Skip to content

Instantly share code, notes, and snippets.

@pqwy

pqwy/build.sh

Last active September 24, 2015 09:04
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pqwy/d79369d8a9e07857a7f2 to your computer and use it in GitHub Desktop.
Save pqwy/d79369d8a9e07857a7f2 to your computer and use it in GitHub Desktop.
Download ZIP
GPG me.
Raw
build.sh
#!/bin/sh
ocamlfind ocamlopt -linkpkg -package lwt,lwt.unix,lwt.syntax,nocrypto,nocrypto.unix -syntax camlp4o gpg.ml -o gpg
Raw
david.pub
((e 65537)
(n
877831630850620268296167281268137407968016117521446011947078338922537264246109651591523026593056672059051832489999260590720167821207366943923444515661663602376324705727626899417643226768417722240397550717769697576975519103659731511541304913058853922980532451689575581185805929082231653610551363194905706387349026794625714674708002690859774616231273863718321465806040602964111779127556655061122448494346314045318403431777063788919516973469738395562844970539417849676768769892610084102947976640050731949147731332810959844396907211845625443881400019296047037990887048138479995648896675890207817825696487119168314547428097438424211088570364438620369031559490617669352486400276567777773716474680245902567656486206689732864497632626192121971444656077566802488055771232605542026908195909645000500621847647995666883542373043668678200339885249170655929291456023933240975311011815900522354894598687516928055863184104476546416212137327084162048981628913016385744950994876649021780055141918578758943357429897442940484114912831189534254281898232997757076068105791246873448938369923454558454905282377677439037825613838429847689902790048088611766805906063238529227953779757058137273028055510022539448893002250971297470601758314315477284134594158399))
Raw
gpg.ml
open Nocrypto
open Uncommon
open Lwt
open Sexplib
module Hash = Hash.SHA256
module Oaep = Rsa.OAEP(Hash)
module Aes = Cipher_block.AES.CTR
let (&.) f g x = f (g x)
let ctr = Cs.create_with 16 0
let enc ~key cs =
let sec = Rng.generate 32 in
let penc = Oaep.encrypt ~key sec in
let senc = Aes.(encrypt ~key:(of_secret sec) ~ctr cs) in
let mac = Hash.hmac ~key:sec senc in
Cs.concat [ penc; mac; senc ]
let dec ~key cs =
let ks = cdiv (Rsa.priv_bits key) 8 in
let (penc, cs') = Cstruct.split cs ks in
let (mac, senc) = Cstruct.split cs' Hash.digest_size in
match Oaep.decrypt ~key penc with
| None -> failwith "Someone was mucking with the encrypted key :("
| Some sec ->
if not Cstruct.(equal mac @@ Hash.hmac ~key:sec senc) then
failwith "Someone was mucking with the encrypted data :("
else Aes.(decrypt ~key:(of_secret sec) ~ctr senc)
let lwt_write_file name s =
lwt ch = Lwt_io.(open_file ~mode:Output name) in
Lwt_io.write ch s >> Lwt_io.close ch
let lwt_read_file name =
lwt ch = Lwt_io.(open_file ~mode:Input name) in
try_lwt Lwt_io.read ch finally Lwt_io.close ch
let xform kfun f kf i o =
lwt key = lwt_read_file kf >|= kfun in
Lwt_io.read i >|= Cstruct.(to_string &. f ~key &. of_string) >>= Lwt_io.write o
let encrypt = xform (Rsa.pub_of_sexp &. Sexp.of_string) enc
and decrypt = xform (Rsa.priv_of_sexp &. Sexp.of_string) dec
let generate base =
let key = Rsa.generate 4096 in
let key' = Rsa.pub_of_priv key in
let name = base ^ ".priv"
and name' = base ^ ".pub" in
lwt_write_file name (Sexp.to_string_hum (Rsa.sexp_of_priv key)) <&>
lwt_write_file name' (Sexp.to_string_hum (Rsa.sexp_of_pub key'))
let main () =
Nocrypto_entropy_unix.initialize ();
match Sys.argv with
| [| _; "enc"; kf |] -> encrypt kf Lwt_io.stdin Lwt_io.stdout
| [| _; "dec"; kf |] -> decrypt kf Lwt_io.stdin Lwt_io.stdout
| [| _; "gen"; kf |] -> generate kf
| _ -> failwith "Nope."
let () = Lwt_main.run (main ())
@pqwy
Copy link
Author

pqwy commented Sep 24, 2015

This is how we securely message @pqwy now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment