-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathparanoia-encrypter.sh
executable file
·167 lines (136 loc) · 5.58 KB
/
paranoia-encrypter.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/bin/bash
# Color definitions
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
NC='\033[0m' # No color
# Print "Paranoia Encrypter" header with a scary slogan
echo -e "${GREEN}"
echo "╔════════════════════════════════════════════╗"
echo "║ Paranoia Encrypter v1.0 ║"
echo "║ Your security ends where your trust ║"
echo "║ in others begins. ║"
echo "╚════════════════════════════════════════════╝"
echo -e "${NC}"
# Temporary file paths in shared memory
TEMP_FILES=("/dev/shm/symmetric_key" "/dev/shm/encrypted_key" "/dev/shm/encrypted_data")
# Function to securely clean up temporary files
secure_cleanup() {
for file in "${TEMP_FILES[@]}"; do
if [[ -f "$file" ]]; then
shred -u "$file" >/dev/null 2>&1
fi
done
}
# Trap to handle script interruption or termination
trap secure_cleanup EXIT SIGINT SIGTERM
# Function to generate RSA keys if they do not exist
generate_rsa_keys() {
if [[ ! -f private_key.pem || ! -f public_key.pem ]]; then
echo -e "${YELLOW}Generating RSA keys...${NC}"
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096 >/dev/null 2>&1
openssl rsa -pubout -in private_key.pem -out public_key.pem >/dev/null 2>&1
else
echo -e "${YELLOW}RSA keys already exist.${NC}"
fi
}
# Main encryption function
encrypt() {
local source_file="$1"
local output_file="$2"
if [[ ! -f "$source_file" ]]; then
echo -e "${RED}Error: Source file '$source_file' does not exist.${NC}"
exit 1
fi
echo -e "${GREEN}Encryption started at $(date)${NC}"
SECONDS=0
generate_rsa_keys
# Generate random passwords
local aes_password=$(tr -dc 'A-Za-z0-9!@#$%^&*()_+=-' </dev/urandom | head -c 32)
local chacha_password=$(tr -dc 'A-Za-z0-9!@#$%^&*()_+=-' </dev/urandom | head -c 32)
local camellia_password=$(tr -dc 'A-Za-z0-9!@#$%^&*()_+=-' </dev/urandom | head -c 32)
# Use shared memory for temporary files
openssl rand 32 >"${TEMP_FILES[0]}"
openssl pkeyutl -encrypt -inkey public_key.pem -pubin -in "${TEMP_FILES[0]}" -out "${TEMP_FILES[1]}"
# Encrypt the file sequentially
openssl enc -aes-256-cbc -pbkdf2 -salt -pass pass:"$aes_password" -in "$source_file" 2>/dev/null | \
openssl enc -chacha20 -pbkdf2 -salt -pass pass:"$chacha_password" 2>/dev/null | \
openssl enc -camellia-256-cbc -pbkdf2 -salt -pass pass:"$camellia_password" 2>/dev/null >"${TEMP_FILES[2]}"
# Combine encrypted key and data into the output file
cat "${TEMP_FILES[1]}" "${TEMP_FILES[2]}" >"$output_file"
local duration=$SECONDS
echo -e "${GREEN}Encryption completed at $(date)${NC}"
echo -e "${GREEN}Elapsed time: $(($duration / 60)) minutes and $(($duration % 60)) seconds${NC}"
echo -e "${YELLOW}Output file: $output_file${NC}"
echo -e "${YELLOW}AES Password: $aes_password${NC}"
echo -e "${YELLOW}ChaCha20 Password: $chacha_password${NC}"
echo -e "${YELLOW}Camellia Password: $camellia_password${NC}"
echo -e "${YELLOW}Private Key Path: $(realpath private_key.pem)${NC}"
echo -e "${YELLOW}Public Key Path: $(realpath public_key.pem)${NC}"
}
# Main decryption function
decrypt() {
local source_file="$1"
local output_file="$2"
if [[ ! -f "$source_file" ]]; then
echo -e "${RED}Error: Encrypted file '$source_file' does not exist.${NC}"
exit 1
fi
echo -e "${GREEN}Decryption started at $(date)${NC}"
SECONDS=0
read -sp "Enter AES password: " aes_password
echo
read -sp "Enter ChaCha20 password: " chacha_password
echo
read -sp "Enter Camellia password: " camellia_password
echo
# Use shared memory for temporary files
head -c 512 "$source_file" >"${TEMP_FILES[1]}"
tail -c +513 "$source_file" >"${TEMP_FILES[2]}"
openssl pkeyutl -decrypt -inkey private_key.pem -in "${TEMP_FILES[1]}" -out "${TEMP_FILES[0]}"
if [[ $? -ne 0 ]]; then
echo -e "${RED}Error: Failed to decrypt the symmetric key.${NC}"
secure_cleanup
exit 1
fi
cat "${TEMP_FILES[2]}" | \
openssl enc -d -camellia-256-cbc -pbkdf2 -salt -pass pass:"$camellia_password" 2>/dev/null | \
openssl enc -d -chacha20 -pbkdf2 -salt -pass pass:"$chacha_password" 2>/dev/null | \
openssl enc -d -aes-256-cbc -pbkdf2 -salt -pass pass:"$aes_password" -out "$output_file" 2>/dev/null
if [[ $? -ne 0 ]]; then
echo -e "${RED}Error: Failed to decrypt the data. Please check passwords.${NC}"
secure_cleanup
exit 1
fi
secure_cleanup
local duration=$SECONDS
echo -e "${GREEN}Decryption completed at $(date)${NC}"
echo -e "${GREEN}Elapsed time: $(($duration / 60)) minutes and $(($duration % 60)) seconds${NC}"
echo -e "${YELLOW}Output file: $output_file${NC}"
}
# Main function
main() {
if [[ $# -lt 3 ]]; then
echo -e "${RED}Usage:${NC}"
echo " $0 encrypt <source_file> <output_file>"
echo " $0 decrypt <source_file> <output_file>"
exit 1
fi
local mode="$1"
local source_file="$2"
local output_file="$3"
case "$mode" in
encrypt)
encrypt "$source_file" "$output_file"
;;
decrypt)
decrypt "$source_file" "$output_file"
;;
*)
echo -e "${RED}Unknown mode: $mode${NC}"
exit 1
;;
esac
}
# Invoke the main function
main "$@"