ssh_rsa_encrypt and ssh_rsa_decrypt implemented

4fbbbaa9 · Michał 'rysiek' Woźniak · 41857414 · 4fbbbaa9
Commit 4fbbbaa9 authored Feb 10, 2017 by Michał 'rysiek' Woźniak
Hide whitespace changes
Inline Side-by-side

Showing with 60 additions and 0 deletions

utils.sh utils.sh +60 -0

No files found.
--- a/utils.sh
+++ b/utils.sh
@@ -545,3 +545,63 @@ function dump_elasticsearch_dbs {
    echo "        +-- done..."
 }
 export -f dump_elasticsearch_dbs
+
+#
+# encrypt data from stdin to stdout using an SSH RSA pubkey
+# ECDSA and Ed25519 keys are not supported, sadly
+# 
+# $1 - path to the SSH RSA key to use (optional, by default /etc/ssh/ssh_host_rsa_key.pub is used)
+# 
+# based on:
+# https://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text/576558#576558
+function ssh_rsa_encrypt {
+    
+    # default
+    PUBKEY="/etc/ssh/ssh_host_rsa_key.pub"
+    
+    # let's check if we have a $1
+    [ "$1" != "" ] && PUBKEY="$1"
+    
+    # reality checks -- does the file exist, is it a file, is it readable
+    [ -e "$PUBKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PUBKEY' does not exist." && return 1 )
+    [ -r "$PUBKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PUBKEY' is not readable to this user." && return 2 )
+    
+    # temporary file for the pubkey in OpenSSL-compatible PEM format
+    PUBKEY_PEM="$( mktemp )"
+    
+    # generate the OpenSSL-compatible PEM key
+    ssh-keygen -f "$PUBKEY" -e -m PKCS8 > "$PUBKEY_PEM"
+    
+    # decrypt from stdin to stdout
+    openssl pkeyutl -encrypt -pubin -inkey "$PUBKEY_PEM"
+}
+export -f ssh_rsa_encrypt
+
+
+#
+# decrypt data from stdin to stdout using an SSH RSA private key
+# ECDSA and Ed25519 keys are not supported, sadly
+# 
+# $1 - path to the SSH RSA private key to use (optional, by default /etc/ssh/ssh_host_rsa_key is used)
+# 
+# Caveat: the key file has to be readable to the user running the command (duh!); also,
+#         password-protected SSH RSA private keys are not supported at this time
+# 
+# based on:
+# https://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text/576558#576558
+function ssh_rsa_decrypt {
+    
+    # default
+    PRIVKEY="/etc/ssh/ssh_host_rsa_key"
+    
+    # let's check if we have a $1
+    [ "$1" != "" ] && PRIVKEY="$1"
+    
+    # reality checks -- does the file exist, is it a file, is it readable
+    [ -e "$PRIVKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PRIVKEY' does not exist." && return 1 )
+    [ -r "$PRIVKEY" ] || (>&2 display_error "The specified SSH RSA public key '$PRIVKEY' is not readable to this user." && return 2 )
+
+    # decrypt from stdin to stdout
+    openssl pkeyutl -decrypt -inkey "$PRIVKEY"
+}
+export -f ssh_rsa_decrypt
\ No newline at end of file