From cc58ea312687314fdc2930f6a0607d0b106cb239 Mon Sep 17 00:00:00 2001 From: Gurkirat Singh Date: Tue, 21 Jun 2022 14:18:42 +0530 Subject: [PATCH 1/5] feat (alias): for cryptography plugin --- aliases/available/cryptography.alias.bash | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 aliases/available/cryptography.alias.bash diff --git a/aliases/available/cryptography.alias.bash b/aliases/available/cryptography.alias.bash new file mode 100644 index 00000000..01bf94e6 --- /dev/null +++ b/aliases/available/cryptography.alias.bash @@ -0,0 +1,6 @@ +# shellcheck shell=bash + +ep="encrypt-payload" +dp="decrypt-payload" +enc="encrypt-payload" +dec="decrypt-payload" From 2c5220a2f1e9a350bc00c3117245df2111011b37 Mon Sep 17 00:00:00 2001 From: Gurkirat Singh Date: Tue, 21 Jun 2022 14:19:04 +0530 Subject: [PATCH 2/5] feat (plugins): aes encrypt/decrypt with openssl --- plugins/available/cryptography.plugin.bash | 66 ++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 plugins/available/cryptography.plugin.bash diff --git a/plugins/available/cryptography.plugin.bash b/plugins/available/cryptography.plugin.bash new file mode 100644 index 00000000..e2cca20b --- /dev/null +++ b/plugins/available/cryptography.plugin.bash @@ -0,0 +1,66 @@ +# shellcheck shell=bash + +function encrypt-payload() { + PAYLOAD=$1 + KEY=$2 + ALGO=${3:-aes-256-cbc} + + # exit with message if payload is empty string + if [[ -z "$PAYLOAD" ]]; then + echo "[x] Payload is empty!" + return 1 + fi + + # create random key if not provided + if [[ -z "$KEY" ]]; then + KEY=$(echo "$RANDOM$RANDOM" | md5sum - | head -c 13) + echo "[!] Key not provided, therefore choosen a random string -> $KEY" 1>&2 + echo "[!] To hide this message, provide the key as second argument or redirect stderr to /dev/null" 1>&2 + fi + + if [[ -f "$1" ]]; then + # if payload file then encrypt with -in + OUTFILE=$(mktemp) + if ! openssl enc "-$ALGO" -a -A -e -pbkdf2 -pass pass:"$KEY" -in "$PAYLOAD" -out "$OUTFILE"; then + echo "[x] Something went wrong!" + rm -rf "$OUTFILE" + else + echo "[!] Saved the encrypted file to '$OUTFILE'" + fi + else + # if payload file then encrypt with stdin + echo -ne "$1" | openssl enc "-$ALGO" -a -A -e -pbkdf2 -pass pass:"$KEY" + fi +} + +function decrypt-payload() { + PAYLOAD=$1 + KEY=$2 + ALGO=${3:-aes-256-cbc} + + # exit with message if payload is empty string + if [[ -z "$PAYLOAD" ]]; then + echo "[x] Payload is empty!" + return 1 + fi + + # create random key if not provided + if [[ -z "$KEY" ]]; then + echo "[x] Key is empty!" + return 1 + fi + + if [[ -f "$1" ]]; then + # if payload file then encrypt with -in + OUTFILE=$(mktemp) + if ! openssl enc "-$ALGO" -a -A -d -pbkdf2 -pass pass:"$KEY" -in "$PAYLOAD" -out "$OUTFILE"; then + echo "[x] Something went wrong!" + rm -rf "$OUTFILE" + else + echo "[!] Saved the encrypted file to '$OUTFILE'" + fi + else + # if payload file then encrypt with stdin + echo -ne "$1" | openssl enc "-$ALGO" -a -A -d -pbkdf2 -pass pass:"$KEY" + fi +} From ea56cb88c4df06928fff6bd345ab50b1c4127b8b Mon Sep 17 00:00:00 2001 From: Gurkirat Singh Date: Tue, 21 Jun 2022 14:20:15 +0530 Subject: [PATCH 3/5] improve (lint): add cryptography plugin file --- clean_files.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/clean_files.txt b/clean_files.txt index 758e3b80..2ef709b3 100644 --- a/clean_files.txt +++ b/clean_files.txt @@ -100,6 +100,7 @@ plugins/available/battery.plugin.bash plugins/available/blesh.plugin.bash plugins/available/cmd-returned-notify.plugin.bash plugins/available/colors.plugin.bash +plugins/available/cryptography.plugin.bash plugins/available/direnv.plugin.bash plugins/available/dirs.plugin.bash plugins/available/docker-machine.plugin.bash From c1d0ee420d91383433948ac32ec115e45f862eac Mon Sep 17 00:00:00 2001 From: Gurkirat Singh Date: Tue, 21 Jun 2022 14:20:32 +0530 Subject: [PATCH 4/5] fix (aliases): missing alias keyword --- aliases/available/cryptography.alias.bash | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/aliases/available/cryptography.alias.bash b/aliases/available/cryptography.alias.bash index 01bf94e6..d7700b2e 100644 --- a/aliases/available/cryptography.alias.bash +++ b/aliases/available/cryptography.alias.bash @@ -1,6 +1,6 @@ # shellcheck shell=bash -ep="encrypt-payload" -dp="decrypt-payload" -enc="encrypt-payload" -dec="decrypt-payload" +alias ep="encrypt-payload" +alias dp="decrypt-payload" +alias enc="encrypt-payload" +alias dec="decrypt-payload" From 4a1f39546dda63da4daa752ffa5f37ef5b253bf8 Mon Sep 17 00:00:00 2001 From: Gurkirat Singh Date: Wed, 22 Jun 2022 17:35:02 +0530 Subject: [PATCH 5/5] fix (plugins/cryptography): typo in decrypt-payload function --- plugins/available/cryptography.plugin.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/available/cryptography.plugin.bash b/plugins/available/cryptography.plugin.bash index e2cca20b..ca657f58 100644 --- a/plugins/available/cryptography.plugin.bash +++ b/plugins/available/cryptography.plugin.bash @@ -25,7 +25,7 @@ function encrypt-payload() { echo "[x] Something went wrong!" rm -rf "$OUTFILE" else - echo "[!] Saved the encrypted file to '$OUTFILE'" + echo "[+] Saved the encrypted file to '$OUTFILE'" fi else # if payload file then encrypt with stdin @@ -57,7 +57,7 @@ function decrypt-payload() { echo "[x] Something went wrong!" rm -rf "$OUTFILE" else - echo "[!] Saved the encrypted file to '$OUTFILE'" + echo "[+] Saved the decrypted file to '$OUTFILE'" fi else # if payload file then encrypt with stdin