Last active
September 4, 2017 18:46
-
-
Save JoshCheek/e9355d9ae3294f85e9fc3b55392749cd to your computer and use it in GitHub Desktop.
Encrypting a file and sending it to someone whose public key you have
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The secret info we want to send (for us, this is the SFTP private key) | |
ruby -e '500.times { print "secret " }' > secret.unencrypted | |
# Generate the password | |
openssl rand 128 -out password.unencrypted | |
# Encrypt the secret with the password | |
openssl enc -aes-256-cbc -salt -in secret.unencrypted -out secret.encrypted -pass file:./password.unencrypted | |
# Get the public key we'll use to encrypt the password (this uses my public key, swap it for whoever you want to send the message to) | |
curl -sL 'https://api.github.com/users/JoshCheek/keys' | jq -r '.[]|select(.id==23809681).key' > key.rsa | |
ssh-keygen -f key.rsa -e -m PKCS8 > key.pub | |
# Encrypt the password with the public key | |
openssl rsautl -encrypt -inkey key.pub -pubin -in password.unencrypted -out password.encrypted | |
# ----- Send them the password.encrypted and the secret.encrypted | |
# Decrypt the password with your private key | |
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in password.encrypted -out password.decrypted | |
# Decrypt the secret | |
openssl enc -d -aes-256-cbc -salt -in secret.encrypted -out secret.decrypted -pass file:./password.decrypted | |
# Examine the secret | |
cat secret.decrypted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment