From: Scott Worley Date: Mon, 23 Oct 2017 03:37:11 +0000 (-0700) Subject: Refuse to re-use keys X-Git-Url: http://git.scottworley.com/overonion/commitdiff_plain/4c2e9bc99e3d371bcc04674a5015cd208d41dda3?ds=sidebyside Refuse to re-use keys --- diff --git a/overonion b/overonion index cb663fe..5eb26b6 100755 --- a/overonion +++ b/overonion @@ -29,14 +29,22 @@ if (( num_layers < 20 ));then die "Keyfile doesn't have enough layers to be an onion" fi +hash_fields=$(awk '/^openssl-dgst / { print NF }' "$keyfile" | uniq ) + if [[ "$mode" == e ]];then first_layer=$num_layers next_layer=-1 openssl_decrypt="" + if [[ "$hash_fields" != 4 ]];then + die "Refusing to encrypt with already-used key" + fi else first_layer=1 next_layer=1 openssl_decrypt="-d" + if [[ "$hash_fields" != 5 ]];then + die "Key does not appear to have been used for encryption (it has no embedded hashes). Refusing to decrypt." + fi fi function go() {