Last active
September 24, 2015 09:04
-
-
Save pqwy/d79369d8a9e07857a7f2 to your computer and use it in GitHub Desktop.
GPG me.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
ocamlfind ocamlopt -linkpkg -package lwt,lwt.unix,lwt.syntax,nocrypto,nocrypto.unix -syntax camlp4o gpg.ml -o gpg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
((e 65537) | |
(n | |
877831630850620268296167281268137407968016117521446011947078338922537264246109651591523026593056672059051832489999260590720167821207366943923444515661663602376324705727626899417643226768417722240397550717769697576975519103659731511541304913058853922980532451689575581185805929082231653610551363194905706387349026794625714674708002690859774616231273863718321465806040602964111779127556655061122448494346314045318403431777063788919516973469738395562844970539417849676768769892610084102947976640050731949147731332810959844396907211845625443881400019296047037990887048138479995648896675890207817825696487119168314547428097438424211088570364438620369031559490617669352486400276567777773716474680245902567656486206689732864497632626192121971444656077566802488055771232605542026908195909645000500621847647995666883542373043668678200339885249170655929291456023933240975311011815900522354894598687516928055863184104476546416212137327084162048981628913016385744950994876649021780055141918578758943357429897442940484114912831189534254281898232997757076068105791246873448938369923454558454905282377677439037825613838429847689902790048088611766805906063238529227953779757058137273028055510022539448893002250971297470601758314315477284134594158399)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
open Nocrypto | |
open Uncommon | |
open Lwt | |
open Sexplib | |
module Hash = Hash.SHA256 | |
module Oaep = Rsa.OAEP(Hash) | |
module Aes = Cipher_block.AES.CTR | |
let (&.) f g x = f (g x) | |
let ctr = Cs.create_with 16 0 | |
let enc ~key cs = | |
let sec = Rng.generate 32 in | |
let penc = Oaep.encrypt ~key sec in | |
let senc = Aes.(encrypt ~key:(of_secret sec) ~ctr cs) in | |
let mac = Hash.hmac ~key:sec senc in | |
Cs.concat [ penc; mac; senc ] | |
let dec ~key cs = | |
let ks = cdiv (Rsa.priv_bits key) 8 in | |
let (penc, cs') = Cstruct.split cs ks in | |
let (mac, senc) = Cstruct.split cs' Hash.digest_size in | |
match Oaep.decrypt ~key penc with | |
| None -> failwith "Someone was mucking with the encrypted key :(" | |
| Some sec -> | |
if not Cstruct.(equal mac @@ Hash.hmac ~key:sec senc) then | |
failwith "Someone was mucking with the encrypted data :(" | |
else Aes.(decrypt ~key:(of_secret sec) ~ctr senc) | |
let lwt_write_file name s = | |
lwt ch = Lwt_io.(open_file ~mode:Output name) in | |
Lwt_io.write ch s >> Lwt_io.close ch | |
let lwt_read_file name = | |
lwt ch = Lwt_io.(open_file ~mode:Input name) in | |
try_lwt Lwt_io.read ch finally Lwt_io.close ch | |
let xform kfun f kf i o = | |
lwt key = lwt_read_file kf >|= kfun in | |
Lwt_io.read i >|= Cstruct.(to_string &. f ~key &. of_string) >>= Lwt_io.write o | |
let encrypt = xform (Rsa.pub_of_sexp &. Sexp.of_string) enc | |
and decrypt = xform (Rsa.priv_of_sexp &. Sexp.of_string) dec | |
let generate base = | |
let key = Rsa.generate 4096 in | |
let key' = Rsa.pub_of_priv key in | |
let name = base ^ ".priv" | |
and name' = base ^ ".pub" in | |
lwt_write_file name (Sexp.to_string_hum (Rsa.sexp_of_priv key)) <&> | |
lwt_write_file name' (Sexp.to_string_hum (Rsa.sexp_of_pub key')) | |
let main () = | |
Nocrypto_entropy_unix.initialize (); | |
match Sys.argv with | |
| [| _; "enc"; kf |] -> encrypt kf Lwt_io.stdin Lwt_io.stdout | |
| [| _; "dec"; kf |] -> decrypt kf Lwt_io.stdin Lwt_io.stdout | |
| [| _; "gen"; kf |] -> generate kf | |
| _ -> failwith "Nope." | |
let () = Lwt_main.run (main ()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is how we securely message @pqwy now.