]> git.scottworley.com Git - overonion/blobdiff - overonion-make-key
projects / overonion / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
keyline() and keyfield() operations
[overonion] / overonion-make-key
diff --git a/overonion-make-key b/overonion-make-key
index b909d97ff5d24ea6f5c555329f2a8601742df9ef..0ff97760d6c12186231680f8b9434bec6cab76df 100755 (executable)
--- a/overonion-make-key
+++ b/overonion-make-key
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+key_size=99
+hash_salt_size=63
+
 ciphers=(
   bf-cbc bf-cfb bf-ecb bf-ofb
   cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
@@ -14,22 +17,51 @@ ciphers=(
   aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
   aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb
 )
+hashes=(
+  sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1
+)
 
 umask 077
 
+random_source="/dev/random"
+if [[ "$1" == '--make_INSECURE_key' ]];then
+  shift
+  random_source="/dev/urandom"
+fi
+
 if (( $# != 1));then
-  echo "usage: overonion-make-key keyfile"
+  echo "usage: overonion-make-key keyfile" >&2
   exit 1
 fi
 keyfile=$1
 if [[ -e "$keyfile" ]];then
-  echo "That keyfile already exists.  I refuse to overwrite it."
+  echo "That keyfile already exists.  I refuse to overwrite it." >&2
   exit 1
 fi
 
-i=0
-while read -r cipher;do
-  echo -n $'\r'"Generating key $((++i))/${#ciphers[*]}"
-  cat >> "$keyfile" <<< "$cipher $(head -c 99 /dev/random | base64 --wrap=0 )"
-done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
-echo
+keys_needed=$((${#ciphers[*]} * 2 + ${#hashes[*]} * 4))
+keys_generated=0
+
+function generate_keys() {
+  while read -r cipher;do
+    echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed " >&2
+    echo "openssl-enc $cipher $(head -c "$key_size" "$random_source" | base64 --wrap=0 )"
+  done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
+}
+
+function generate_hashes() {
+  while read -r hash;do
+    echo -n $'\r'"Generating salt $((keys_generated += 2))/$keys_needed" >&2
+    echo "openssl-dgst $hash $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 ) $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 )"
+  done < <( IFS=$'\n'; shuf <<< "${hashes[*]}"; )
+}
+
+{
+  generate_hashes
+  generate_keys
+  echo "reverse"
+  generate_keys
+  generate_hashes
+} > "$keyfile"
+
+echo 2>&1
Silly encryption