Skip to content

Instantly share code, notes, and snippets.

@svenk

svenk/index.php

Created February 10, 2020 09:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save svenk/75ba9f81e508ac2c9898613c8916e935 to your computer and use it in GitHub Desktop.
Save svenk/75ba9f81e508ac2c9898613c8916e935 to your computer and use it in GitHub Desktop.
Download ZIP
Share secrets public over the web
Raw
index.php
<?php
// Enforce HTTPS
if($_SERVER["HTTPS"] != "on") { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit(); }
?>
<!doctype html>
<html>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<body style="padding:5%; font-family: sans-serif">
<h1>Some secret</h1>
<pre>
Some public information
<img src="/src/img/silk.iconset/lock.png"> Online-Banking Zugangsdaten:
<?php
$form = '<form method="post"> <em>Entschlüsselungs-Passwort:</em> <input type="password" name="pwd"> <button type="submit">Zugangsdaten anzeigen</button></form>';
if($_SERVER["REQUEST_METHOD"]!="POST")
echo $form;
else {
$zugang = decrypt_to_memory("not-neccessarily-secret-filename.txt.crypt", $_POST["pwd"]);
if($zugang) {
echo "<div style='background-color: #b4f6b4; padding: 2em'> Actual secret:";
echo base64_decode($zugang);
echo "<p>Can even share an image this way";
$itan = decrypt_to_memory("not-so-secret-image.png.crypt", $_POST["pwd"]);
$uri = "data:imgage/png;base64,".$itan;
echo "<img src='$uri' style='max-width: 60em;'>";
echo "</div>";
} else {
echo "<div style='background-color: #f6b4b4; padding: 2em'>";
echo "Falsches Passwort</div>";
echo $form;
}
}
?>
Another public information
</pre>
<?php
function decrypt_to_memory($file, $pwd) {
/**
* Runs openssl enc -d and returns a base64 representation of the
* decrypted data. --SvenK, 2019-04-24
**/
$pwd_file = tempnam("/tmp", "openssl-pwd");
file_put_contents($pwd_file, $pwd);
$cipher = "-blowfish -md sha256 -salt";
// different versions of openssl require different arguments of
// passing passwords, cf. https://superuser.com/a/724987
$pass = "-pass file:$pwd_file";
$cmd = "openssl enc $cipher $pass -a -d -in $file";
// passing binary from PHP's exec() doesn't work well, therefore don't do
// base64_encode(implode($output)) but pipe openssl output to base64 and
// maintain the exit code (shell specific)
$base64_encode_cmd = "nice bash -c 'set -o pipefail; $cmd 2>/dev/null | base64'";
exec($base64_encode_cmd, $output, $retval);
unlink($pwd_file);
return ($retval == 0) ? implode($output) : False;
}
Raw
openssl-howto-password-encryption.sh
#!/bin/bash
# Minimal working example of using openssl to encrypt and decrypt
# files --SvenK, 2019-04-24
SECRET_FILE="$1"
ENCRYPTED_OUTPUT="$1.crypt"
DECRYPT_CHECK="$1.decrypt"
CIPHER="-blowfish -md sha256 -salt"
#CIPHER="-aes-256-cbc -salt"
echo 1. Encrypt a file with a password
echo =================================
echo
openssl enc $CIPHER -base64 -in $SECRET_FILE -out $ENCRYPTED_OUTPUT
echo
echo 2. Decrypt it again
echo ===================
echo
openssl enc $CIPHER -a -d -in $ENCRYPTED_OUTPUT -out $DECRYPT_CHECK
echo 3. Test wether it worked
echo ========================
diff -qs $SECRET_FILE $DECRYPT_CHECK
echo "Remember there is still the secret file $SECRET_FILE"
echo "Remember there is still the secret file $DECRYPT_CHECK"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment