47a releas? 2026-05-23 09:36:50 -06:00
PrincessPi b0292f6726 releas? 2026-05-23 09:32:02 -06:00
PrincessPi 1467b0aebe sum updoots 2026-05-23 09:26:10 -06:00
PrincessPi 422c7911e6 sum updoots 2026-05-23 09:13:52 -06:00
PrincessPi da708b4e2b sum updoots 2026-05-23 09:11:08 -06:00
PrincessPi 88a8ec4b6f sum updoots 2026-05-23 09:10:30 -06:00
PrincessPi 555cc9c142 sum updoots 2026-05-23 08:16:27 -06:00
PrincessPi eba068f3c9 sum updoots 2026-05-23 08:13:40 -06:00
PrincessPi e22c171c8e sum updoots 2026-05-23 08:11:31 -06:00
PrincessPi b95fa219f7 sum updoots 2026-05-23 08:10:20 -06:00
PrincessPi b245a9778f sum updoots 2026-05-23 08:03:23 -06:00
PrincessPi 2c0df8f79b sum updoots 2026-05-23 07:59:51 -06:00
PrincessPi abc62c5969 sum updoots 2026-05-23 07:53:53 -06:00
PrincessPi 5032070b5d sum updoots 2026-05-23 07:52:07 -06:00
PrincessPi 5a8280215f sum updoots 2026-05-23 07:49:56 -06:00
PrincessPi 042944e416 sum updoots 2026-05-23 07:48:28 -06:00
PrincessPi fa658fa4fb sum updoots 2026-05-23 07:46:40 -06:00
PrincessPi fd740e66f0 sum updoots 2026-05-23 07:46:12 -06:00
PrincessPi 787bc95c68 sum updoots 2026-05-23 07:41:03 -06:00
PrincessPi e1efae469d sum updoots 2026-05-23 07:38:39 -06:00
PrincessPi 907cad81f7 sum updoots 2026-05-23 07:35:58 -06:00
PrincessPi 7d674f135b sum updoots 2026-05-23 07:33:44 -06:00
PrincessPi 7c9e0b61fa sum updoots 2026-05-23 07:29:53 -06:00
PrincessPi 8e3acf1f70 sum updoots 2026-05-23 07:28:33 -06:00
PrincessPi 190d93d12a puttin dis minimum viable product out there to loaf for a bit 2026-05-23 07:09:22 -06:00
PrincessPi 16061f529b puttin dis minimum viable product out there to loaf for a bit 2026-05-23 07:08:14 -06:00
PrincessPi 576cf0b5bd puttin dis minimum viable product out there to loaf for a bit 2026-05-23 07:07:50 -06:00
PrincessPi 6fc8ffd687 puttin dis minimum viable product out there to loaf for a bit 2026-05-23 07:07:11 -06:00
PrincessPi 6154cebbd0 1779541539 2026-05-23 07:05:38 -06:00
PrincessPi c6394c9d45 1779540953 2026-05-23 06:55:53 -06:00
PrincessPi eb7fb0d434 1779539967 2026-05-23 06:39:26 -06:00
PrincessPi 6c943fb07b 1779539945 2026-05-23 06:39:05 -06:00
PrincessPi 12046b6d02 1779539559 2026-05-23 06:32:38 -06:00
PrincessPi 06d688d802 workan mostly mvp 2026-05-23 06:21:55 -06:00
PrincessPi 7977df0755 cleanup 2026-05-23 06:17:02 -06:00
PrincessPi bd1e5ab648 cleanup 2026-05-23 06:14:31 -06:00
PrincessPi c5e2068c32 cleanup 2026-05-23 06:01:27 -06:00
PrincessPi 0941aec939 cleanup 2026-05-23 05:56:19 -06:00
PrincessPi 2ea5be068a cleanup 2026-05-23 05:53:59 -06:00
PrincessPi 1605ae2141 cleanup 2026-05-23 05:52:21 -06:00
PrincessPi e726465701 cleanup 2026-05-23 05:51:26 -06:00
PrincessPi 6356b9d6ac cleanup 2026-05-23 05:46:02 -06:00
PrincessPi 4ed43dab2d stale runtime refactor updated 2026-05-23 05:32:55 -06:00
PrincessPi 2199ad63c6 hmmm 2026-05-23 05:32:15 -06:00
PrincessPi 4b2d5c8eb8 cleanup 2026-05-23 05:30:55 -06:00
PrincessPi a1f18b566e normalization 2026-05-23 05:28:27 -06:00
PrincessPi a435b9503d cleanup 2026-05-23 05:24:59 -06:00
PrincessPi 1799b523bc cleanup 2026-05-23 05:23:13 -06:00
PrincessPi 900ac72ed8 cleanup 2026-05-23 05:22:02 -06:00
PrincessPi 43f840140c workan 2026-05-23 05:15:29 -06:00
PrincessPi c081716207 workan 2026-05-23 05:09:58 -06:00
PrincessPi ed494e9a08 workan 2026-05-23 05:04:22 -06:00
PrincessPi 8e9b1832c6 workan 2026-05-23 05:00:31 -06:00
PrincessPi eaa54dec22 workan 2026-05-23 04:57:42 -06:00
PrincessPi a765531e2e workan 2026-05-23 04:56:55 -06:00
PrincessPi 38aff02921 moar progress 2026-05-23 04:07:21 -06:00
PrincessPi e2a3f08b51 workan 2026-05-23 03:56:49 -06:00
PrincessPi 888d96de8f initial commit via gitinitshit 2026-05-23 03:36:56 -06:00
23 changed files with 736 additions and 59 deletions
+21 -2
View File
@@ -1,2 +1,21 @@
*/secrets_*
*/parsed_*
# dirs
## archives dir
archives/*
!archives/README.md
## keystore dir
keystore/*
!keystore/README.md
## out dir
out/*
!out/README.md
## out/content dir
out/content/*
!out/content/README.md
# files
*/*.7z
*/*.sha512
*/*.sha256
*/private_*
*/*.sig
anonymous_signer
+1
View File
@@ -0,0 +1 @@
# File Map
+13
View File
@@ -0,0 +1,13 @@
# Verifiably, Attributably Secure Archives
verifuably, durably, and attributing information as anonymously as desired
## Scripts (Linux Only)
- [verify-everything.sh](./verify-everything.sh) verifies the integrity of the data
- [test_validate_passphrase.sh](./test_validate_passphrase.sh)
## Files
- README.md : this file
- checksums.sha512 : sha512 checksums of all the files in the outer archive (here)
- attribution-checksum.sha512 : sha512 checksum of a passphrase+contents.7z to test for attribution by passphrase
- anonymous_signer : holds ed25519 public key and name (anonymous)
- contents.7z.sig : ed25519 signature file of contents.7z
+85 -6
View File
@@ -1,6 +1,85 @@
# fuck_git_downloader
downloads all of a github users public repos, scans them for secrets, then parses into something you can use.
this is barely even a script and yet its so hysterically effective that id be remiss not to post it. here be dragons and all idk
![i'm your biggest fan i'll folliow you until you love me, papa, paparazi](./rarity-webcore.jpeg)
# Verifiably, Attributably Secure Archives
For when you need to distribute information anonymously, but wish to keep it provably full and intact, but _also_ wish to have options to prove attribution.
## Writeup
### Purpose
todo
### Method
todo
### Issues
- two-way deanonymization is assumed when either method to attribute is used
- when sha512 method is used, originator is assumed to be the owner of the ed25519 key and vice versa
- any reveal of either signed note or sha512 attribution passphrase, the other is assumed to belong to the same entity
- opsec failures can result in two-way deanonymization
## Usage
### Installation
todo
### Usage
todo
## todo
1. x validate attribution thing
2. clean up output
3. x **fix password audit!**
4. x sanity checks
5. this README.md
6. x the README-instructions.txt and placedment for archive
7. x passphrase strength/length checks
8. sha256 mode with independant passphrase(?)
9. encrypt archive option
1. inner
1. goes first
2. gets passphrase
3. tests passphrase
4. generates txt file backup
5. then tests with passphrase
2. outer
1. goes second
2. gets passphrase
3. tests passphrase
4. generates txt file backup
5. then tests with passphrase
10. x random data optional
1. x `read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever you please then press any key to continue..."`
2. x now only takes up 2Kb!
3. x only use 128 bytes (1024 bits) x 2
1. x `openssl rand -out "$out_dir/.$RANDOM" 128`
2. x `openssl rand -out "$inner_dir/.$RANDOM" 128`
3. x `find "$out_dir" -type f -name ".*" -exec chown $USER:$USER "{}" \;`
4. x `find "$out_dir" -type f -name ".*" -exec chmod 600 "{}" \;`
11. writeup in this README
12. usage in this README
13. specification definition
1. Specification.md
14. FileMap.md
15. x function: passphrase checkin
1. x match
2. x pass cracklib-check
3. x =>35 chars long
4. x pass call to haveibeenpwned.com api
16. x exit trap with cleanup
## Changelog
- reduced random data to 2x 10Kb
- reduced random data to 2x 1Kb
- added password strength check with cracklib-check
- cleaned up output
- added housekeeping
- set perms and ownership on archives and keystore to minimum
- shred all erronious files and dirs
- cleaned up code
- better rng
- better passphrase check
- checks for exact match
- minimum of 35 chars
- checks with cracklib-check
- checks online with haveibeenpwned.com
- bug fixes
- random data is now actually optional and is only 128 bytes (1024 bits) and are generated securely
- better antiforensics by unsetting vars and cleaning up on exit
- actually workan password checks
- actually workan nice :3 mo stable mo sanity checks mo safety settings and methods
hii
+1
View File
@@ -0,0 +1 @@
# Specification (WIP)
+1
View File
@@ -0,0 +1 @@
completed archives here
+69
View File
@@ -0,0 +1,69 @@
#!/bin/bash
# file paths
sha256_file_path=./checksums.sha256
md5_file_path=./checksums.md5
error_log=./checksums_error.log
# text colors
RED='\e[31m'
GREEN='\e[32m'
RESET='\e[0m'
# set these false at the start to be safe
checksha256=false
checkmd5=false
# output errors to error log
exec 2> >(tee -a "$error_log" >&2)
# environment checks
## check for presence of $sha256_file_path, fail with general error on error
if [ ! -f "$sha256_file_path" ]; then
echo -e "\n${RED}FAIL!${RESET} File $sha256_file_path Not Found!\n" >&2
exit 1
fi
## check if $sha256_file_path is writable
if [ ! -r "$sha256_file_path" ]; then
echo -e "\n${RED}FAIL!${RESET} File $sha256_file_path Exists But Not Readable!\n" >&2
exit 1
fi
## check for presence of $md5_file_path, fail with general error on error
if [ ! -f "$md5_file_path" ]; then
echo -e "\nFAIL! File $md5_file_path Not Found!\n" >&2
exit 1
fi
## check if $md5_file_path is writable
if [ ! -r "$md5_file_path" ]; then
echo -e "\n${RED}FAIL!${RESET} File $md5_file_path Exists But Not Readable!\n" >&2
exit 1
fi
# check checksums
## check sha256
if sha256sum -c "$sha256_file_path" 1>/dev/null; then
echo -e "SHA256 Checksums: ${GREEN}OK!${RESET}"
checksha256=true
else
echo -e "\n\nSHA256 Checksums: ${RED}BAD!${RESET}\nDumping SHA256 Checksum Fails:" >&2
sha256sum -c "$sha256_file_path" | grep 'FAILED' >&2
echo -e "\nSHA256 Checksums: ${RED}BAD!${RESET}\n" >&2
fi
## check md5
if md5sum -c "$md5_file_path" 1>/dev/null; then
echo -e "MD5 checksums: ${GREEN}OK!${RESET}"
checkmd5=true
else
echo -e "\n\nFAIL: MD5 Checksums: ${RED}BAD!${RESET}\n\tDumping MD5 Checksum Fails:" >&2
md5sum -c "md5_file_path" | grep 'FAILED' >&2
echo -e "\nMD5 Checksums: ${RED}BAD!${RESET}\n" >&2
fi
# tally checks
if [[ $checksha256 == true && $checkmd5 == true ]]; then
echo -e "\nFile Integrity: VERIFIED! All Checksums: ${GREEN}OK!${RESET}\n"
exit 0 # exit success
else
echo -e "\nFile Integrity Check: ${RED}FAILED!${RESET}\n\tSee Above or See $error_log" >&2
exit 1 # exit general failure
fi
+16
View File
@@ -0,0 +1,16 @@
e1351c891f5d836961f9a5bf8272b12e ./.gitignore
b73f788fe14ae5b781d81eb94e960de0 ./archives/README.md
11e5d6a30bfd73314e40a34b8189e647 ./checksums_generate_recursive.sh
b381bf88afe4262ad8185dd64a0d842d ./create-attributable-archive.sh
7bb49a9ca83d3eaec2ff3a16e3e35981 ./datetimestamp.txt
0a007706580563c1d3f31b37b28be8bc ./FileMap.md
c7a749b080c6dd2324568f0bd5c0f17f ./keystore/README.md
dd2587cac4bdd1b2231e7805eb48df90 ./out/contents/README.md
298db900c3611a0f6794ee30eacbf23d ./out/README.md
973323f463d79c6870a8448c62c83a81 ./out/test_validate_passphrase.sh
a4bc6a7243371e94b7d831433cb43afa ./out/verify-everything.sh
ba1192e212e20c3c1b3306a4faef6b8a ./README-instructions.txt
bc6cd9956d0fa7fe8c8d242e02330531 ./README.md
43f978564c0309905204c2e3d41920c4 ./Specification.md
973323f463d79c6870a8448c62c83a81 ./test_validate_passphrase.txt
a4bc6a7243371e94b7d831433cb43afa ./verify-everything.txt
+31
View File
@@ -0,0 +1,31 @@
8eaf8cd5d9e5cb3d2170a44344a8efc37e014ad8d7d8cc4fa49fb4a6e2a18bbe ./.gitignore
7fd36c34bee48c3fae99ed4bf3ab4dcbc53b20405e20fec7261e2b53e78ae6b2 ./archives/README.md
e4fe64ba4374d0ccdb5b35c09b92bc3914f7c54b95e0a5b64b3fb903b80dc931 ./checksums_generate_recursive.sh
4b4a63a30c7ef05f876d9d82cb814eb6a47ab2c494a7894c4066216f0b6b0c07 ./create-attributable-archive.sh
77a0b49395192e3b4ab451bf3512e3d5bd317f09ad826a65d2e8d2028456e2f0 ./FileMap.md
4393dfc3184bb3ce55bf4c611b5aabaebc551da4cf748570a01e9f7a3a79b837 ./keystore/README.md
8d09ddfa82784ae6b88962d72712b10d9c555de791034c44ba7a5e5a7630a0f4 ./out/contents/README.md
6f0b8bd158eb8608beca242d60257765c5ec0fa97e0a2a67c16482c8c9ee33ec ./out/README.md
5e795860b295d132e2382c137b1a61211e4e315cb064a40a41dccaa4692f64fb ./out/test_validate_passphrase.sh
af78d32024215da3f69c817440855e7c34e4d05d4ba17ccacc0162a56127cfd0 ./out/verify-everything.sh
2c873d9dd7fabc18b139d18c094ed16b5c3107448ce92c812e05474e8e1f5652 ./README-instructions.txt
327a649a4851981e8d4dcdd473a577210b1cd7c6e078789c821d2c29fee20e0d ./README.md
065d7229fbf08a2b6e0098435fa12221398e4386026f6bebd3ac5b756f73616d ./Specification.md
5e795860b295d132e2382c137b1a61211e4e315cb064a40a41dccaa4692f64fb ./test_validate_passphrase.txt
af78d32024215da3f69c817440855e7c34e4d05d4ba17ccacc0162a56127cfd0 ./verify-everything.txt
8eaf8cd5d9e5cb3d2170a44344a8efc37e014ad8d7d8cc4fa49fb4a6e2a18bbe ./.gitignore
7fd36c34bee48c3fae99ed4bf3ab4dcbc53b20405e20fec7261e2b53e78ae6b2 ./archives/README.md
e4fe64ba4374d0ccdb5b35c09b92bc3914f7c54b95e0a5b64b3fb903b80dc931 ./checksums_generate_recursive.sh
4b4a63a30c7ef05f876d9d82cb814eb6a47ab2c494a7894c4066216f0b6b0c07 ./create-attributable-archive.sh
45da0a27c033830a13f0a195ad8729379fe82fd0cf30a938a379055630c4677b ./datetimestamp.txt
77a0b49395192e3b4ab451bf3512e3d5bd317f09ad826a65d2e8d2028456e2f0 ./FileMap.md
4393dfc3184bb3ce55bf4c611b5aabaebc551da4cf748570a01e9f7a3a79b837 ./keystore/README.md
8d09ddfa82784ae6b88962d72712b10d9c555de791034c44ba7a5e5a7630a0f4 ./out/contents/README.md
6f0b8bd158eb8608beca242d60257765c5ec0fa97e0a2a67c16482c8c9ee33ec ./out/README.md
5e795860b295d132e2382c137b1a61211e4e315cb064a40a41dccaa4692f64fb ./out/test_validate_passphrase.sh
af78d32024215da3f69c817440855e7c34e4d05d4ba17ccacc0162a56127cfd0 ./out/verify-everything.sh
2c873d9dd7fabc18b139d18c094ed16b5c3107448ce92c812e05474e8e1f5652 ./README-instructions.txt
327a649a4851981e8d4dcdd473a577210b1cd7c6e078789c821d2c29fee20e0d ./README.md
065d7229fbf08a2b6e0098435fa12221398e4386026f6bebd3ac5b756f73616d ./Specification.md
5e795860b295d132e2382c137b1a61211e4e315cb064a40a41dccaa4692f64fb ./test_validate_passphrase.txt
af78d32024215da3f69c817440855e7c34e4d05d4ba17ccacc0162a56127cfd0 ./verify-everything.txt
View File
+40
View File
@@ -0,0 +1,40 @@
#!/bin/bash
# file paths
sha256_file_path=./checksums.sha256
md5_file_path=./checksums.md5
error_log=./checksums_error.log
# text colors
RED='\e[31m'
YELLOW='\033['
GREEN='\e[32m'
RESET='\e[0m'
# output errors to error log
exec 2> >(tee -a "$error_log" >&2)
if [ -f "sha256_file_path" ]; then
echo -e "${YELLOW}Warn${RESET}: Existing $sha256_file_path Found, Deleting..."
rm -f "sha256_file_path"
fi
if [ -f "$md5_file_path" ]; then
echo -e "${YELLOW}Warn${RESET}: Existing $md5_file_path Found, Deleting..."
rm -f "$md5_file_path"
fi
if [ -f "$error_log" ]; then
echo -e "${YELLOW}Warn${RESET}: Existing $error_log Found, Deleting..."
rm -f "$error_log"
fi
# notify user
echo "Calculating SHA256 and MD5 Checksums Recursively into $sha256_file_path and $md5_file_path\n\t${YELLOW}This May Take a Long Time!${RESET}"
# exclude git
if find . -type f ! -path "*/.git/*" ! -path "$error_log" ! -path "$md5_file_path" ! -path "$sha256_file_path" -exec bash -c "file_path={} && sha256sum \$file_path 1>> $sha256_file_path && md5sum \$file_path 1>> $md5_file_path" \;; then
echo -e "\n${GREEN}SUCCESS!${RESET} Generated SHA256 and MD5 Checksums into $sha256sum and $md5_file_path Respectively!\n"
exit 0 # explicitly exit success
else
echo -e "\n${RED}FAIL!${RESET} Failed to Generate SHA256 and MD5 Checksums! Check Error Output or Check Error Log: $error_log\n" >&2
exit 1 # explicitly fail
fi
+357
View File
@@ -0,0 +1,357 @@
#!/usr/bin/env bash
# packages: 7zip, shred, secure-delete, cracklib-runtime, openssl, curl
set -o errtrace
set -o nounset
set -o pipefail
IFS=$'\n\t'
unix_seconds=$(date +%s)
key_path="./private_ed25519_${unix_seconds}"
signature_tag="file-integrity"
out_dir="./out"
inner_dir="$out_dir/contents"
RED='\033[31m'
GREEN='\033[32m'
RESET='\033[0m'
num_of_args="$#"
all_args="$@"
require_command() {
if ! command -v "$1" >/dev/null 2>&1; then
echo "Missing required command: $1" >&2
exit 1
fi
}
require_dependencies() {
local deps=(bash shred srm openssl curl ssh-keygen 7z sha512sum awk grep realpath)
for dep in "${deps[@]}"; do
require_command "$dep"
done
}
checkcode() {
local retcode="${1:-}"
if [[ -z "$retcode" ]]; then
echo -e "\n${RED}ERROR!${RESET} checkcode missing return code parameter\n" >&2
exit 1
fi
if [[ "$retcode" -ne 0 ]]; then
echo -e "${RED}ERROR!${RESET} Response code: $retcode" >&2
exit "$retcode"
fi
printf ' %bOK!%b\n' "$GREEN" "$RESET"
}
run_cmd() {
"$@"
checkcode $?
}
reset() {
printf 'Autoshredding known artifacts...\n'
find . -maxdepth 1 -type f \( -name 'private_*' -o -name 'attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
checkcode $?
if compgen -G 'private_*' >/dev/null 2>&1; then
printf 'Shredding errant private key files...\n'
shred -uz private_* || true
fi
if compgen -G 'attribution_passphrase_*' >/dev/null 2>&1; then
printf 'Shredding errant attribution passphrase files...\n'
shred -uz attribution_passphrase_* || true
fi
printf 'Removing previous output directory...\n'
rm -rf "$out_dir"
checkcode $?
printf 'Rebuilding output directory structure...\n'
mkdir -p "$inner_dir"
checkcode $?
printf 'Writing placeholder README files...\n'
echo 'put files to verifiably archive in here' > "$inner_dir/README.md"
checkcode $?
echo '# todo: make this nice' > "$out_dir/README.md"
checkcode $?
printf 'Copying verification helpers...\n'
cp test_validate_passphrase.txt "$out_dir/test_validate_passphrase.sh"
checkcode $?
chmod +x "$out_dir/test_validate_passphrase.sh"
checkcode $?
cp verify-everything.txt "$out_dir/verify-everything.sh"
checkcode $?
chmod +x "$out_dir/verify-everything.sh"
checkcode $?
local housekeeping_dirs=(archives keystore)
for dir in "${housekeeping_dirs[@]}"; do
if [[ -d "$dir" ]]; then
printf 'Hardening %s...\n' "$dir"
chmod 700 "$dir"
checkcode $?
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
find "$dir" -type f \( -name 'private_ed25519_*' -o -name 'attribution_passphrase_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
find "$dir" -type f -exec chmod 600 '{}' +
checkcode $?
fi
done
}
audit_passphrase() {
local raw_password="$1"
local check_password="$2"
if [[ -z "$raw_password" ]]; then
echo '[ERROR] No passphrase provided for validation.' >&2
return 2
fi
if [[ -z "$check_password" ]]; then
echo '[ERROR] No check passphrase provided for validation.' >&2
return 2
fi
if [[ "$raw_password" != "$check_password" ]]; then
echo '[ERROR] Passphrases do not match!' >&2
return 2
fi
unset check_password
local pass_len=${#raw_password}
if [[ "$pass_len" -lt 35 ]]; then
echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35."
return 1
fi
echo "[PASS] Length verification satisfied ($pass_len characters)."
if command -v cracklib-check >/dev/null 2>&1; then
if ! printf '%s' "$raw_password" | cracklib-check | grep -q 'OK$'; then
echo '❌ REJECTED by cracklib-check.'
return 1
fi
echo '[PASS] Local dictionary and structural complexity audit clear.'
else
echo '[WARN] cracklib-check not found; skipping local dictionary audit.' >&2
fi
local full_hash prefix suffix response
full_hash=$(printf '%s' "$raw_password" | openssl dgst -sha1 | awk '{print toupper($2)}')
prefix=${full_hash:0:5}
suffix=${full_hash:5}
if ! response=$(curl -fsS -A 'Bash-Passphrase-Audit-Script' "https://api.pwnedpasswords.com/range/$prefix"); then
echo -e "${RED}[FATAL]${RESET} Failed to communicate with HIBP API." >&2
return 3
else
echo -e "connected to hibp...${GREEN}OK${RESET}"
fi
if printf '%s\n' "$response" | grep -qi "^$suffix:"; then
echo -e "${RED}[FATAL]${RESET} Passphrase has been leaked!" >&2
return 1
else
echo -e "not leaked! (via hibp)... ${GREEN}OK${RESET}"
fi
return 0
}
error_handle() {
local exit_code=$?
local script_path
if command -v realpath >/dev/null 2>&1; then
script_path=$(realpath "$0")
else
script_path="$PWD/$0"
fi
local hr='===================================================='
echo
echo "$hr"
echo -e "🚨 ${RED}FATAL ERROR DETECTED${RESET}"
echo "$hr"
echo "-> Script : $0"
echo "-> Num Script Args : $num_of_args"
echo "-> Script Args : $all_args"
echo "-> Shell : ${SHELL:-unknown}"
echo "-> Script Path : $script_path"
echo "-> Script (full) : $SHELL $script_path $all_args"
echo "-> User : ${USER:-unknown}"
echo "-> Working Directory : $PWD"
echo "-> Failed Command : $BASH_COMMAND"
echo "-> Line Number : $LINENO"
echo "-> Exit Status : $exit_code"
echo "-> Seconds Elapsed : $SECONDS"
echo "-> Date Failed : $(date)"
echo '-> Stack Trace'
local frame=0
while caller "$frame"; do
frame=$((frame + 1))
done
echo
echo "$hr"
echo
exit "$exit_code"
}
exit_cleanup() {
printf "cleaning up on exit"
reset > /dev/null 2>&1
checkcode $?
# todo: uset vars
}
trap error_handle ERR
trap exit_cleanup EXIT
# ret=`audit_passphrase 'yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU' 'yw0EKY6wbSxU6KJxWN3vFZDgnSjJ4F8wqFrAJMcDxfU'`
# echo $ret
# exit 0
require_dependencies
printf 'Setting up environment...\n'
reset
printf '\n\n'
read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever you please then press any key to continue..."
printf '\n'
printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
ssh-keygen -t ed25519 -f "$key_path" -C 'anonymous' -N '' >/dev/null 2>&1
checkcode $?
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
chmod 600 "$key_path" "${key_path}.pub"
checkcode $?
printf 'ssh-keygen: creating %s/anonymous_signer...\n' "$out_dir"
echo "anonymous namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
checkcode $?
printf 'Inject random data? (y/N): '
read -r random
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
echo -e "No random data added. ${GREEN}OK!${RESET}\n"
else
printf 'random: adding 1/2 random blocks of data (128 bytes) to outer archive...\n'
openssl rand -out "$out_dir/.$RANDOM" 128 >/dev/null 2>&1
checkcode $?
printf 'random: adding 2/2 random blocks of data (128 bytes) to inner archive...\n'
openssl rand -out "$inner_dir/.$RANDOM" 128 >/dev/null 2>&1
checkcode $?
fi
printf '7z: compressing inner volume...\n'
7z a "$out_dir/contents.7z" "$inner_dir" >/dev/null 2>&1
checkcode $?
printf 'Deleting %s...\n' "$inner_dir"
rm -rf "$inner_dir"
checkcode $?
printf 'ssh: signing %s...\n' "$out_dir/contents.7z"
ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" >/dev/null 2>&1
checkcode $?
printf 'Changing directory to %s...\n' "$out_dir"
cd "$out_dir"
checkcode $?
printf 'sha512: generating checksums...\n'
sha512sum * > checksums.sha512
checkcode $?
printf 'Changing directory back...\n'
cd ..
checkcode $?
printf 'Enter attribution passphrase:\n'
read -r -s attribution_passphrase
printf '\nEnter attribution passphrase again:\n'
read -r -s attribution_passphrase_check
printf '\n'
printf 'Auditing attribution passphrase...\n'
ret==`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"`
echo "$ret"
printf 'Unsetting attribution_passphrase_check...\n'
unset attribution_passphrase_check
printf 'Calculating attribution checksum...\n'
{
printf '%s' "$attribution_passphrase"
cat "$out_dir/contents.7z"
} | sha512sum | awk '{print $1}' > "$out_dir/attribution-checksum.sha512"
checkcode $?
printf 'Sanity checking: changing working directory to %s...\n' "$out_dir"
cd "$out_dir"
checkcode $?
printf 'Sanity checking: verification...\n'
bash verify-everything.sh "$attribution_passphrase"
checkcode $?
printf 'Sanity checking: validate attribution passphrase...\n'
bash test_validate_passphrase.sh "$attribution_passphrase"
checkcode $?
printf 'Returning to project root...\n'
cd ..
checkcode $?
printf 'Unsetting attribution_passphrase...\n'
unset attribution_passphrase
printf '7z archiving outer dir...\n'
7z a ./out.7z "$out_dir" >/dev/null 2>&1
checkcode $?
printf 'Moving out.7z to archives...\n'
mv out.7z "archives/verifiable_archive_${unix_seconds}.7z"
checkcode $?
printf 'Enter keystore passphrase:\n'
read -r -s keystore_passphrase
printf '\nEnter keystore passphrase again:\n'
read -r -s keystore_passphrase_check
printf '\n'
printf 'Auditing keystore passphrase...\n'
ret=`audit_passphrase "$keystore_passphrase" "$keystore_passphrase_check"`
echo -e "$ret"
printf 'Unsetting keystore_passphrase_check...\n'
unset keystore_passphrase_check
printf 'Archiving keys...\n'
set +u
shopt -s nullglob
private_files=(private_*)
passphrase_files=(attribution_passphrase_*)
shopt -u nullglob
set -u
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then
echo 'No key or attribution passphrase files found to archive.' >&2
exit 1
fi
7z a "keystore/keystore_${unix_seconds}.7z" "${private_files[@]}" "${passphrase_files[@]}" -p"$keystore_passphrase" -mhe=on >/dev/null 2>&1
checkcode $?
printf 'Testing key archive...\n'
7z t "keystore/keystore_${unix_seconds}.7z" -p"$keystore_passphrase" >/dev/null 2>&1
checkcode $?
+1
View File
@@ -0,0 +1 @@
Tuesday, May 26 2026 at 06:42:27 PM MDT (unix seconds 1779842547)
-51
View File
@@ -1,51 +0,0 @@
#!/bin/bash
# packages required: git trufflehog gitsecrets pup
# todo: make dis an arg
github_username='nationalsecurityagency'
github_base='https://github.com/'
github_repos_page="$github_base/$github_username/"
# todo: make dis handle pagination
repos=$(curl -sS "${github_repos_page}?tab=repositories" | grep 'name codeRepository' | pup 'a attr{href}' | sed 's/\/PrincessPi3\///')
out_dir="$PWD/$github_username" #todo: make dis an arg
mkdir -p "$out_dir"
secretsfile="$PWD/secrets_${github_username}.txt"
nuke_repos_dir() {
if [ -d "$out_dir" ]; then
printf "deleting existing $out_dir... "
rm -rf "$out_dir" > /dev/null 2>&1
printf "$?\n"
printf "remaking $out_dir... "
mkdir -p "$out_dir"
printf "$?\n"
fi
}
clone_repos() {
for repo in "${repos[@]}"; do
printf "cloning $repo into $out_dir/$repo..."
git clone --recursive "$github_repos_page/$repo" "$out_dir/$repo" > /dev/null 2>&1
printf "$?\n"
done
}
snoop_repos() {
for repo in "${repos[@]}"; do
cd "$out_dir/$repo"
pwd | tee -a "$secretsfile"
trufflehog git file://. | tee -a "$secretsfile"
gitleaks detect -v | tee -a "$secretsfile"
cd -
done
}
# run em ig
nuke_repos_dir
clone_repos
snoop_repos
+2
View File
@@ -0,0 +1,2 @@
# Keystore
where encrypted archives of previous keys and attibriution passphrases are stored
View File
+1
View File
@@ -0,0 +1 @@
# todo: make this nice
+1
View File
@@ -0,0 +1 @@
put files to verifiably archive in here
+19
View File
@@ -0,0 +1,19 @@
#!/bin/bash
set -e
attrib_hash=$(cat "./attribution-checksum.sha512")
if [ -z "$1" ]; then
echo "enter passphrase to test"
read passphrase
echo
else
passphrase="$1"
fi
tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}')
if [[ "$attrib_hash" == "$tested_hash" ]]; then
echo -e "Attribution With Password $passphrase: \033[0;32mOK!\033[0m"
else
echo -e "Attribution With Password $passphrase: \033[0;31mFAIL!\033[0m"
fi
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
set -e
checkcode () {
if [ -z "$1" ]; then
echo -e "\n\e[31mERROR!\033[0m chkcode missing return code paramater\n"
exit 1
else
retcode=$1
fi
if [ $retcode -ne 0 ]; then
echo -e "\t\e[31mERROR!\033[0m Response Code: $retcode"
else
printf '\e[1;32mOK!\e[0m\n'
fi
}
printf "Testing contents.7z integrity... "
7z t contents.7z > /dev/null 2>&1
checkcode $?
printf "Checking sha512 checksums... "
sha512sum -c checksums.sha512 > /dev/null 2>&1
checkcode $?
printf "Checking signature against provided public key... "
ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null > /dev/null > /dev/null 2>&1
checkcode $?
Binary file not shown.

Before

Width:  |  Height:  |  Size: 589 KiB

+19
View File
@@ -0,0 +1,19 @@
#!/bin/bash
set -e
attrib_hash=$(cat "./attribution-checksum.sha512")
if [ -z "$1" ]; then
echo "enter passphrase to test"
read passphrase
echo
else
passphrase="$1"
fi
tested_hash=$( ( echo -n "$passphrase"; cat "./contents.7z" ) | sha512sum | awk '{print $1}')
if [[ "$attrib_hash" == "$tested_hash" ]]; then
echo -e "Attribution With Password $passphrase: \033[0;32mOK!\033[0m"
else
echo -e "Attribution With Password $passphrase: \033[0;31mFAIL!\033[0m"
fi
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
set -e
checkcode () {
if [ -z "$1" ]; then
echo -e "\n\e[31mERROR!\033[0m chkcode missing return code paramater\n"
exit 1
else
retcode=$1
fi
if [ $retcode -ne 0 ]; then
echo -e "\t\e[31mERROR!\033[0m Response Code: $retcode"
else
printf '\e[1;32mOK!\e[0m\n'
fi
}
printf "Testing contents.7z integrity... "
7z t contents.7z > /dev/null 2>&1
checkcode $?
printf "Checking sha512 checksums... "
sha512sum -c checksums.sha512 > /dev/null 2>&1
checkcode $?
printf "Checking signature against provided public key... "
ssh-keygen -Y verify -f "./anonymous_signer" -I "anonymous" -n "file-integrity" -s contents.7z.sig < contents.7z > /dev/null > /dev/null > /dev/null 2>&1
checkcode $?