Commit 4fbbbaa9 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

ssh_rsa_encrypt and ssh_rsa_decrypt implemented

parent 41857414
......@@ -545,3 +545,63 @@ function dump_elasticsearch_dbs {
echo " +-- done..."
}
export -f dump_elasticsearch_dbs
#
# encrypt data from stdin to stdout using an SSH RSA pubkey
# ECDSA and Ed25519 keys are not supported, sadly
#
# $1 - path to the SSH RSA key to use (optional, by default /etc/ssh/ssh_host_rsa_key.pub is used)
#
# based on:
# https://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text/576558#576558
function ssh_rsa_encrypt {
# default
PUBKEY="/etc/ssh/ssh_host_rsa_key.pub"
# let's check if we have a $1
[ "$1" != "" ] && PUBKEY="$1"
# reality checks -- does the file exist, is it a file, is it readable
[ -e "$PUBKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PUBKEY' does not exist." && return 1 )
[ -r "$PUBKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PUBKEY' is not readable to this user." && return 2 )
# temporary file for the pubkey in OpenSSL-compatible PEM format
PUBKEY_PEM="$( mktemp )"
# generate the OpenSSL-compatible PEM key
ssh-keygen -f "$PUBKEY" -e -m PKCS8 > "$PUBKEY_PEM"
# decrypt from stdin to stdout
openssl pkeyutl -encrypt -pubin -inkey "$PUBKEY_PEM"
}
export -f ssh_rsa_encrypt
#
# decrypt data from stdin to stdout using an SSH RSA private key
# ECDSA and Ed25519 keys are not supported, sadly
#
# $1 - path to the SSH RSA private key to use (optional, by default /etc/ssh/ssh_host_rsa_key is used)
#
# Caveat: the key file has to be readable to the user running the command (duh!); also,
# password-protected SSH RSA private keys are not supported at this time
#
# based on:
# https://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text/576558#576558
function ssh_rsa_decrypt {
# default
PRIVKEY="/etc/ssh/ssh_host_rsa_key"
# let's check if we have a $1
[ "$1" != "" ] && PRIVKEY="$1"
# reality checks -- does the file exist, is it a file, is it readable
[ -e "$PRIVKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PRIVKEY' does not exist." && return 1 )
[ -r "$PRIVKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PRIVKEY' is not readable to this user." && return 2 )
# decrypt from stdin to stdout
openssl pkeyutl -decrypt -inkey "$PRIVKEY"
}
export -f ssh_rsa_decrypt
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment