For some reason a few weeks back I was wondering about using ssh keys
to encrypt/decrypt files. Seems like a thing that should be possible,
why not? And sure enough, it’s been done.
This won’t be as good as using gpg keys. Specifically
without the web of trust it can be hit with MITM
attacks, but I think it would be “good enough” for most people in
most uses. And in my experience getting people to use gpg
is like pulling teeth.
Taking Bjorn’s idea and making it a bit more script friendly
I get this.
It generates a number of files however so in the end it might be an idea
to make some sort of protobuf or JSON structure.
The might be better since it’s easer to parse even if it will be a
bit more verbose. Not sure.
Anyway, might play with this for the rest of the week.
password="$(openssl rand 32 | base64)"
openssl aes-256-cbc -in "$file" -out "$file.ssh-enc" -pass pass:"$password"
curl -sS https://github.com/lyda.keys \
| grep ssh-rsa \
| cat -n \
| while read i p k; do
openssl rsautl -encrypt -oaep -pubin \
-inkey <(ssh-keygen -e -f <(echo "$p $k") -m PKCS8) \
-in <(echo "$password") -out "$file.$user.$i.key-enc"
for key in ssh-crypt.lyda.*; do openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa -in $key -out secret.key && break; done
openssl aes-256-cbc -d -in ssh-crypt.ssh-enc -out ssh-crypt.ssh-enc.decrypt -pass file:secret.key