Skip to content

Instantly share code, notes, and snippets.

@nicerobot

nicerobot/ssh-tgzx

Last active Nov 30, 2020
Embed
What would you like to do?
Self-extracting, encrypted tarballs using SSH public keys from GitHub. Because https://ssh-vault.com is awesome but it requires an installation.
#!/bin/bash
(( ${#} >= 3 )) || { echo "usage: $(basename ${0}) github-username archive-file [files | directories]"; exit 1; }
exec >${2}
zero='${0}'
cat <<SCRIPT
#!/usr/bin/env bash
usage() {
echo "usage: bash ${zero} identity-file"
echo "encrypted using: github.com/${1}.keys"
echo " : $(curl -s -L https://github.com/${1}.keys | head -1)"
[[ -f ~/.ssh/id_rsa-${1} ]] && bash \${0} ~/.ssh/id_rsa-${1}
exit
}
SCRIPT
cat <<'SCRIPT'
(( ${#} >= 1 )) || usage "${@}"
trap "rm -f /tmp/pass.${$} 2>/dev/null" 0
openssl rsautl -decrypt -inkey ${1} -out /tmp/pass.${$} -in <(head -14 ${0} | tail -1 | perl -p -e 's/\\n/\n/g' | openssl base64 -d)
tail -n+15 ${0} | openssl enc -aes-256-cbc -d -a -pass file:/tmp/pass.${$} | tar ${2:-xv}z
exit
SCRIPT
export pass=$(openssl rand -hex 64)
openssl rsautl -encrypt -pubin \
-in <(echo -n "${pass}") \
-inkey <(ssh-keygen -e -f <(curl -s -L https://github.com/${1}.keys | head -1) -m PKCS8) \
| openssl base64 \
| perl -p -e 's/\n/\\n/g'
echo
tar zc "${@:3}" | openssl enc -aes-256-cbc -a -salt -pass env:pass
chmod +x ${2}

Generate a plain-text, encrypted archive that is secured using the public key of a particular GitHub user.

Archive and Secure

Usage is similar to tar.

ssh-tgzx github-username archive-file [files | directories]

Extract

Send the file to user who owns the identity and they simply:

bash ./archive-file identity-file

List

bash ./archive-file identity-file t

Example

Create secure archive

To archive some files to send to me:

ssh-tgzx nicerobot private.tgzx private-folder secret-file

It is (relatively) safe to send the file to me via insecure channels.

Extract

I can extract is using:

bash ./private.tgzx ~/.ssh/id_rsa

List

Or just list the contents:

bash ./private.tgzx ~/.ssh/id_rsa t
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment