clortho

commit 2442a0eeb6436f0db82134ddc377b7170f599e99
parent b87d6ceee6ebc1f5327def27d7e7d35f6b248a7d
Author: lash <dev@holbrook.no>
Date:   Mon, 31 Jan 2022 01:40:17 +0000

Remove unsafe environment passphrase

Diffstat:
A
LICENSE
 | 
14
++++++++++++++
A
VERSION
 | 
1
+
M
clortho.sh
 | 
28
++++++++++++++--------------

3 files changed, 29 insertions(+), 14 deletions(-)
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,14 @@
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.
+
diff --git a/VERSION b/VERSION
@@ -0,0 +1 @@
+0.0.2
diff --git a/clortho.sh b/clortho.sh
@@ -24,15 +24,14 @@ data_dir=$(realpath $data_dir)
 mkdir -vp $data_dir
 set +e
 
-passphrase=$CLORTHO_PASSPHRASE
-
-if [ -z "$passphrase" ]; then
-	if [ -f ~/.clortho ]; then
-		read passphrase < ~/.clortho
-	fi
+passfile=${CLORTHO_KEYFILE}
+if [ -z "$passfile" ]; then
+	passfile="$HOME/.clortho" 
 fi
 
-if [ -z "$passphrase" ]; then
+if [ -f "$passfile" ]; then
+	read passphrase < "$passfile"
+else
 	stty -echo
 	echo -n "passphrase: "
 	read passphrase
@@ -41,16 +40,13 @@ if [ -z "$passphrase" ]; then
 fi
 
 
-set +a
-export CLORTHO_PASSPHRASE=$passphrase
-
 t=$(mktemp)
 
 hash_key() {
 	ktt=$(mktemp)
 	kt=$(mktemp)
 	chmod 200 $kt
-	echo $CLORTHO_PASSPHRASE > $kt
+	echo $passphrase > $kt
 	chmod 600 $kt
 	kc=$(sha512sum $kt | awk '{print $1;}' > $ktt)
 	shred $kt
@@ -59,19 +55,23 @@ hash_key() {
 }
 
 do_set_ccrypt() {
-	vc=$(echo -n $vp | ccrypt -E CLORTHO_PASSPHRASE)
+	vc=$(echo -n $vp | ccrypt -k $passfile)
+	if [ "$?" -gt "0" ]; then
+		>&2 echo set key fail
+		exit 1
+	fi
 	hash_key
 	echo -n $vc > $data_dir/$kc
 }
 
 do_get_ccrypt() {
 	hash_key
-	vp=$(ccrypt -E CLORTHO_PASSPHRASE -c $data_dir/$kc 2> /dev/null)
+	#vp=$(ccrypt -k $passfile $data_dir/$kc 2> /dev/null)
+	vp=$(ccrypt -k $passfile $data_dir/$kc -c)
 	if [ "$?" -gt "0" ]; then
 		exit 1;
 	fi
 	echo $vp
 }
-set -a
 
 do_${mode}_$(basename ${cryptbin})