Actualiser gpg-encrypted-message.sh
This commit is contained in:
parent
a957c18ba4
commit
71a5e65010
1 changed files with 137 additions and 33 deletions
|
|
@ -1,74 +1,178 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "GPG Encrypted Message Utility"
|
||||
echo "1) Write (Encrypt & Sign a message)"
|
||||
echo "2) Read (Decrypt a message)"
|
||||
echo "3) Import someone's public key"
|
||||
read -p "Select an option (1, 2, or 3): " option
|
||||
# Color definitions
|
||||
RED=$'\e[0;31m'
|
||||
GREEN=$'\e[0;32m'
|
||||
YELLOW=$'\e[1;33m'
|
||||
BLUE=$'\e[0;34m'
|
||||
MAGENTA=$'\e[0;35m'
|
||||
CYAN=$'\e[0;36m'
|
||||
BOLD=$'\e[1m'
|
||||
NC=$'\e[0m' # No Color
|
||||
|
||||
if ! command -v gpg &> /dev/null; then
|
||||
echo "${RED}${BOLD}Error: GPG is not installed. Please install GPG to use this utility.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "${BOLD}${BLUE}========================================${NC}"
|
||||
echo "${BOLD}${BLUE} GPG Encrypted Message Utility ${NC}"
|
||||
echo "${BOLD}${BLUE}========================================${NC}"
|
||||
echo "${CYAN}1)${NC} Write (Encrypt & Sign a message)"
|
||||
echo "${CYAN}2)${NC} Read (Decrypt a message)"
|
||||
echo "${CYAN}3)${NC} Import and Verify someone's public key"
|
||||
echo "${CYAN}4)${NC} Display My Fingerprint"
|
||||
echo ""
|
||||
read -p "${YELLOW}Select an option (1, 2, 3, or 4): ${NC}" option
|
||||
|
||||
echo ""
|
||||
|
||||
if [ "$option" == "1" ]; then
|
||||
# WRITING / ENCRYPTING
|
||||
read -p "Enter the recipient's email address: " email
|
||||
read -p "Enter the name for the output file (e.g., secret.asc): " outfile
|
||||
read -p "${YELLOW}Enter the recipient's email address: ${NC}" email
|
||||
if [ -z "$email" ]; then
|
||||
echo "${RED}Error: Email cannot be empty.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "----------------------------------------"
|
||||
echo "Type your secret message below."
|
||||
echo "When you are finished, press [Enter] to go to a new line, then press [Ctrl+D]."
|
||||
echo "----------------------------------------"
|
||||
read -p "${YELLOW}Enter the name for the output file (e.g., secret.asc): ${NC}" outfile
|
||||
if [ -z "$outfile" ]; then
|
||||
echo "${RED}Error: Output file name cannot be empty.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# This reads directly from the terminal input and feeds it to GPG
|
||||
gpg --encrypt --sign --armor --recipient "$email" > "$outfile"
|
||||
# Create a secure temporary file
|
||||
temp_file=$(mktemp /dev/shm/secret_msg.XXXXXX 2>/dev/null || mktemp /tmp/secret_msg.XXXXXX)
|
||||
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
echo "${CYAN}Opening text editor to write your secret message...${NC}"
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
|
||||
# Open editor
|
||||
${EDITOR:-nano} "$temp_file"
|
||||
|
||||
# Check if file is empty
|
||||
if [ ! -s "$temp_file" ]; then
|
||||
echo "${RED}Message is empty. Aborting.${NC}"
|
||||
rm -f "$temp_file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
gpg --encrypt --sign --armor --recipient "$email" < "$temp_file" > "$outfile"
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo ""
|
||||
echo "Success! Message encrypted and saved to '$outfile'."
|
||||
echo "You can now safely send this file to $email."
|
||||
echo "${GREEN}${BOLD}Success!${NC} Message encrypted and saved to '${BOLD}$outfile${NC}'."
|
||||
echo "You can now safely send this file to ${BOLD}$email${NC}."
|
||||
else
|
||||
echo ""
|
||||
echo "Error: Encryption failed. Are you sure you imported their public key?"
|
||||
echo "${RED}${BOLD}Error:${NC} Encryption failed. Make sure the recipient's key is imported and verified."
|
||||
fi
|
||||
|
||||
# Securely delete the temporary file
|
||||
shred -u "$temp_file" 2>/dev/null || rm -P "$temp_file" 2>/dev/null || rm -f "$temp_file"
|
||||
|
||||
elif [ "$option" == "2" ]; then
|
||||
# READING / DECRYPTING
|
||||
read -p "Enter the path to the encrypted file (e.g., secret.asc): " infile
|
||||
read -p "${YELLOW}Enter the path to the encrypted file (e.g., secret.asc): ${NC}" infile
|
||||
|
||||
if [ -z "$infile" ]; then
|
||||
echo "${RED}Error: Input file path cannot be empty.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f "$infile" ]; then
|
||||
echo ""
|
||||
echo "Decrypting message..."
|
||||
echo "----------------------------------------"
|
||||
# GPG automatically knows to use your private key to decrypt
|
||||
echo "${CYAN}Decrypting message...${NC}"
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
gpg --decrypt "$infile"
|
||||
echo ""
|
||||
echo "----------------------------------------"
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
else
|
||||
echo "Error: File '$infile' does not exist in this directory."
|
||||
echo "${RED}Error: File '$infile' does not exist in this directory.${NC}"
|
||||
fi
|
||||
|
||||
elif [ "$option" == "3" ]; then
|
||||
# IMPORTING PUBLIC KEY
|
||||
read -p "Enter the path to the public key file you want to import (e.g., friend_key.asc): " keyfile
|
||||
# IMPORTING AND MANDATORY VERIFICATION
|
||||
read -p "${YELLOW}Enter the path to the public key file you want to import (e.g., friend_key.asc): ${NC}" keyfile
|
||||
|
||||
if [ -z "$keyfile" ]; then
|
||||
echo "${RED}Error: Key file path cannot be empty.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f "$keyfile" ]; then
|
||||
echo ""
|
||||
echo "Importing public key from '$keyfile'..."
|
||||
echo "----------------------------------------"
|
||||
echo "${CYAN}Importing public key from '${BOLD}$keyfile${NC}${CYAN}'...${NC}"
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
|
||||
# Extract fingerprint before import to know exactly what we are dealing with
|
||||
fingerprint=$(gpg --show-keys --with-colons "$keyfile" 2>/dev/null | awk -F: '/^fpr:/ {print $10; exit}')
|
||||
|
||||
if [ -z "$fingerprint" ]; then
|
||||
echo "${RED}Error: Could not extract fingerprint from '$keyfile'. Is it a valid GPG key?${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
gpg --import "$keyfile"
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "----------------------------------------"
|
||||
echo "Success! The public key has been added to your keychain."
|
||||
echo "You can now use Option 1 to send encrypted messages to this person."
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
echo "${YELLOW}Key loaded into temporary memory. ${BOLD}MANDATORY VERIFICATION REQUIRED.${NC}"
|
||||
echo ""
|
||||
|
||||
# The Verification Block
|
||||
echo "${RED}${BOLD}======================================================================${NC}"
|
||||
echo "${RED}${BOLD} CRITICAL SECURITY STEP ${NC}"
|
||||
echo "${RED}${BOLD}======================================================================${NC}"
|
||||
echo "${YELLOW}To prevent a Man-in-the-Middle (MITM) attack, you MUST verify that ${NC}"
|
||||
echo "${YELLOW}the fingerprint below actually belongs to the true owner. ${NC}"
|
||||
echo ""
|
||||
gpg --fingerprint "$fingerprint"
|
||||
echo ""
|
||||
echo "${CYAN}${BOLD}INSTRUCTIONS:${NC}"
|
||||
echo "${CYAN}1. DO NOT verify this using the same channel you received the key on.${NC}"
|
||||
echo "${CYAN}2. Contact the person via phone, secure messenger, or in person.${NC}"
|
||||
echo "${CYAN}3. Read the fingerprint above aloud and have them confirm it.${NC}"
|
||||
echo "${RED}${BOLD}======================================================================${NC}"
|
||||
echo ""
|
||||
|
||||
read -p "${YELLOW}Did you securely verify the fingerprint out-of-band? (Type 'yes' to confirm): ${NC}" verify_choice
|
||||
|
||||
if [[ "$verify_choice" == "yes" ]]; then
|
||||
echo "${GREEN}Proceeding to signing prompt. Answer 'y' when GPG asks if you want to sign.${NC}"
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
gpg --sign-key "$fingerprint"
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
echo "${GREEN}${BOLD}If the signing was successful, this key is now fully trusted and saved.${NC}"
|
||||
else
|
||||
echo ""
|
||||
echo "${RED}Verification aborted or failed.${NC}"
|
||||
echo "${YELLOW}Security protocol requires deleting the unverified key from your keychain.${NC}"
|
||||
echo "${CYAN}Removing key...${NC}"
|
||||
gpg --batch --yes --delete-keys "$fingerprint"
|
||||
echo "${GREEN}Key removed. Import cancelled.${NC}"
|
||||
fi
|
||||
else
|
||||
echo "----------------------------------------"
|
||||
echo "Error: Failed to import the key. Make sure it is a valid GPG public key file."
|
||||
echo "${BLUE}----------------------------------------${NC}"
|
||||
echo "${RED}Error: Failed to import the key. Make sure it is a valid GPG public key file.${NC}"
|
||||
fi
|
||||
else
|
||||
echo "Error: File '$keyfile' does not exist in this directory."
|
||||
echo "${RED}Error: File '$keyfile' does not exist in this directory.${NC}"
|
||||
fi
|
||||
|
||||
elif [ "$option" == "4" ]; then
|
||||
# DISPLAY OWN FINGERPRINT
|
||||
echo "${BLUE}${BOLD}======================================================================${NC}"
|
||||
echo "${BLUE}${BOLD} YOUR GPG FINGERPRINTS ${NC}"
|
||||
echo "${BLUE}${BOLD}======================================================================${NC}"
|
||||
echo "${CYAN}Read the fingerprint below to your contact over a secure channel${NC}"
|
||||
echo "${CYAN}(e.g., phone call, in person) so they can verify your identity.${NC}"
|
||||
echo ""
|
||||
gpg --fingerprint -K
|
||||
echo ""
|
||||
echo "${BLUE}${BOLD}======================================================================${NC}"
|
||||
|
||||
else
|
||||
echo "Invalid option selected. Exiting."
|
||||
echo "${RED}Invalid option selected. Exiting.${NC}"
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue