Created
February 10, 2020 09:56
-
-
Save svenk/75ba9f81e508ac2c9898613c8916e935 to your computer and use it in GitHub Desktop.
Share secrets public over the web
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Enforce HTTPS | |
if($_SERVER["HTTPS"] != "on") { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit(); } | |
?> | |
<!doctype html> | |
<html> | |
<meta charset="utf-8"> | |
<meta name="viewport" content="width=device-width,initial-scale=1"> | |
<body style="padding:5%; font-family: sans-serif"> | |
<h1>Some secret</h1> | |
<pre> | |
Some public information | |
<img src="/src/img/silk.iconset/lock.png"> Online-Banking Zugangsdaten: | |
<?php | |
$form = '<form method="post"> <em>Entschlüsselungs-Passwort:</em> <input type="password" name="pwd"> <button type="submit">Zugangsdaten anzeigen</button></form>'; | |
if($_SERVER["REQUEST_METHOD"]!="POST") | |
echo $form; | |
else { | |
$zugang = decrypt_to_memory("not-neccessarily-secret-filename.txt.crypt", $_POST["pwd"]); | |
if($zugang) { | |
echo "<div style='background-color: #b4f6b4; padding: 2em'> Actual secret:"; | |
echo base64_decode($zugang); | |
echo "<p>Can even share an image this way"; | |
$itan = decrypt_to_memory("not-so-secret-image.png.crypt", $_POST["pwd"]); | |
$uri = "data:imgage/png;base64,".$itan; | |
echo "<img src='$uri' style='max-width: 60em;'>"; | |
echo "</div>"; | |
} else { | |
echo "<div style='background-color: #f6b4b4; padding: 2em'>"; | |
echo "Falsches Passwort</div>"; | |
echo $form; | |
} | |
} | |
?> | |
Another public information | |
</pre> | |
<?php | |
function decrypt_to_memory($file, $pwd) { | |
/** | |
* Runs openssl enc -d and returns a base64 representation of the | |
* decrypted data. --SvenK, 2019-04-24 | |
**/ | |
$pwd_file = tempnam("/tmp", "openssl-pwd"); | |
file_put_contents($pwd_file, $pwd); | |
$cipher = "-blowfish -md sha256 -salt"; | |
// different versions of openssl require different arguments of | |
// passing passwords, cf. https://superuser.com/a/724987 | |
$pass = "-pass file:$pwd_file"; | |
$cmd = "openssl enc $cipher $pass -a -d -in $file"; | |
// passing binary from PHP's exec() doesn't work well, therefore don't do | |
// base64_encode(implode($output)) but pipe openssl output to base64 and | |
// maintain the exit code (shell specific) | |
$base64_encode_cmd = "nice bash -c 'set -o pipefail; $cmd 2>/dev/null | base64'"; | |
exec($base64_encode_cmd, $output, $retval); | |
unlink($pwd_file); | |
return ($retval == 0) ? implode($output) : False; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Minimal working example of using openssl to encrypt and decrypt | |
# files --SvenK, 2019-04-24 | |
SECRET_FILE="$1" | |
ENCRYPTED_OUTPUT="$1.crypt" | |
DECRYPT_CHECK="$1.decrypt" | |
CIPHER="-blowfish -md sha256 -salt" | |
#CIPHER="-aes-256-cbc -salt" | |
echo 1. Encrypt a file with a password | |
echo ================================= | |
echo | |
openssl enc $CIPHER -base64 -in $SECRET_FILE -out $ENCRYPTED_OUTPUT | |
echo | |
echo 2. Decrypt it again | |
echo =================== | |
echo | |
openssl enc $CIPHER -a -d -in $ENCRYPTED_OUTPUT -out $DECRYPT_CHECK | |
echo 3. Test wether it worked | |
echo ======================== | |
diff -qs $SECRET_FILE $DECRYPT_CHECK | |
echo "Remember there is still the secret file $SECRET_FILE" | |
echo "Remember there is still the secret file $DECRYPT_CHECK" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment