--- /dev/null
+#!/bin/bash
+
+if (( $# != 3));then
+ echo "usage: double-overonion e|d keyfile1 keyfile2"
+ exit 1
+fi
+mode=$1
+if [[ "$mode" != e && "$mode" != d ]];then
+ echo "Use 'e' for encrypt or 'd' for decrypt"
+ exit 1
+fi
+keyfile1=$2
+keyfile2=$3
+
+function oo() {
+ "$(dirname "$0")/overonion" "$mode" "$@"
+}
+
+if [[ "$mode" == e ]];then
+ oo "$keyfile2" | reverse | oo "$keyfile1"
+else
+ oo "$keyfile1" | reverse | oo "$keyfile2"
+fi
--- /dev/null
+#!/bin/bash
+
+if (( $# != 2));then
+ echo "usage: overonion e|d keyfile"
+ exit 1
+fi
+mode=$1
+if [[ "$mode" != e && "$mode" != d ]];then
+ echo "Use 'e' for encrypt or 'd' for decrypt"
+ exit 1
+fi
+keyfile=$2
+if [[ ! -e "$keyfile" ]];then
+ echo "Keyfile not found"
+ exit 1
+fi
+if [[ ! -r "$keyfile" ]];then
+ echo "Cannot read keyfile"
+ exit 1
+fi
+
+num_layers=$(wc -l < "$keyfile")
+if (( num_layers < 20 ));then
+ echo "Keyfile doesn't have enough layers to be an onion"
+ exit 1
+fi
+
+if [[ "$mode" == e ]];then
+ first_layer=$num_layers
+ next_layer=-1
+ openssl_decrypt=""
+else
+ first_layer=1
+ next_layer=1
+ openssl_decrypt="-d"
+fi
+
+function go() {
+ layer=$1
+ if (( layer == 0 || layer > num_layers ));then
+ cat
+ else
+ openssl enc $openssl_decrypt "-$(sed -n "${layer}s/ .*//p" "$keyfile")" \
+ -pass fd:37 37< <(sed -n "${layer}s/^[^ ]* //p" "$keyfile") |
+ go $(( layer + next_layer ))
+ fi
+}
+
+go "$first_layer"
--- /dev/null
+#!/bin/bash
+
+ciphers=(
+ bf-cbc bf-cfb bf-ecb bf-ofb
+ cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
+ des-cbc des-cfb des-ofb des-ecb
+ des-ede-cbc des-ede des-ede-cfb des-ede-ofb
+ des-ede3-cbc des-ede3 des-ede3-cfb des-ede3-ofb
+ idea-cbc idea-cfb idea-ecb idea-ofb
+ rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc2-64-cbc rc2-40-cbc
+ rc4 rc4-40
+ rc5-cbc rc5-cfb rc5-ecb rc5-ofb
+ aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 aes-128-ecb aes-128-ofb
+ aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
+ aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb
+)
+
+umask 077
+
+if (( $# != 1));then
+ echo "usage: overonion-make-key keyfile"
+ exit 1
+fi
+keyfile=$1
+if [[ -e "$keyfile" ]];then
+ echo "That keyfile already exists. I refuse to overwrite it."
+ exit 1
+fi
+
+i=0
+while read -r cipher;do
+ echo -n $'\r'"Generating key $((++i))/${#ciphers[*]}"
+ sleep 10
+ cat >> "$keyfile" <<< "$cipher $(head -c 99 /dev/random | base64 --wrap=0 )"
+done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
+echo