x509crypt.git

commit dba7442851b8c1d564eed1c8760366d8d9e9e59e

Author: Paolo Lulli <paolo@lulli.net>

added profile + import public keys


 x509crypt | 209 ++++++++++++++++++++++++++++++++++++++------------------


diff --git a/x509crypt b/x509crypt
index 261ad9aa5e14ed608b68d9a7b2c8bd0592050e8c..50d7a2f70ce1b881ae9d18e9a1dd7a04e81c0554 100755
--- a/x509crypt
+++ b/x509crypt
@@ -1,99 +1,170 @@
-#! /bin/bash 
+#! /bin/bash
 
 # Paolo Lulli 2014
 
 CONFIG_DIR=$HOME/.x509crypt
+GLOBAL_CONFIG=${CONFIG_DIR}/config
 
-CONFIG_CERT_NAME="certificate"
-
+setup_global_config(){
+  echo "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department"> ${GLOBAL_CONFIG}
+  echo "Created config file: [${GLOBAL_CONFIG}]"
+  exit 1
+}
 
 test -d $CONFIG_DIR || mkdir -p $CONFIG_DIR
+test -f $GLOBAL_CONFIG || setup_global_config
 
-profile_name="default"
-
-
-read_profile(){
-	echo "Profile name:"
-	read  profile_name
+generate_keys(){
+  echo "GENERATE KEYS"
+  profile=$1
+  CONFIG_CERT_NAME=${profile}
+  organization=$(cat ${GLOBAL_CONFIG})
+  openssl genrsa -out $CONFIG_DIR/$profile/certs/$CONFIG_CERT_NAME.key 4096
+  
+  openssl req -batch -new -key $CONFIG_DIR/$profile/certs/$CONFIG_CERT_NAME.key \
+  -subj "$organization/CN=$profile"\
+  -out $CONFIG_DIR/$profile/certs/$CONFIG_CERT_NAME.csr
+  #-subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"\
+  #-config $CONFIG_DIR/$profile_name/conf/$profile_name-config
+  
+  openssl x509 -req -days 365 -in $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.csr \
+  -signkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key \
+  -out $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt
 }
 
-generate_keys(){
-	echo "GENERATE KEYS"
-	openssl genrsa -out $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key 2048
-	openssl req -batch -new -key $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key -out $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.csr -config $CONFIG_DIR/$profile_name/conf/$profile_name-config
-	openssl x509 -req -days 365 -in $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.csr -signkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key -out $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt
+export_key(){
+  profile_name=$1
+  CONFIG_CERT_NAME=${profile}
+  cat $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt
 }
 
-export_key(){
-	echo "EXPORT PUBLIC KEY:[$CONFIG_CERT_NAME.key]"
-	cp $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key .
+dump_key(){
+  profile_name=$1
+  CONFIG_CERT_NAME=${profile}
+  cat $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt | openssl x509 -text
 }
+
+
+
 setup_profile(){
-	echo "SETUP PROFILE"
-	test -d $CONFIG_DIR/$profile_name || mkdir -p $CONFIG_DIR/$profile_name
-	test -d $CONFIG_DIR/$profile_name/conf || mkdir -p $CONFIG_DIR/$profile_name/conf
-	test -d $CONFIG_DIR/$profile_name/certs || mkdir -p $CONFIG_DIR/$profile_name/certs
+  echo "SETUP PROFILE"
+  profile_name=$1
+  test -d $CONFIG_DIR/$profile_name || mkdir -p $CONFIG_DIR/$profile_name
+  test -d $CONFIG_DIR/$profile_name/conf || mkdir -p $CONFIG_DIR/$profile_name/conf
+  test -d $CONFIG_DIR/$profile_name/certs || mkdir -p $CONFIG_DIR/$profile_name/certs
 }
 
 file_decrypt(){
-	echo "FILE DECRYPT: $1"
-	decrypted_file=$1".cleartext"
-	#openssl smime -decrypt -binary -in $1 -inform DER -out $decrypted_file -inkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key -passin pass:your_password
-	openssl smime -decrypt -binary -in $1 -inform DER -out $decrypted_file -inkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key 
+  echo "FILE DECRYPT: $1"
+  test -d $CONFIG_DIR/$profile_name || echo "profile: [$profile_name] does not exist, EXIT"
+  test -d $CONFIG_DIR/$profile_name || exit 1
+  decrypted_file=$1".cleartext"
+  CONFIG_CERT_NAME=${profile_name}
+  #openssl smime -decrypt -binary -in $1 -inform DER -out $decrypted_file -inkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key -passin pass:your_password
+  openssl smime -decrypt -binary -in $1 -inform DER -out $decrypted_file -inkey $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.key
 }
+
 file_encrypt(){
-	echo "FILE ENCRYPT: $1"
-	encrypted_file=$1".enc"
-	openssl smime -encrypt -binary -aes-256-cbc -in $1 -out $encrypted_file  -outform DER $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt
+  echo "FILE ENCRYPT: $1"
+  encrypted_file=$1".enc"
+  CONFIG_CERT_NAME=${profile_name}
+  openssl smime -encrypt -binary -aes-256-cbc -in $1 -out $encrypted_file  -outform DER $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt
 }
+
+file_import(){
+  echo "FILE IMPORT: $1"
+  imported_file=$1
+  CONFIG_CERT_NAME=${profile_name}
+
+  test -f $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt && echo "profile: [$profile_name] exists, SKIPPING"
+  test -f $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt && exit 1
+  
+  test -d $CONFIG_DIR/$profile_name || mkdir -p $CONFIG_DIR/$profile_name/certs
+  
+  cp ${imported_file} $CONFIG_DIR/$profile_name/certs/$CONFIG_CERT_NAME.crt
+}
+
+
+list_profiles(){
+  echo "profiles"
+  echo "--------"
+  for i in $(ls $CONFIG_DIR  | sed -e s/config//); do echo ${i}; done
+}
+
 usage(){
-	echo "$0 -e <file> : ENCRYPTS FILE"
-	echo "$0 -d <file> : DECRYPTS FILE"
-	echo "$0 -g        : GENERATE KEYS"
-	echo "$0 -p        : SETUP PROFILE"
-	echo "$0 -x        : EXPORT PUB KEY"
+  program=$(basename $0)
+  echo "${program} <profile> -e <file> : Encrypt <file>"
+  echo "${program} <profile> -d <file> : Decrypt <file>"
+ 
+  echo "${program} <profile> -g        : Generate keys"
+  
+  echo "${program} <profile> -x        : eXport pub key"
+  echo "${program} <profile> -X        : eXport pub key details"
+  echo "${program} <profile> -i <file> : Import pub key"
+  echo "${program} -l                  : List profiles"
 }
 
 
-if [ "$#" -gt 2 ]; then 
-	usage
-	exit 
+if [ "$#" -gt 3 ]; then
+  usage
+  exit
 fi
-if [ "$#" -eq 0 ]; then 
-	usage
-	exit 
+if [ "$#" -eq 0 ]; then
+  usage
+  exit
 fi
 
-if [ "$#" -eq 1 ]; then 
-	if [ "$1" == "-p" ]; then
-		setup_profile
-		exit 
-	fi
-	if [ "$1" == "-g" ]; then
-		generate_keys
-		exit 
-	fi
-	if [ "$1" == "-x" ]; then
-		export_key
-		exit 
-	fi
-	usage
+if [ "$#" -eq 1 ]; then
+  if [ "$1" == "-l" ]; then
+    list_profiles
+    exit
+  fi
+  if [ "$2" == "-x" ]; then
+    export_key "${profile}"
+    exit
+  fi
+  usage
 fi
-if [ "$#" -eq 2 ]; then 
-	input_file=$2
-	if [ "$1" == "-e" ]; then
-		file_encrypt $input_file
-		file_decrypt $input_file".enc"
-		diff $input_file $input_file".enc.cleartext" || echo "ERROR: BAD ENCRYPTION"	
-		rm $input_file".enc.cleartext"
-		exit 
-	fi
-	if [ "$1" == "-d" ]; then
-		file_decrypt $input_file
-		exit 
-	fi
 
-	usage
+if [ "$#" -eq 2 ]; then
+  profile=$1
+  if [ "$2" == "-g" ]; then
+    test -d $CONFIG_DIR/$profile && echo "profile: [$profile] exists, SKIPPING"
+    test -d $CONFIG_DIR/$profile && exit 1
+
+    setup_profile "${profile}"
+    generate_keys "${profile}"
+    exit
+  fi
+  if [ "$2" == "-x" ]; then
+    export_key "${profile}"
+    exit
+  fi
+  if [ "$2" == "-X" ]; then
+    dump_key "${profile}"
+    exit
+  fi
+  
+  usage
 fi
-#read_profile
-echo "You choose profile: [$profile_name]"
+if [ "$#" -eq 3 ]; then
+  profile_name=$1
+  input_file=$3
+  if [ "$2" == "-e" ]; then
+    file_encrypt $input_file
+    file_decrypt $input_file".enc"
+    diff $input_file $input_file".enc.cleartext" || echo "ERROR: BAD ENCRYPTION"
+    rm $input_file".enc.cleartext"
+    exit
+  fi
+  if [ "$2" == "-d" ]; then
+    file_decrypt $input_file
+    exit
+  fi
+  if [ "$2" == "-i" ]; then
+    file_import $input_file
+    exit
+  fi
+
+  usage
+fi
\ No newline at end of file