]> git.scottworley.com Git - overonion/blame - overonion-make-key
Refuse to re-use keys
[overonion] / overonion-make-key
CommitLineData
c5ab018d
SW
1#!/bin/bash
2
61aa2da8 3key_size=99
a4f74913 4hash_salt_size=63
61aa2da8 5
c5ab018d
SW
6ciphers=(
7 bf-cbc bf-cfb bf-ecb bf-ofb
8 cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
9 des-cbc des-cfb des-ofb des-ecb
10 des-ede-cbc des-ede des-ede-cfb des-ede-ofb
11 des-ede3-cbc des-ede3 des-ede3-cfb des-ede3-ofb
12 idea-cbc idea-cfb idea-ecb idea-ofb
13 rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc2-64-cbc rc2-40-cbc
14 rc4 rc4-40
15 rc5-cbc rc5-cfb rc5-ecb rc5-ofb
16 aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 aes-128-ecb aes-128-ofb
17 aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
18 aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb
19)
f5a8e270
SW
20hashes=(
21 sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1
22)
c5ab018d
SW
23
24umask 077
25
b88d75ad
SW
26random_source="/dev/random"
27if [[ "$1" == '--make_INSECURE_key' ]];then
28 shift
29 random_source="/dev/urandom"
30fi
31
c5ab018d 32if (( $# != 1));then
291948a5 33 echo "usage: overonion-make-key keyfile" >&2
c5ab018d
SW
34 exit 1
35fi
36keyfile=$1
37if [[ -e "$keyfile" ]];then
291948a5 38 echo "That keyfile already exists. I refuse to overwrite it." >&2
c5ab018d
SW
39 exit 1
40fi
41
a4f74913 42keys_needed=$((${#ciphers[*]} * 2 + ${#hashes[*]} * 4))
5ed90197
SW
43keys_generated=0
44
45function generate_keys() {
46 while read -r cipher;do
a4f74913 47 echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed " >&2
61aa2da8 48 echo "openssl-enc $cipher $(head -c "$key_size" "$random_source" | base64 --wrap=0 )"
5ed90197
SW
49 done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
50}
51
f5a8e270
SW
52function generate_hashes() {
53 while read -r hash;do
a4f74913
SW
54 echo -n $'\r'"Generating salt $((keys_generated += 2))/$keys_needed" >&2
55 echo "openssl-dgst $hash $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 ) $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 )"
f5a8e270
SW
56 done < <( IFS=$'\n'; shuf <<< "${hashes[*]}"; )
57}
58
5ed90197 59{
f5a8e270 60 generate_hashes
5ed90197
SW
61 generate_keys
62 echo "reverse"
63 generate_keys
f5a8e270 64 generate_hashes
5ed90197
SW
65} > "$keyfile"
66
67echo 2>&1