From 314afb287e00653f682161817972a9809e61789f Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Fri, 14 Apr 2023 13:06:14 +0200 Subject: [PATCH] Breaking: Replace deprecated / archived crypto library (#80) --- README.md | 2 +- cli_create.sh | 34 +++++++++++++------------- cli_get.sh | 14 +++++------ src/app.vue | 56 ++++++++++++++++++++++++------------------- src/crypto.js | 35 +++++++++++++++++++++++++++ src/package-lock.json | 6 ----- src/package.json | 1 - 7 files changed, 93 insertions(+), 55 deletions(-) create mode 100644 src/crypto.js diff --git a/README.md b/README.md index dafbf89..95f11f2 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ As `ots` is designed to never let the server know the secret you are sharing you This is slightly more complex as you first need to encrypt your secret before sending it to the API but in this case you can be sure the server will in no case be able to access the secret. Especially if you are using ots.fyi (my public hosted instance) you should not trust me with your secret but use an encrypted secret: ```console -# echo "my password" | openssl aes-256-cbc -base64 -pass pass:mypass -md md5 +# echo "my password" | openssl aes-256-cbc -base64 -pass pass:mypass -iter 300000 -md sha512 U2FsdGVkX18wJtHr6YpTe8QrvMUUdaLZ+JMBNi1OvOQ= # curl -X POST -H 'content-type: application/json' -i -s -d '{"secret": "U2FsdGVkX18wJtHr6YpTe8QrvMUUdaLZ+JMBNi1OvOQ="}' https://ots.fyi/api/create diff --git a/cli_create.sh b/cli_create.sh index 4529c8e..69f9bce 100644 --- a/cli_create.sh +++ b/cli_create.sh @@ -1,36 +1,38 @@ #!/bin/bash set -euo pipefail +: ${INSTANCE:=https://ots.fyi} # Where to reach the API of the instance (omit trailing slash) + deps=(curl jq) for cmd in "${deps[@]}"; do - which ${cmd} >/dev/null || { - echo "'${cmd}' util is required for this script" - exit 1 - } + which ${cmd} >/dev/null || { + echo "'${cmd}' util is required for this script" + exit 1 + } done # Get secret from CLI argument SECRET=${1:-} [[ -n $SECRET ]] || { - echo "Usage: $0 'secret to share'" - exit 1 + echo "Usage: $0 'secret to share'" + exit 1 } -# Generate a random 8 character password -pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8 || true) +# Generate a random 20 character password +pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20 || true) # Encrypt the secret -ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 2>/dev/null) +ciphertext=$(echo "${SECRET}" | openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 2>/dev/null) # Create a secret and extract the secret ID id=$( - curl -sSf \ - -X POST \ - -H 'content-type: application/json' \ - -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \ - https://ots.fyi/api/create | - jq -r '.secret_id' + curl -sSf \ + -X POST \ + -H 'content-type: application/json' \ + -d "$(jq --arg secret "${ciphertext}" -cn '{"secret": $secret}')" \ + "${INSTANCE}/api/create" | + jq -r '.secret_id' ) # Display URL to user -echo -e "Secret is now available at:\nhttps://ots.fyi/#${id}%7C${pass}" +echo -e "Secret is now available at:\n${INSTANCE}/#${id}%7C${pass}" diff --git a/cli_get.sh b/cli_get.sh index 137fa93..03ce712 100644 --- a/cli_get.sh +++ b/cli_get.sh @@ -3,17 +3,17 @@ set -euo pipefail deps=(curl jq) for cmd in "${deps[@]}"; do - which ${cmd} >/dev/null || { - echo "'${cmd}' util is required for this script" - exit 1 - } + which ${cmd} >/dev/null || { + echo "'${cmd}' util is required for this script" + exit 1 + } done # Get URL from CLI argument url="${1:-}" [[ -n $url ]] || { - echo "Usage: $0 'URL to get the secret'" - exit 1 + echo "Usage: $0 'URL to get the secret'" + exit 1 } # normalize url and extract parts url="${url/|/%7C}" @@ -25,4 +25,4 @@ geturl="${host}/api/get/${id}" # fetch secret and decrypt to STDOUT curl -sSf "${geturl}" | jq -r ".secret" | - openssl aes-256-cbc -base64 -pass "pass:${pass}" -md md5 -d 2>/dev/null + openssl aes-256-cbc -base64 -pass "pass:${pass}" -iter 300000 -md sha512 -d 2>/dev/null diff --git a/src/app.vue b/src/app.vue index eecb07c..e78037b 100644 --- a/src/app.vue +++ b/src/app.vue @@ -166,7 +166,7 @@