From 71a5e65010035f45b6f90fdb106f60c80f7e424d Mon Sep 17 00:00:00 2001 From: Plexi09 Date: Tue, 24 Feb 2026 00:27:57 +0100 Subject: [PATCH] Actualiser gpg-encrypted-message.sh --- gpg-encrypted-message.sh | 170 +++++++++++++++++++++++++++++++-------- 1 file changed, 137 insertions(+), 33 deletions(-) diff --git a/gpg-encrypted-message.sh b/gpg-encrypted-message.sh index b999e0e..f571074 100644 --- a/gpg-encrypted-message.sh +++ b/gpg-encrypted-message.sh @@ -1,74 +1,178 @@ #!/bin/bash -echo "GPG Encrypted Message Utility" -echo "1) Write (Encrypt & Sign a message)" -echo "2) Read (Decrypt a message)" -echo "3) Import someone's public key" -read -p "Select an option (1, 2, or 3): " option +# Color definitions +RED=$'\e[0;31m' +GREEN=$'\e[0;32m' +YELLOW=$'\e[1;33m' +BLUE=$'\e[0;34m' +MAGENTA=$'\e[0;35m' +CYAN=$'\e[0;36m' +BOLD=$'\e[1m' +NC=$'\e[0m' # No Color + +if ! command -v gpg &> /dev/null; then + echo "${RED}${BOLD}Error: GPG is not installed. Please install GPG to use this utility.${NC}" + exit 1 +fi + +echo "${BOLD}${BLUE}========================================${NC}" +echo "${BOLD}${BLUE} GPG Encrypted Message Utility ${NC}" +echo "${BOLD}${BLUE}========================================${NC}" +echo "${CYAN}1)${NC} Write (Encrypt & Sign a message)" +echo "${CYAN}2)${NC} Read (Decrypt a message)" +echo "${CYAN}3)${NC} Import and Verify someone's public key" +echo "${CYAN}4)${NC} Display My Fingerprint" +echo "" +read -p "${YELLOW}Select an option (1, 2, 3, or 4): ${NC}" option echo "" if [ "$option" == "1" ]; then # WRITING / ENCRYPTING - read -p "Enter the recipient's email address: " email - read -p "Enter the name for the output file (e.g., secret.asc): " outfile + read -p "${YELLOW}Enter the recipient's email address: ${NC}" email + if [ -z "$email" ]; then + echo "${RED}Error: Email cannot be empty.${NC}" + exit 1 + fi - echo "----------------------------------------" - echo "Type your secret message below." - echo "When you are finished, press [Enter] to go to a new line, then press [Ctrl+D]." - echo "----------------------------------------" + read -p "${YELLOW}Enter the name for the output file (e.g., secret.asc): ${NC}" outfile + if [ -z "$outfile" ]; then + echo "${RED}Error: Output file name cannot be empty.${NC}" + exit 1 + fi - # This reads directly from the terminal input and feeds it to GPG - gpg --encrypt --sign --armor --recipient "$email" > "$outfile" + # Create a secure temporary file + temp_file=$(mktemp /dev/shm/secret_msg.XXXXXX 2>/dev/null || mktemp /tmp/secret_msg.XXXXXX) + + echo "${BLUE}----------------------------------------${NC}" + echo "${CYAN}Opening text editor to write your secret message...${NC}" + echo "${BLUE}----------------------------------------${NC}" + + # Open editor + ${EDITOR:-nano} "$temp_file" + + # Check if file is empty + if [ ! -s "$temp_file" ]; then + echo "${RED}Message is empty. Aborting.${NC}" + rm -f "$temp_file" + exit 1 + fi + + gpg --encrypt --sign --armor --recipient "$email" < "$temp_file" > "$outfile" if [ $? -eq 0 ]; then echo "" - echo "Success! Message encrypted and saved to '$outfile'." - echo "You can now safely send this file to $email." + echo "${GREEN}${BOLD}Success!${NC} Message encrypted and saved to '${BOLD}$outfile${NC}'." + echo "You can now safely send this file to ${BOLD}$email${NC}." else echo "" - echo "Error: Encryption failed. Are you sure you imported their public key?" + echo "${RED}${BOLD}Error:${NC} Encryption failed. Make sure the recipient's key is imported and verified." fi + + # Securely delete the temporary file + shred -u "$temp_file" 2>/dev/null || rm -P "$temp_file" 2>/dev/null || rm -f "$temp_file" elif [ "$option" == "2" ]; then # READING / DECRYPTING - read -p "Enter the path to the encrypted file (e.g., secret.asc): " infile + read -p "${YELLOW}Enter the path to the encrypted file (e.g., secret.asc): ${NC}" infile + + if [ -z "$infile" ]; then + echo "${RED}Error: Input file path cannot be empty.${NC}" + exit 1 + fi if [ -f "$infile" ]; then echo "" - echo "Decrypting message..." - echo "----------------------------------------" - # GPG automatically knows to use your private key to decrypt + echo "${CYAN}Decrypting message...${NC}" + echo "${BLUE}----------------------------------------${NC}" gpg --decrypt "$infile" echo "" - echo "----------------------------------------" + echo "${BLUE}----------------------------------------${NC}" else - echo "Error: File '$infile' does not exist in this directory." + echo "${RED}Error: File '$infile' does not exist in this directory.${NC}" fi elif [ "$option" == "3" ]; then - # IMPORTING PUBLIC KEY - read -p "Enter the path to the public key file you want to import (e.g., friend_key.asc): " keyfile + # IMPORTING AND MANDATORY VERIFICATION + read -p "${YELLOW}Enter the path to the public key file you want to import (e.g., friend_key.asc): ${NC}" keyfile + + if [ -z "$keyfile" ]; then + echo "${RED}Error: Key file path cannot be empty.${NC}" + exit 1 + fi if [ -f "$keyfile" ]; then echo "" - echo "Importing public key from '$keyfile'..." - echo "----------------------------------------" + echo "${CYAN}Importing public key from '${BOLD}$keyfile${NC}${CYAN}'...${NC}" + echo "${BLUE}----------------------------------------${NC}" + + # Extract fingerprint before import to know exactly what we are dealing with + fingerprint=$(gpg --show-keys --with-colons "$keyfile" 2>/dev/null | awk -F: '/^fpr:/ {print $10; exit}') + + if [ -z "$fingerprint" ]; then + echo "${RED}Error: Could not extract fingerprint from '$keyfile'. Is it a valid GPG key?${NC}" + exit 1 + fi gpg --import "$keyfile" if [ $? -eq 0 ]; then - echo "----------------------------------------" - echo "Success! The public key has been added to your keychain." - echo "You can now use Option 1 to send encrypted messages to this person." + echo "${BLUE}----------------------------------------${NC}" + echo "${YELLOW}Key loaded into temporary memory. ${BOLD}MANDATORY VERIFICATION REQUIRED.${NC}" + echo "" + + # The Verification Block + echo "${RED}${BOLD}======================================================================${NC}" + echo "${RED}${BOLD} CRITICAL SECURITY STEP ${NC}" + echo "${RED}${BOLD}======================================================================${NC}" + echo "${YELLOW}To prevent a Man-in-the-Middle (MITM) attack, you MUST verify that ${NC}" + echo "${YELLOW}the fingerprint below actually belongs to the true owner. ${NC}" + echo "" + gpg --fingerprint "$fingerprint" + echo "" + echo "${CYAN}${BOLD}INSTRUCTIONS:${NC}" + echo "${CYAN}1. DO NOT verify this using the same channel you received the key on.${NC}" + echo "${CYAN}2. Contact the person via phone, secure messenger, or in person.${NC}" + echo "${CYAN}3. Read the fingerprint above aloud and have them confirm it.${NC}" + echo "${RED}${BOLD}======================================================================${NC}" + echo "" + + read -p "${YELLOW}Did you securely verify the fingerprint out-of-band? (Type 'yes' to confirm): ${NC}" verify_choice + + if [[ "$verify_choice" == "yes" ]]; then + echo "${GREEN}Proceeding to signing prompt. Answer 'y' when GPG asks if you want to sign.${NC}" + echo "${BLUE}----------------------------------------${NC}" + gpg --sign-key "$fingerprint" + echo "${BLUE}----------------------------------------${NC}" + echo "${GREEN}${BOLD}If the signing was successful, this key is now fully trusted and saved.${NC}" + else + echo "" + echo "${RED}Verification aborted or failed.${NC}" + echo "${YELLOW}Security protocol requires deleting the unverified key from your keychain.${NC}" + echo "${CYAN}Removing key...${NC}" + gpg --batch --yes --delete-keys "$fingerprint" + echo "${GREEN}Key removed. Import cancelled.${NC}" + fi else - echo "----------------------------------------" - echo "Error: Failed to import the key. Make sure it is a valid GPG public key file." + echo "${BLUE}----------------------------------------${NC}" + echo "${RED}Error: Failed to import the key. Make sure it is a valid GPG public key file.${NC}" fi else - echo "Error: File '$keyfile' does not exist in this directory." + echo "${RED}Error: File '$keyfile' does not exist in this directory.${NC}" fi +elif [ "$option" == "4" ]; then + # DISPLAY OWN FINGERPRINT + echo "${BLUE}${BOLD}======================================================================${NC}" + echo "${BLUE}${BOLD} YOUR GPG FINGERPRINTS ${NC}" + echo "${BLUE}${BOLD}======================================================================${NC}" + echo "${CYAN}Read the fingerprint below to your contact over a secure channel${NC}" + echo "${CYAN}(e.g., phone call, in person) so they can verify your identity.${NC}" + echo "" + gpg --fingerprint -K + echo "" + echo "${BLUE}${BOLD}======================================================================${NC}" + else - echo "Invalid option selected. Exiting." + echo "${RED}Invalid option selected. Exiting.${NC}" fi \ No newline at end of file