From 3d8ade7390eceda6d5b869579209a45a7bfe46fd Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 10:58:16 +0800 Subject: [PATCH 1/7] use idea as IDE, plugin bash support is really great --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..99539df --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.idea/** + +transcrypt.iml \ No newline at end of file From c8d6f474ec66ebbcc16de23b206ba380e5da0b54 Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 10:58:54 +0800 Subject: [PATCH 2/7] default password length is 32 ,as 2 power 5 --- transcrypt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transcrypt b/transcrypt index a0b562d..bc11e47 100755 --- a/transcrypt +++ b/transcrypt @@ -193,7 +193,7 @@ get_password() { # generate a random password if the user answered yes; # otherwise prompt the user for a password if [[ $answer =~ $YES_REGEX ]] || [[ ! $answer ]]; then - local password_length=30 + local password_length=32 local random_base64=$(openssl rand -base64 $password_length) password=$random_base64 else From 88806f08247ab323339a64f42d7b422034ef1cd5 Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 11:08:19 +0800 Subject: [PATCH 3/7] use sha-1 instead of md5 --- transcrypt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/transcrypt b/transcrypt index bc11e47..e444dfe 100755 --- a/transcrypt +++ b/transcrypt @@ -293,7 +293,7 @@ save_helper_scripts() { cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) salt=$(openssl dgst -hmac "${filename}:${password}" -sha256 "$filename" | tail -c 16) - ENC_PASS=$password openssl enc -$cipher -md MD5 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" + ENC_PASS=$password openssl enc -$cipher -md sha-1 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" fi fi EOF @@ -304,7 +304,8 @@ save_helper_scripts() { trap 'rm -f "$tempfile"' EXIT cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -md MD5 -pass env:ENC_PASS -d -a 2> /dev/null || cat "$tempfile" + tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -md sha-1 -pass env:ENC_PASS -d -a 2> /dev/null || cat + "$tempfile" EOF cat <<-'EOF' > "${GIT_DIR}/crypt/textconv" @@ -314,7 +315,8 @@ save_helper_scripts() { if [[ -s $filename ]]; then cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - ENC_PASS=$password openssl enc -$cipher -md MD5 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || cat "$filename" + ENC_PASS=$password openssl enc -$cipher -md sha-1 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || cat + "$filename" fi EOF From 6726b12419ecb5088bcc1babb86f200f711b453e Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 11:10:28 +0800 Subject: [PATCH 4/7] Specify the iteration count 128 and force use of PBKDF2 --- transcrypt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/transcrypt b/transcrypt index e444dfe..393ce3e 100755 --- a/transcrypt +++ b/transcrypt @@ -293,7 +293,7 @@ save_helper_scripts() { cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) salt=$(openssl dgst -hmac "${filename}:${password}" -sha256 "$filename" | tail -c 16) - ENC_PASS=$password openssl enc -$cipher -md sha-1 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" + ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha-1 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" fi fi EOF @@ -304,8 +304,8 @@ save_helper_scripts() { trap 'rm -f "$tempfile"' EXIT cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -md sha-1 -pass env:ENC_PASS -d -a 2> /dev/null || cat - "$tempfile" + tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha-1 -pass env:ENC_PASS -d -a 2> /dev/null || + cat "$tempfile" EOF cat <<-'EOF' > "${GIT_DIR}/crypt/textconv" @@ -315,8 +315,8 @@ save_helper_scripts() { if [[ -s $filename ]]; then cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - ENC_PASS=$password openssl enc -$cipher -md sha-1 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || cat - "$filename" + ENC_PASS=$password openssl enc -$cipher -iter 128-md sha-1 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || + cat "$filename" fi EOF From 73bc43f617065d38c7c93cce94fb7ffe1f9381d7 Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 11:22:13 +0800 Subject: [PATCH 5/7] typo for sha-1,it should be sha1 --- transcrypt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/transcrypt b/transcrypt index 393ce3e..0dc3848 100755 --- a/transcrypt +++ b/transcrypt @@ -293,7 +293,7 @@ save_helper_scripts() { cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) salt=$(openssl dgst -hmac "${filename}:${password}" -sha256 "$filename" | tail -c 16) - ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha-1 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" + ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha1 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" fi fi EOF @@ -304,7 +304,7 @@ save_helper_scripts() { trap 'rm -f "$tempfile"' EXIT cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha-1 -pass env:ENC_PASS -d -a 2> /dev/null || + tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha1 -pass env:ENC_PASS -d -a 2> /dev/null || cat "$tempfile" EOF @@ -315,7 +315,7 @@ save_helper_scripts() { if [[ -s $filename ]]; then cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - ENC_PASS=$password openssl enc -$cipher -iter 128-md sha-1 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || + ENC_PASS=$password openssl enc -$cipher -iter 128-md sha1 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || cat "$filename" fi EOF From ca85cb86a00107f07cd335830d2b28bd3c256b4a Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 12:55:42 +0800 Subject: [PATCH 6/7] 1. 128 line length limit --- transcrypt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/transcrypt b/transcrypt index 0dc3848..172c58c 100755 --- a/transcrypt +++ b/transcrypt @@ -305,7 +305,7 @@ save_helper_scripts() { cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) tee "$tempfile" | ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha1 -pass env:ENC_PASS -d -a 2> /dev/null || - cat "$tempfile" + cat "$tempfile" EOF cat <<-'EOF' > "${GIT_DIR}/crypt/textconv" @@ -316,7 +316,7 @@ save_helper_scripts() { cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) ENC_PASS=$password openssl enc -$cipher -iter 128-md sha1 -pass env:ENC_PASS -d -a -in "$filename" 2> /dev/null || - cat "$filename" + cat "$filename" fi EOF From ffb2412737c8860df43e7dbc870a20e931a4b12c Mon Sep 17 00:00:00 2001 From: "David.Ricardo" Date: Mon, 13 May 2019 12:56:04 +0800 Subject: [PATCH 7/7] 1. get the last 16 hex digits --- transcrypt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transcrypt b/transcrypt index 172c58c..468015d 100755 --- a/transcrypt +++ b/transcrypt @@ -292,7 +292,7 @@ save_helper_scripts() { else cipher=$(git config --get --local transcrypt.cipher) password=$(git config --get --local transcrypt.password) - salt=$(openssl dgst -hmac "${filename}:${password}" -sha256 "$filename" | tail -c 16) + salt=$(openssl dgst -hmac "${filename}:${password}" -sha256 "$filename" | tail -c 17) ENC_PASS=$password openssl enc -$cipher -iter 128 -md sha1 -pass env:ENC_PASS -e -a -S "$salt" -in "$tempfile" fi fi