Instantly share code, notes, and snippets.

@beala /splitback.sh
Last active Dec 14, 2015

Embed
What would you like to do?
Script for encrypting a file with an autogenerated key and splitting that key into multiple parts using Shamir's secret sharing.
#!/bin/bash
# Uses my xkpa password generator: https://github.com/beala/xkcd-password
# The password generation method can be modified below.
# Depends on openssl and ssss (http://point-at-infinity.org/ssss/)
# Copyright (c) 2012 Alex Beal
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is furnished to do
# so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
SECRETGEN="xkpa -n 10"
usage() {
cat << EOF
Encrypts a file and splits an autogenerated key.
Shares of the key are output to n text files in
the current directory.
OPTIONS:
-f Plaintext input file.
-o Ciphertext output file.
-t Number of shares needed to recreate the secret.
-n Number of shares to generate.
-h Output this message.
EOF
}
while getopts "hf:o:t:n:" OPTION; do
case "$OPTION" in
h)
usage
exit 1
;;
f)
INFILE="$OPTARG"
;;
o)
OUTFILE="$OPTARG"
;;
t)
THRESHOLD="$OPTARG"
;;
n)
SHARESCOUNT="$OPTARG"
;;
esac
done
DIE=false
if [[ -z "$INFILE" ]]; then
echo "Error: Missing input file."
DIE=true
fi
if [[ -z "$OUTFILE" ]]; then
echo "Error: Missing output file."
DIE=true
fi
if [[ -z "$THRESHOLD" ]]; then
echo "Error: Missing shares threshold."
DIE=true
fi
if [[ -z "$SHARESCOUNT" ]]; then
echo "Error: Missing shares count."
DIE=true
fi
if [[ $DIE == true ]]; then
echo
usage
exit 1
fi
# Generate the secret.
SECRET="$($SECRETGEN)"
# Encrypt INFILE with secret. AES-256 CBC
openssl enc -aes-256-cbc -k "$SECRET" -in "$INFILE" -out "$OUTFILE"
if [[ $? != 0 ]]; then
echo "Error: Encryption failed."
exit 1
fi
# Split the secret into shares.
shares="$(ssss-split -t "$THRESHOLD" -n "$SHARESCOUNT" -q <<< "$SECRET")"
if [[ $? != 0 ]]; then
echo "Error: Secret splitting failed."
exit 1
fi
# Write each share to a different file.
i=0
for share in $shares; do
echo "$share" > "$(basename "$INFILE")-share-$i"
i=$((i+1))
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment