Skip to content

Instantly share code, notes, and snippets.

@bitsapien

bitsapien/ShareSecrets.md

Last active February 6, 2021 05:20
Show Gist options
  • Save bitsapien/bbc8cb877984f4ad5141dea0163072ba to your computer and use it in GitHub Desktop.
Save bitsapien/bbc8cb877984f4ad5141dea0163072ba to your computer and use it in GitHub Desktop.
Download ZIP
Share Secrets
Raw
decrypt.sh
PRIVATE_KEY=$1
ENCRYPTED_KEYFILE=$2
ENCRYPTED_SECRET=$3
KEYFILE="./key.bin"
SECRET="decrypted_file"
openssl rsautl -decrypt -inkey "${PRIVATE_KEY}" -in "${ENCRYPTED_KEYFILE}" -out "${KEYFILE}"
openssl enc -d -aes-256-cbc -in "${ENCRYPTED_SECRET}" -out "${SECRET}" -pass file:"${KEYFILE}"
echo "Decrypted file: $(pwd)/${SECRET}"
echo "File contents:"
cat "./${SECRET}"
Raw
encrypt.sh
PUBLIC_KEY=$1
KEYFILE="key.bin"
ENCRYPTED_KEYFILE="${KEYFILE}.enc"
SECRET=$2
ENCRYPTED_SECRET="${SECRET}.enc"
# Generate a 256 bit random key
openssl rand -base64 32 > "${KEYFILE}"
# Encrypt the key
openssl rsautl -encrypt -inkey "${PUBLIC_KEY}" -pubin -in "${KEYFILE}" -out "${ENCRYPTED_KEYFILE}"
# Encrypt the target file
openssl enc -aes-256-cbc -salt -in "${SECRET}" -out "${ENCRYPTED_SECRET}" -pass file:./${KEYFILE}
echo "Share the below files to the recipient"
echo ""
echo "$(pwd)/${ENCRYPTED_KEYFILE}"
echo "$(pwd)/${ENCRYPTED_SECRET}"
Raw
gen_pub_key.sh
PRIVATE_KEY=$1
PRIVATE_KEY_PEM="${PRIVATE_KEY}.pem"
PUBLIC_KEY_PEM="${PRIVATE_KEY}.pub.pem"
openssl rsa -in "${PRIVATE_KEY}" -outform pem > "${PRIVATE_KEY_PEM}"
openssl rsa -in "${PRIVATE_KEY}" -pubout -outform pem > "${PUBLIC_KEY_PEM}"
echo "Share this with the person over chat who wants to send you a secret, verify the first and last few characters on phone to avoid any man-in-the-middle"
cat "${PUBLIC_KEY_PEM}"
Raw
ShareSecrets.md

Share secrets

Share your secrets securely over the wire.

Generate public key

Ask the person who'd recieve your secret to do the following, ask them to create a public/private key pair if they do not already have one.

curl -s https://gist.githubusercontent.com/bitsapien/bbc8cb877984f4ad5141dea0163072ba/raw/gen_pub_key.sh | bash /dev/stdin <PATH-TO-PRIVATE-KEY>

Wait for the public key to be shared with you.

Encrypt

curl -s https://gist.githubusercontent.com/bitsapien/bbc8cb877984f4ad5141dea0163072ba/raw/encrypt.sh | bash /dev/stdin <PATH-TO-THE-RECIPIENT-PUBLIC-KEY> <PATH-TO-SECRET-FILE>

Share the two files to the recipient.

Decrypt

Ask the recipient to download the two files and run this.

curl -s https://gist.githubusercontent.com/bitsapien/bbc8cb877984f4ad5141dea0163072ba/raw/decrypt.sh | bash /dev/stdin <PATH-TO-PRIVATE-KEY> <PATH-TO-KEYFILE> <PATH-TO-SECRETFILE>

Inspired by: https://www.czeskis.com/random/openssl-encrypt-file.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment