Created
June 9, 2014 04:09
-
-
Save dukeofgaming/04e3217bbe195acc9d6d to your computer and use it in GitHub Desktop.
A shell script to encrypt a file so that only a SSL site's private key can decrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Taken from http://dpaste.de/61O8/ | |
| set -e | |
| echo "Encrypting $2 for $1." | |
| # make a directory to store results for this site | |
| mkdir -p results/$1 | |
| # get that site's SSL certificate, validating it with the cacert.pem we have | |
| echo "QUIT" | openssl s_client -CAfile cacert.pem -connect $1:443 > results/$1/cert.pem | |
| # generate a random password from urandom | |
| dd if=/dev/urandom of=results/$1/pass.txt bs=1 count=96 | |
| # use the raw password and AES to encrypt the output | |
| openssl enc -a -aes-256-cbc -salt -in $2 -out results/$1/file.enc -pass file:results/$1/pass.txt | |
| # then, use the above public cert to encrypt the pass key | |
| openssl rsautl -encrypt -inkey results/$1/cert.pem -pubin -certin -in results/$1/pass.txt -out results/$1/pass.enc | |
| # finally, delete the password so it's not around and accidentally leaked | |
| rm results/$1/pass.txt | |
| echo "ALL DONE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment