/
isolatedM
executable file
·150 lines (113 loc) · 3.48 KB
/
isolatedM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/bin/bash
#: Title : isolatedM
#: Date : 2017-11-8
#: Author : "Andreas O. Bender" <andreasobender@mac.com>
#: Version : 0.2
#: Description : control symmetric encryption and authentication on an isolated computer
#: Options : None
#: Required files : firstPart.ps, secondPart.ps, messageCounter, keyChoiceAuth
#: Required programs : QR Journal, gpg, openssl
. ./functionsIsolated
# user has options (1 encrypt) or (2 decrypt) until program is terminated by option (3 quit)
while :
do
printf "\n%s\n" "1 encrypt"
printf "%s\n" "2 decrypt"
printf "%s\n\n" "3 quit"
# read in number of chosen option 1, 2 or 3
read -p "enter option number: " choice
case $choice in
1)
# user chooses file of plaintext to encrypt
chooseFile
# test whether chosen file exists
if [ -f $chosenFile ]
then
# display file chosen for encryption and ask user for permission to authenticate
cat $chosenFile
printf "\n"
read -p "do you want to authenticate this plaintext? - y/n: " permissionAuth
if [ $permissionAuth = y ]
then
# add message counter and timestamp to plaintext file
counterTimestamp
# authenticate file
inputfile=$chosenFile$fileDate
authenticateFile
# encrypt file
encryptFile
# encode file as QR code
fileToEncode=$inputfile.asc
encodeFile
# check for creation of QR code
if [ -f $fileToEncode.ps ]
then
# move QR code to directory QRsent
mv -i $fileToEncode.ps QRsent
# display QR code on screen
open QRsent/$fileToEncode.ps
fi
# move ciphertext to directory cipherTextSent
mv -i $inputfile.asc cipherTextSent
else
printf "%s\n" "authentication refused, no action taken"
fi
else
printf "\n%s\n\n" "file does not exist"
fi
;;
2)
# scan in QR code
scanQRcode
startString='\-\-\-\-\-BEGIN PGP MESSAGE-----'
endString='\-\-\-\-\-END PGP MESSAGE-----'
# check scanned file for presence of startString and endString
if [ $(grep -c "$startString" "$qrScanData") -eq 1 ] && [ $(grep -c "$endString" "$qrScanData") -eq 1 ]
then
# strip xml formatting off scanned file
stripFile
# decrypt $scannedFile.asc
decryptFile
# check authentication of plaintext
checkAuthentication
if [ $? = 0 ]
then
printf "\n%s\n" "$scannedFile successfully authenticated"
# remove files containing new and included hmac
srm -m newAuthFile
srm -m includedAuthFile
# extract second line containing timestamp
sed "1q;d" $scannedFile > timestamp
# check second line for correctly formatted timestamp
if [ $(egrep -c '\-'[0-9][0-9]'Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec'[0-3][0-9]'\-'[0-2][0-9].[0-5][0-9].[0-5][0-9] timestamp) -eq 1 ]
then
timestampProcess
else
noTimestampProcess
fi
# erase auxiliary files
srm -m timestamp
else
printf "\n%s\n" "authentication failed"
# remove files containing hmac and plaintext
srm -m $scannedFile
srm -m newAuthFile
srm -m includedAuthFile
fi
else
printf "\n%s\n" "file is not formatted as PGP ciphertext"
# erase scanned image and text file containing scanned text
olddir=$(pwd)
cd "$HOME/Library/Containers/com.joshjacob.qrjournal/Data/Library/Application Support/QRJournal"
rm *.jpg
rm QRJournal.storedata
cd $olddir
fi
;;
3)
# quit program
printf "\n%s\n" "bye"
exit 0
;;
esac
done