Last active
April 6, 2022 02:55
-
-
Save rgbkrk/7827691 to your computer and use it in GitHub Desktop.
Encrypt a (short) file using someone's public key from github
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # HubCrypt | |
| # ======== | |
| # | |
| # Decrypt a file encrypted using hubencrypt (ok, it's just openssl + rsautl + | |
| # your SSH keys). It needs the private key that matches your last public key | |
| # listed at github.com/<user>.keys | |
| # | |
| if [[ $# < 3 ]]; then | |
| echo "Usage: $0 <id_rsa> <infile> <outfile>" | |
| exit 1 | |
| fi | |
| key=$1 | |
| infile=$2 | |
| outfile=$3 | |
| openssl rsautl -decrypt -inkey $key -in $infile -out $outfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # HubCrypt | |
| # ======== | |
| # | |
| # Encrypts a small message using a github user's public key as pulled from | |
| # github.com/<user>.key (ok, the last public key listed). | |
| # | |
| # The message size you can encrypt depends on the size of the RSA key used. | |
| # | |
| # Key size (bits) Maximum Message Size (bytes) | |
| # 768 85 | |
| # 1024 117 | |
| # 2048 246 | |
| # 4096 502 | |
| # 8192 1018 | |
| # | |
| # The key size (as specified by `-b` when using ssh-keygen) doesn't actually | |
| # have to be a power of 2, and will give you maximum message sizes in between | |
| # these ranges. I leave that as an exercise to the reader. If you want the | |
| # "solution" email me. Or leave a message on the gist this originally came from. | |
| # Whatever. | |
| # | |
| # Note: This assumes that the key is an RSA public key, and that the public | |
| # key you want to use is the last one listed at github.com/<user>.keys | |
| if [[ $# < 2 ]]; then | |
| echo "Usage: $0 <github user> <infile> [outfile]" | |
| exit 1 | |
| fi | |
| user=$1 | |
| infile=$2 | |
| outfile=$2.enc | |
| if [[ $# == 3 ]]; then | |
| outfile=$3 | |
| fi | |
| pubkey=/tmp/$user.$RANDOM.pub | |
| echo "Getting the key for $user" | |
| # Grab the last key because they added it last | |
| wget https://github.com/$user.keys --quiet -qO- | tail -n 1 > $pubkey #-O $pubkey | |
| #wget github.com/$user.keys --quiet -qO- | head -n 1 > $pubkey #-O $pubkey | |
| # Need a pem file, so we convert it | |
| echo "Converting public key to a PEM PKCS8 public key" | |
| ssh-keygen -f $pubkey -e -m PKCS8 > $pubkey.pem | |
| if [[ $? != 0 ]]; then | |
| print "Since there was an error creating the public key, we'll exit" | |
| exit 1 | |
| fi | |
| echo "Encrypting message" | |
| openssl rsautl -encrypt -pubin -inkey $pubkey.pem -ssl -in $infile -out $outfile | |
| if [[ $? != 0 ]]; then | |
| print "OpenSSL failed. No encrypting your message." | |
| exit 1 | |
| fi | |
| echo "All done, cleaning up!" | |
| # Clean up | |
| rm $pubkey | |
| rm $pubkey.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A version of this that can encrypt large input and has some more convenience glue is here: https://github.com/jschauma/jass http://www.netmeister.org/blog/jass.html
Note that on OS X Mavericks this fails to encrypt, since ssh-keygen(1) there can't convert the RSA key to PKCS8. Something in their OSSLShim. You'd have to install another vanilla version of OpenSSH there.