Skip to content

Instantly share code, notes, and snippets.

@elfgoh
Created September 29, 2016 17:06
Show Gist options
  • Save elfgoh/6186960a44a2239a9f3fd7f911c6a757 to your computer and use it in GitHub Desktop.
Save elfgoh/6186960a44a2239a9f3fd7f911c6a757 to your computer and use it in GitHub Desktop.
A simple git pre-commit hook that checks if any public keys in the current directory with extension .pub is secure
#!/bin/sh
# A simple git pre-commit hook that checks if any public keys in the current directory with extension .pub is secure
for i in $(ls pubkeys/*.pub)
do
# DSA is insecure
f=$(ssh-keygen -l -f $i | cut -d "(" -f2 | cut -d ")" -f1)
echo "$f"
[ "$f" = "DSA" ] && echo "DSA is insecure: $i" && exit 1
#RSA < 2096 bits is not that secure
b=$(ssh-keygen -l -f $i | awk -F\ '{print $1}')
[ "$f" = "RSA" ] && [ "$b" -lt 4096 ] && echo "RSA should not be < 4096 bits: $i" && exit 1
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment