panda/gpg-quorum
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

added to readme

Browse source
This commit is contained in:
panda 2021-08-01 01:14:05 +02:00
parent ae87263442
commit 98ad62e448
4 changed files with 213 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gpg-quorum_3of5.sh.swp
View file

Binary file not shown.

90
README.md
View file

@ -16,7 +16,11 @@ I looked into "Shamir secret sharing" but I find that generating a new secret th
### output: ### output:
this bash script this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened
the logic behind that is really simple:
### requirements: ### requirements:
@ -33,3 +37,87 @@ edit the debug variable to add your email address (if you want) for debugging pu
your output will be a file named your output will be a file named
your_file_to_encrypt.ext.ENCRYPTED your_file_to_encrypt.ext.ENCRYPTED
### customization:
if you want to increase the number of people needed to decrypt the file to 4 for example,
edit this block of code from:
```
#main loop:
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ]; then
echo "A, B or C are the same"
continue
else
#custom execution for first run:
if [ "$counter" == 0 ]; then
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $file
#custom execution for last run:
elif [ "$counter" == $((ans-1)) ]; then
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))
#normal execution:
else
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))
fi
#increase loop counter:
((counter++))
fi
done
done
done
```
```
#main loop:
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
for ((idxD=idxC; idxD<max; idxD++)); do # iterate idxD from idxC to length
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxD]}" ] || [ "${emails[$idxB]}" == "${emails[$idxD]}" ] || [ "${emails[$idxC]}" == "${emails[$idxD]}" ]; then
#echo "A, B, C or D are the same"
continue
else
#custom execution for first run:
if [ "$counter" == 0 ]; then
echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $file"
#custom execution for last run:
elif [ "$counter" == $((ans-1)) ]; then
echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))"
#normal execution:
else
echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))"
fi
#increase loop counter:
((counter++))
fi
done
done
done
done
```
and then adjust the variable "combinate" to 4:
```
combinate=4
```

1
file.txt Normal file
View file

@ -0,0 +1 @@
banana

123
gpg-quorum_4of5.sh Executable file
View file

@ -0,0 +1,123 @@
#!/usr/bin/env bash
#Scipt to encrypt a file with some known keys,
#the script will combin the encryptions to ensure that a minimum quorum defined in "combinate" variable is needed to open the file.
#the script will not auto-adjust to an arbitrary change of "combinate" since one or more loops in the main loop should be tuned,
#right now it's adjusted ofr a quorum of 3 recipients.
#
#usage: gpg-quorum_3of5.sh filename_to_encrypt.ext
#retrieve the email list
readarray -t emails < emails.txt
file=$1
#debug email if you want to self-decrypt, you can also leave it blank but don't populate it without "-r":
debug="-r youermail@provider.net"
#counters:
counter=0
firstrun=0
#minimum numbers of recipients that needs to agree to decypher the file:
combinate=4
#work directory:
workdir="_WORKDIR"
#lenght of array:
max=${#emails[@]} # Take the length of that array
#-----
#CALCULATE number of combinations for our emails
#function for factorial calculation
function fun_fact {
num=$1
fact=1
for((i=2;i<=num;i++))
{
fact=$((fact * i)) #fact = fact * i
}
echo $fact
}
#n is the lenght of the array
n=$max
#r is the number of recipients needed to open the file
r=$combinate
a=$( fun_fact $n )
b=$( fun_fact $r )
c=$(( $n - $r ))
d=$( fun_fact $c )
t=$(( $b * $d ))
ans=$(( $a / $t ))
echo "max number of combinations: "$ans
#-----
#create our workdir if it does not exist:
if [ ! -d "$workdir" ]
then
echo "creating dir"
mkdir $workdir
else
echo "Directory $workdir exists, exiting"
exit
fi
#main loop:
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
for ((idxD=idxC; idxD<max; idxD++)); do # iterate idxD from idxC to length
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxD]}" ] || [ "${emails[$idxB]}" == "${emails[$idxD]}" ] || [ "${emails[$idxC]}" == "${emails[$idxD]}" ]; then
#echo "A, B, C or D are the same"
continue
else
#custom execution for first run:
if [ "$counter" == 0 ]; then
echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $file"
#custom execution for last run:
elif [ "$counter" == $((ans-1)) ]; then
echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))"
#normal execution:
else
echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))"
fi
#increase loop counter:
((counter++))
fi
done
done
done
done
#remove work directory:
rm -rf $workdir
#the combination matrix for a quorum of 3 recipients on 5:
#recipients: A,B,C,D,E
#
#A,B,C
#A,B,D
#A,B,E
#A,C,D
#A,C,E
#A,D,E
#B,C,D
#B,C,E
#B,D,E
#C,D,E
#SOURCES:
#http://www.anonhack.in/2018/05/program-to-calculate-combination-ncr-in-bash-shell-scripting/
#https://www.log2base2.com/shell-script-examples/loop/shell-script-to-find-factorial-of-a-number.html