Author: paolo <paolo@lateralus.localdomain>
export privkey + GPL license
x509crypt | 71 +++++++++++++++++++++++++++++++++++++++++++++-----------
diff --git a/x509crypt b/x509crypt index f1b4f3840f140d7052b7094f5542c432f39f3617..5bfaa29dc901ae86988ba48aa06a29f3fa294eab 100755 --- a/x509crypt +++ b/x509crypt @@ -1,6 +1,20 @@ #! /bin/bash -# Paolo Lulli 2014 +# X509crypt (x509crypt) is Copyright (C) 2014-2021 Paolo Lulli, Kevwe Technology AB +# +# This file is part of x509crypt. +# +# x509crypt is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# x509crypt is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# + CONFIG_DIR=$HOME/.x509crypt GLOBAL_CONFIG=${CONFIG_DIR}/config @@ -24,8 +38,6 @@ openssl req -batch -new -key $CONFIG_DIR/$profile/certs/$CONFIG_CERT_NAME.key \ -subj "$organization/CN=$profile"\ -out $CONFIG_DIR/$profile/certs/$CONFIG_CERT_NAME.csr - #-subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"\ - #-config $CONFIG_DIR/$profile_name/conf/$profile_name-config openssl x509 -req -days 365 -in $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.csr \ -signkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key \ @@ -35,16 +47,40 @@ export_key(){ profile_name=$1 CONFIG_CERT_NAME=${profile} + + test -f $CONFIG_CERT_NAME.key.enc && echo "ERROR: File already exist: [$CONFIG_CERT_NAME.key.enc]" + test -f $CONFIG_CERT_NAME.key.enc && exit 1; + + genpassword=$(uuidgen) + echo "----------------------------------------------------" + echo "" + echo "secret key password:[${genpassword}]" + echo "" + echo "----------------------------------------------------" + echo "" + qrencode "${genpassword}" -t UTF8 + + openssl rsa -aes256 -in $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key -out $CONFIG_CERT_NAME.key.enc -passout pass:${genpassword} +} + +#export_key(){ +# profile_name=$1 +# CONFIG_CERT_NAME=${profile} +# openssl rsa -aes256 -in $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key +#} + +export_certificate(){ + profile_name=$1 + CONFIG_CERT_NAME=${profile} cat $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt } -dump_key(){ + +dump_certificate(){ profile_name=$1 CONFIG_CERT_NAME=${profile} cat $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt | openssl x509 -text } - - setup_profile(){ echo "SETUP PROFILE" @@ -66,11 +102,13 @@ } file_encrypt(){ echo "FILE ENCRYPT: $1" - file_size=$(du -s $1 | awk -e '{print $1}') - if [ ${file_size} -gt 500000 ]; then - echo "File too big to encrypt with smime" - exit 1 - fi + file_size=$(du -s $1 | awk '{print $1}') + +# if [ ${file_size} -gt 500000 ]; then +# echo "File too big to encrypt with smime" +# exit 1 +# fi + encrypted_file=$1".enc" CONFIG_CERT_NAME=${profile_name} openssl smime -encrypt -binary -aes-256-cbc -in $1 -out $encrypted_file -outform DER $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt @@ -106,6 +144,7 @@ echo "${program} <profile> -g : Generate keys" echo "${program} <profile> -x : eXport pub key" + echo "${program} <profile> -s : export private key" echo "${program} <profile> -X : eXport pub key details" echo "${program} <profile> -i <file> : Import pub key" echo "${program} -l : List profiles" @@ -127,7 +166,7 @@ list_profiles exit fi if [ "$2" == "-x" ]; then - export_key "${profile}" + export_certificate "${profile}" exit fi usage @@ -144,11 +183,15 @@ generate_keys "${profile}" exit fi if [ "$2" == "-x" ]; then + export_certificate "${profile}" + exit + fi + if [ "$2" == "-s" ]; then export_key "${profile}" exit fi if [ "$2" == "-X" ]; then - dump_key "${profile}" + dump_certificate "${profile}" exit fi @@ -178,4 +221,4 @@ exit fi usage -fi \ No newline at end of file +fi