KTAB Open Repository

diff --git a/iron/bin/Makefile.am b/iron/bin/Makefile.am
index 8df7d5c639597573d95cddb91286e80dc2843ce6..381749ce9d5553812dd7786cbfad30c3cd961da7 100644
--- a/iron/bin/Makefile.am
+++ b/iron/bin/Makefile.am
@@ -1 +1 @@
-dist_bin_SCRIPTS = iron
+dist_bin_SCRIPTS = iron ironcrypt drawer




diff --git a/iron/bin/drawer b/iron/bin/drawer
new file mode 100755
index 0000000000000000000000000000000000000000..7da95e198fd3d46e3ac47f73606568651942d04f
--- /dev/null
+++ b/iron/bin/drawer
@@ -0,0 +1,99 @@
+#! /bin/bash
+
+CFG_FILE=$HOME/.ironcrypt.cfg
+test -f $CFG_FILE && source $CFG_FILE
+
+IRONCRYPT_EXE="ironcrypt"
+STORAGE_DIR=$HOME/.secrets
+
+test -d ${STORAGE_DIR} || mkdir -p ${STORAGE_DIR}
+
+function secret_keep_interactive()
+{
+  KEY=$1
+  HASHKEY=$(echo $KEY | sha1sum | awk '{print $1}')
+  test -f "$STORAGE_DIR/${HASHKEY}" && echo "Secret exists"
+  test -f "$STORAGE_DIR/${HASHKEY}" && exit 1
+  echo "Enter secret"
+  read secret
+  echo "$secret" > "$STORAGE_DIR/${HASHKEY}"
+  ${IRONCRYPT_EXE} -e $STORAGE_DIR/${HASHKEY}
+}
+
+function secret_keep()
+{
+  KEY=$1
+  secret=$2
+  HASHKEY=$(echo $KEY | sha1sum | awk '{print $1}')
+  test -f "$STORAGE_DIR/${HASHKEY}" && echo "Secret exists"
+  test -f "$STORAGE_DIR/${HASHKEY}" && exit 1
+  echo "$secret" > "$STORAGE_DIR/${HASHKEY}"
+  ${IRONCRYPT_EXE} -e $STORAGE_DIR/${HASHKEY}
+}
+
+function secret_tell()
+{
+  KEY=$1
+  HASHKEY=$(echo $KEY | sha1sum | awk '{print $1}')
+  test -f $STORAGE_DIR/${HASHKEY}.enc || echo "Secret missing"
+  test -f $STORAGE_DIR/${HASHKEY}.enc || exit 1
+  ${IRONCRYPT_EXE} -d $STORAGE_DIR/${HASHKEY}.enc
+  secret="$(cat $STORAGE_DIR/${HASHKEY})"
+  echo "${secret}"
+  rm $STORAGE_DIR/${HASHKEY}
+}
+
+function drawer_usage()
+{
+  prog_name=$(basename $0)
+  echo "$prog_name <-l|-u|-w|-e> <name>"
+  echo ""
+  echo "$prog_name -l <name>       : lock secret <name>"
+  echo "$prog_name -u <name>       : unlock secret <name>"
+  echo "$prog_name -w <name><dest> : write secret <name> to <dest>"
+  echo "$prog_name -r <name><file> : read secret <name> from <file> - delete <file>"
+  echo "$prog_name -e <name><env>  : export secret <name> to var <env>"
+}
+
+
+# MAIN
+
+if [ "$#" = 1 ]; then
+  drawer_usage
+  exit 1
+fi
+
+if [ "$#" = 2 ]; then
+  opt=$1
+  argvalue=$2
+fi
+
+if [ "$#" = 3 ]; then
+  opt=$1
+  argvalue=$2
+  envvar=$3
+fi
+
+if [ "$opt" == "-e" ]; then
+  secret=$(secret_tell $argvalue)
+  export $envvar=${secret}
+  exit 0
+  elif [ "$opt" == "-u" ]; then
+  secret_tell $argvalue
+  exit 0
+  elif [ "$opt" == "-l" ]; then
+  secret_keep_interactive $argvalue
+  exit 0
+  elif [ "$opt" == "-w" ]; then
+  secret=$(secret_tell $argvalue)
+  echo ${secret} > $envvar
+  exit 0
+  elif [ "$opt" == "-r" ]; then
+  secret=$(cat $envvar)
+  secret_keep $argvalue $secret
+  exit 0
+else
+  drawer_usage
+  exit 1
+fi
+drawer_usage




diff --git a/iron/bin/ironcrypt b/iron/bin/ironcrypt
new file mode 100755
index 0000000000000000000000000000000000000000..e2d8f6fb51a3175091269f29bf827e8c98ec844d
--- /dev/null
+++ b/iron/bin/ironcrypt
@@ -0,0 +1,122 @@
+#! /bin/bash
+
+CFG_FILE=$HOME/.ironcrypt.cfg
+test -f $CFG_FILE && source $CFG_FILE
+
+# Convention over configuration
+SECURE_CA_HOME=${SECURE_HOME}/CA
+CA_CERTIFICATE=${SECURE_CA_HOME}/ca.crt
+CERTIFICATE=${SECURE_HOME}/${SECURE_SERVICE}/certs/${SECURE_CLIENT}/${SECURE_CLIENT}.crt
+PRIVATE_KEY=${SECURE_HOME}/${SECURE_SERVICE}/certs/${SECURE_CLIENT}/${SECURE_CLIENT}.key
+
+test -f ${CA_CERTIFICATE} || echo "Missing CA file: ${CA_CERTIFICATE}"
+test -f ${CERTIFICATE} || echo "Missing Certificate file: ${CERTIFICATE}"
+test -f ${PRIVATE_KEY} || echo "Missing Private KEY file: ${PRIVATE_KEY}"
+
+function write_empty_config()
+{
+  echo "SECURE_HOME=">> $CFG_FILE
+  echo "SECURE_SERVICE=">> $CFG_FILE
+  echo "SECURE_CLIENT=">> $CFG_FILE
+  echo "Edit config file: [$CFG_FILE]"
+}
+
+function test_config()
+{
+  test -f $CFG_FILE || write_empty_config
+}
+
+function ironcrypt_check()
+{
+  SOURCE_FILE=$1
+  DEST_FILE=$SOURCE_FILE.sig
+  openssl smime -verify \
+  -inform DER \
+  -content $SOURCE_FILE\
+  -in $DEST_FILE \
+  > /dev/null
+}
+
+function ironcrypt_decrypt()
+{
+  SOURCE_FILE=$1
+  ORIG_NAME=$(echo $1 | sed -e s/.enc//)
+  test -f $ORIG_NAME && echo "file [$ORIG_NAME] exist - cannot overwrite";
+  test -f $ORIG_NAME && exit 1
+  openssl smime -decrypt -binary -in $SOURCE_FILE\
+  -inform DER -out $ORIG_NAME \
+  -inkey $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.key\
+  #-passin pass:yourpass
+}
+
+function ironcrypt_encrypt()
+{
+  SOURCE_FILE=$1
+  #FILENAME_OUT=$(sha1sum $SOURCE_FILE)
+  FILENAME_OUT=$SOURCE_FILE.enc
+  test -f $FILENAME_OUT && echo "file [$FILENAME_OUT] exist  - cannot overwrite";
+  test -f $FILENAME_OUT && exit 1
+  openssl smime -encrypt -binary -aes-256-cbc\
+  -in $SOURCE_FILE\
+  -out $FILENAME_OUT\
+  -outform DER\
+  $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.crt
+  test -f $1.enc && rm $1
+}
+
+function ironcrypt_sign()
+{
+  SOURCE_FILE=$1
+  SIGNATURE_FILE=$SOURCE_FILE.sig
+  test -f $SIGNATURE_FILE && echo "file [$SIGNATURE_FILE] exist  - cannot overwrite";
+  test -f $SIGNATURE_FILE && exit 1
+  openssl smime -sign -binary \
+  -in $SOURCE_FILE\
+  -out $SIGNATURE_FILE\
+  -outform DER\
+  -inkey  $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.key\
+  -signer  $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.crt
+}
+
+function ironcrypt_usage()
+{
+  prog_name=$(basename $0)
+  echo "$prog_name <-e|-d|-s|-c> <name>"
+  echo ""
+  echo "$prog_name -e <name> : encrypt <name>"
+  echo "$prog_name -d <name> : decrypt <name>"
+  echo "$prog_name -s <name> : sign <name>"
+  echo "$prog_name -c <name> : check <name>.sign signature"
+}
+
+# MAIN
+test_config
+
+if [ "$#" == 1 ]; then
+  ironcrypt_usage
+  exit 1
+fi
+
+if [ "$#" == 2 ]; then
+  opt=$1
+  argvalue=$2
+  if [ "$opt" == "-e" ]; then
+    ironcrypt_encrypt $argvalue
+    exit 0
+    elif [ "$opt" == "-d" ]; then
+    ironcrypt_decrypt $argvalue
+    exit 0
+    elif [ "$opt" == "-s" ]; then
+    ironcrypt_sign $argvalue
+    exit 0
+    elif [ "$opt" == "-c" ]; then
+    ironcrypt_check $argvalue
+    exit 0
+  else
+    ironcrypt_usage
+    exit 1
+  fi
+else
+  ironcrypt_usage
+  exit 1
+fi
iron.git

commit 53b55859ab20443eed195bfcf762a6047b9b292d
