Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
libre
utils
Commits
4fbbbaa9
Commit
4fbbbaa9
authored
Feb 10, 2017
by
Michał 'rysiek' Woźniak
Browse files
ssh_rsa_encrypt and ssh_rsa_decrypt implemented
parent
41857414
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
60 additions
and
0 deletions
+60
-0
utils.sh
utils.sh
+60
-0
No files found.
utils.sh
View file @
4fbbbaa9
...
...
@@ -545,3 +545,63 @@ function dump_elasticsearch_dbs {
echo
" +-- done..."
}
export
-f
dump_elasticsearch_dbs
#
# encrypt data from stdin to stdout using an SSH RSA pubkey
# ECDSA and Ed25519 keys are not supported, sadly
#
# $1 - path to the SSH RSA key to use (optional, by default /etc/ssh/ssh_host_rsa_key.pub is used)
#
# based on:
# https://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text/576558#576558
function
ssh_rsa_encrypt
{
# default
PUBKEY
=
"/etc/ssh/ssh_host_rsa_key.pub"
# let's check if we have a $1
[
"
$1
"
!=
""
]
&&
PUBKEY
=
"
$1
"
# reality checks -- does the file exist, is it a file, is it readable
[
-e
"
$PUBKEY
"
]
||
(>
&2 display_error
"The specified SSH RSA public key '
$PUBKEY
' does not exist."
&&
return
1
)
[
-r
"
$PUBKEY
"
]
||
(>
&2 display_error
"The specified SSH RSA public key '
$PUBKEY
' is not readable to this user."
&&
return
2
)
# temporary file for the pubkey in OpenSSL-compatible PEM format
PUBKEY_PEM
=
"
$(
mktemp
)
"
# generate the OpenSSL-compatible PEM key
ssh-keygen
-f
"
$PUBKEY
"
-e
-m
PKCS8
>
"
$PUBKEY_PEM
"
# decrypt from stdin to stdout
openssl pkeyutl
-encrypt
-pubin
-inkey
"
$PUBKEY_PEM
"
}
export
-f
ssh_rsa_encrypt
#
# decrypt data from stdin to stdout using an SSH RSA private key
# ECDSA and Ed25519 keys are not supported, sadly
#
# $1 - path to the SSH RSA private key to use (optional, by default /etc/ssh/ssh_host_rsa_key is used)
#
# Caveat: the key file has to be readable to the user running the command (duh!); also,
# password-protected SSH RSA private keys are not supported at this time
#
# based on:
# https://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text/576558#576558
function
ssh_rsa_decrypt
{
# default
PRIVKEY
=
"/etc/ssh/ssh_host_rsa_key"
# let's check if we have a $1
[
"
$1
"
!=
""
]
&&
PRIVKEY
=
"
$1
"
# reality checks -- does the file exist, is it a file, is it readable
[
-e
"
$PRIVKEY
"
]
||
(>
&2 display_error
"The specified SSH RSA public key '
$PRIVKEY
' does not exist."
&&
return
1
)
[
-r
"
$PRIVKEY
"
]
||
(>
&2 display_error
"The specified SSH RSA public key '
$PRIVKEY
' is not readable to this user."
&&
return
2
)
# decrypt from stdin to stdout
openssl pkeyutl
-decrypt
-inkey
"
$PRIVKEY
"
}
export
-f
ssh_rsa_decrypt
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment