Script for encrypting a file with an autogenerated key and splitting that key into multiple parts using Shamir's secret sharing.
#!/bin/bash | |
# Uses my xkpa password generator: https://github.com/beala/xkcd-password | |
# The password generation method can be modified below. | |
# Depends on openssl and ssss (http://point-at-infinity.org/ssss/) | |
# Copyright (c) 2012 Alex Beal | |
# | |
# Permission is hereby granted, free of charge, to any person obtaining a copy of | |
# this software and associated documentation files (the "Software"), to deal in | |
# the Software without restriction, including without limitation the rights to | |
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies | |
# of the Software, and to permit persons to whom the Software is furnished to do | |
# so, subject to the following conditions: | |
# | |
# The above copyright notice and this permission notice shall be included in all | |
# copies or substantial portions of the Software. | |
# | |
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
# SOFTWARE. | |
SECRETGEN="xkpa -n 10" | |
usage() { | |
cat << EOF | |
Encrypts a file and splits an autogenerated key. | |
Shares of the key are output to n text files in | |
the current directory. | |
OPTIONS: | |
-f Plaintext input file. | |
-o Ciphertext output file. | |
-t Number of shares needed to recreate the secret. | |
-n Number of shares to generate. | |
-h Output this message. | |
EOF | |
} | |
while getopts "hf:o:t:n:" OPTION; do | |
case "$OPTION" in | |
h) | |
usage | |
exit 1 | |
;; | |
f) | |
INFILE="$OPTARG" | |
;; | |
o) | |
OUTFILE="$OPTARG" | |
;; | |
t) | |
THRESHOLD="$OPTARG" | |
;; | |
n) | |
SHARESCOUNT="$OPTARG" | |
;; | |
esac | |
done | |
DIE=false | |
if [[ -z "$INFILE" ]]; then | |
echo "Error: Missing input file." | |
DIE=true | |
fi | |
if [[ -z "$OUTFILE" ]]; then | |
echo "Error: Missing output file." | |
DIE=true | |
fi | |
if [[ -z "$THRESHOLD" ]]; then | |
echo "Error: Missing shares threshold." | |
DIE=true | |
fi | |
if [[ -z "$SHARESCOUNT" ]]; then | |
echo "Error: Missing shares count." | |
DIE=true | |
fi | |
if [[ $DIE == true ]]; then | |
echo | |
usage | |
exit 1 | |
fi | |
# Generate the secret. | |
SECRET="$($SECRETGEN)" | |
# Encrypt INFILE with secret. AES-256 CBC | |
openssl enc -aes-256-cbc -k "$SECRET" -in "$INFILE" -out "$OUTFILE" | |
if [[ $? != 0 ]]; then | |
echo "Error: Encryption failed." | |
exit 1 | |
fi | |
# Split the secret into shares. | |
shares="$(ssss-split -t "$THRESHOLD" -n "$SHARESCOUNT" -q <<< "$SECRET")" | |
if [[ $? != 0 ]]; then | |
echo "Error: Secret splitting failed." | |
exit 1 | |
fi | |
# Write each share to a different file. | |
i=0 | |
for share in $shares; do | |
echo "$share" > "$(basename "$INFILE")-share-$i" | |
i=$((i+1)) | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment