From e392b3a04037142b9bf1f245231eff3634c0f7cc Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Wed, 19 Sep 2018 09:49:11 +0100 Subject: [PATCH] Add key generation script + keys folder --- keys.sh | 25 +++++++++++++++++++++++++ keys/.gitignore | 1 + keys/README.md | 4 ++++ 3 files changed, 30 insertions(+) create mode 100755 keys.sh create mode 100644 keys/.gitignore create mode 100644 keys/README.md diff --git a/keys.sh b/keys.sh new file mode 100755 index 0000000..bb63080 --- /dev/null +++ b/keys.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# +# keys.sh generates keys used for the encryption of certain user data. Because +# user data becomes unrecoverable without these keys, the script and won't +# overwrite any existing keys unless you explicitly delete them. +# + +# Generate cookie encryption and authentication keys +if [[ ! -e "$(pwd)/keys/cookies_enc.aes256" ]]; then + dd of=$(pwd)/keys/cookies_enc.aes256 if=/dev/urandom bs=32 count=1 +else + echo "cookies key already exists! rm keys/cookies_enc.aes256 if you understand the consquences." +fi +if [[ ! -e "$(pwd)/keys/cookies_auth.aes256" ]]; then + dd of=$(pwd)/keys/cookies_auth.aes256 if=/dev/urandom bs=32 count=1 +else + echo "cookies authentication key already exists! rm keys/cookies_auth.aes256 if you understand the consquences." +fi + +# Generate email encryption key +if [[ ! -e "$(pwd)/keys/email_enc.aes256" ]]; then + dd of=$(pwd)/keys/email_enc.aes256 if=/dev/urandom bs=32 count=1 +else + echo "email key already exists! rm keys/email_enc.aes256 if you understand the consquences." +fi diff --git a/keys/.gitignore b/keys/.gitignore new file mode 100644 index 0000000..1da0f60 --- /dev/null +++ b/keys/.gitignore @@ -0,0 +1 @@ +*.aes256 diff --git a/keys/README.md b/keys/README.md new file mode 100644 index 0000000..966b9a9 --- /dev/null +++ b/keys/README.md @@ -0,0 +1,4 @@ +Keys +==== + +Contains keys for encrypting database and session data. Generate necessary keys by running (from the root of the project) `./keys.sh`.