commit 3046cf20b0f11c0f0dfaf35658d302dad7d6bbba
Author: lash <dev@holbrook.no>
Date: Tue, 11 Jan 2022 12:48:48 +0000
Initial commit
Diffstat:
| A | clortho.sh | | | 68 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | readme.txt | | | 9 | +++++++++ |
2 files changed, 77 insertions(+), 0 deletions(-)
diff --git a/clortho.sh b/clortho.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# this is a very unsafe prototype. use with care.
+
+mode="get"
+kp=$1
+vp=
+
+if [ -z "$kp" ]; then
+ >&2 echo "usage: clortho <key> [value]"
+ exit 1;
+fi
+
+if [ ! -z "$2" ]; then
+ mode="set"
+ vp=$2
+fi
+
+
+set -e
+cryptbin=$(which ccrypt)
+data_dir=${CLORTHO_DATADIR:-~/.local/share/clortho}
+data_dir=$(realpath $data_dir)
+mkdir -vp $data_dir
+set +e
+
+
+passphrase=${CLORTHO_PASSPHRASE:-$PASSPHRASE}
+if [ -z "$passphrase" ]; then
+ stty -echo
+ echo -n "?> "
+ read passphrase
+ echo
+ stty echo
+fi
+
+
+set +a
+export CLORTHO_PASSPHRASE=$passphrase
+
+t=$(mktemp)
+
+hash_key() {
+ ktt=$(mktemp)
+ kt=$(mktemp)
+ chmod 200 $kt
+ echo $CLORTHO_PASSPHRASE > $kt
+ chmod 600 $kt
+ kc=$(sha512sum $kt | awk '{print $1;}' > $ktt)
+ shred $kt
+ echo $kp >> $ktt
+ kc=$(sha512sum $ktt | awk '{print $1;}')
+}
+
+do_set_ccrypt() {
+ vc=$(echo -n $vp | ccrypt -E CLORTHO_PASSPHRASE)
+ hash_key
+ echo -n $vc > $data_dir/$kc
+}
+
+do_get_ccrypt() {
+ hash_key
+ vp=$(ccrypt -E CLORTHO_PASSPHRASE -c $data_dir/$kc)
+ echo $vp
+}
+set -a
+
+do_${mode}_$(basename ${cryptbin})
diff --git a/readme.txt b/readme.txt
@@ -0,0 +1,9 @@
+Clortho is a bash prototype for a tool that will be written in Rust.
+
+It is a key/values store, where both the key and value are obfuscated.
+
+The key is stored as sha256 of passphrase || key.
+
+The value is symmetrically encrypted with passphrase. (the bash prototype uses ccrypt)
+
+This script it NOT SAFE for production use because it leaks password to process lists and tmpfs while executing. However, the key/value pairs, once produced, are safe to store.
