free
/
freedombone
Suivre 1
Favoriser 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
5392 Révisions
5 Branches
Aborescence: ebf91c686d
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'ebf91c686d'
${ noResults }
freedombone/src/freedombone-pass

freedombone-pass 4.4KB
Historique Brut

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # It's useful to be able to store user passwords, but not a good

  12. # idea to do that in plain text. This implements a simple password

  13. # store. It gpg symmetric encrypts passwords using the backups

  14. # private key as the passphrase.

  15. #

  16. # In order for an adversary to obtain the passwords they must have

  17. # the backups GPG key, which is not obtainable from local or remote

  18. # backups and can only happen if they get root access to the system

  19. # (in which case it's game over anyhow) or if they can decrypt

  20. # a master keydrive or obtain sufficient keydrive fragments.

  21. #

  22. # License

  23. # =======

  24. #

  25. # Copyright (C) 2016 Bob Mottram <bob@freedombone.net>

  26. #

  27. # This program is free software: you can redistribute it and/or modify

  28. # it under the terms of the GNU Affero General Public License as published by

  29. # the Free Software Foundation, either version 3 of the License, or

  30. # (at your option) any later version.

  31. #

  32. # This program is distributed in the hope that it will be useful,

  33. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  34. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  35. # GNU Affero General Public License for more details.

  36. #

  37. # You should have received a copy of the GNU Affero General Public License

  38. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  39. 

  40. PROJECT_NAME='freedombone'

  41. 

  42. export TEXTDOMAIN=${PROJECT_NAME}-pass

  43. export TEXTDOMAINDIR="/usr/share/locale"

  44. 

  45. MY_BACKUP_KEY_ID=

  46. CURR_USERNAME=

  47. CURR_APP=

  48. CURR_PASSWORD=""

  49. 

  50. function get_backup_key_id {

  51.     MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | \

  52.                            grep 'pub ' | awk -F ' ' '{print $2}' | \

  53.                            awk -F '/' '{print $2}')

  54.     if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then

  55.         echo $"gpg backup key was not found"

  56.         return 58213

  57.     fi

  58. }

  59. 

  60. function pass_show_help {

  61.     echo ''

  62.     echo $"${PROJECT_NAME}-pass"

  63.     echo ''

  64.     echo $'Password store using gpg'

  65.     echo ''

  66.     echo $'  -h --help                        Show help'

  67.     echo $'  -u --user [name]                 Username'

  68.     echo $'  -a --app [name]                  Name of the application'

  69.     echo $'  -p --pass [password]             The password to store'

  70.     echo ''

  71.     echo $'To encrypt a password:'

  72.     echo ''

  73.     echo $"  ${PROJECT_NAME}-pass -u [username] -a [app] -p [password]"

  74.     echo ''

  75.     echo $'To retrieve a password:'

  76.     echo $''

  77.     echo $"  ${PROJECT_NAME}-pass -u [username] -a [app]"

  78.     echo ''

  79.     exit 0

  80. }

  81. 

  82. function pad_string {

  83.     echo -n -e "$1" | sed -e :a -e 's/^.\{1,128\}$/& /;ta'

  84. }

  85. 

  86. while [[ $# > 1 ]]

  87. do

  88.     key="$1"

  89. 

  90.     case $key in

  91.         -h|--help)

  92.             pass_show_help

  93.             ;;

  94.         -u|--user|--username)

  95.             shift

  96.             CURR_USERNAME="${1}"

  97.             ;;

  98.         -a|--app|--application)

  99.             shift

  100.             CURR_APP="${1}"

  101.             ;;

  102.         -p|--pass|--password|--passphrase)

  103.             shift

  104.             CURR_PASSWORD="${1}"

  105.             ;;

  106.         *)

  107.             # unknown option

  108.             ;;

  109.     esac

  110.     shift

  111. done

  112. 

  113. get_backup_key_id

  114. 

  115. # Use the backups private key as a symmetric passphrase

  116. MASTER_PASSWORD=$(gpg -q --armor --export-secret-key $MY_BACKUP_KEY_ID)

  117. 

  118. if [ ! $CURR_USERNAME ]; then

  119.     echo $'No username given'

  120.     exit 1

  121. fi

  122. 

  123. if [ ! -d /home/$CURR_USERNAME ]; then

  124.     echo $"User $CURR_USERNAME does not exist"

  125.     exit 2

  126. fi

  127. 

  128. if [ ! $CURR_APP ]; then

  129.     echo $'No app name given'

  130.     exit 3

  131. fi

  132. 

  133. if [ ${#CURR_PASSWORD} -eq 0 ]; then

  134.     # retrieve password

  135.     if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then

  136.         echo ""

  137.         exit 4

  138.     else

  139.         pass=$(gpg -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)

  140.         echo "${pass}" | xargs

  141.     fi

  142. else

  143.     # store password

  144.     if [ ! -d ~/.passwords/$CURR_USERNAME ]; then

  145.         mkdir -p ~/.passwords/$CURR_USERNAME

  146.     fi

  147.     # padding helps to ensure than nothing can be learned from the length of the cyphertext

  148.     pad_string "${CURR_PASSWORD}" | gpg -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP

  149.     if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then

  150.         exit 5

  151.     fi

  152. fi

  153. 

  154. exit 0