kim
/
npaste
1
0
Fork 0
Code Issues 5 Pull Requests 1 Projects 1 Releases Wiki Activity
Browse Source

Added additional passphrase security using vaults

pull/4/head
Kim Grytøyr 4 years ago
parent
d27a630ced
commit
9ca64e30df
8 changed files with 49 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      cli-script/npaste
  2. 2
      cli-script/v.sh
  3. 1
      cli-script/vaults
  4. 4
      src/lib/paste.js
  5. 10
      src/public/javascripts/decrypt.js
  6. 9
      src/public/javascripts/syntax.js
  7. 4
      src/views/image.jade
  8. 4
      src/views/text.jade

23
cli-script/npaste
View File

@ -9,6 +9,8 @@ usage() {
printf "\t-h --help\n"
printf "\t-p --plaintext No syntax highlighting.\n"
printf "\t--age When to delete this item. Syntax: n[m|h|d|y], where n is an integer. minutes, hours, days, years. Example: 1h. Default: 0, ie. never deleted.\n"
printf "\t--encrypt The paste will be encrypted using a secret key not known to the server.\n"
printf "\t--vault If using --encrypt, this will also encrypt it with a password that is not in the URL.\n"
printf "\t--archive The paste will be restorable for the submitter with the archive flag.\n"
printf "\t--no-archive The paste will NOT be archived, regardless of default defined in config file.\n"
printf "\t--no-auto-pipe Don't use auto pipe command as defined in config file\n"
@ -46,6 +48,7 @@ api_request() {
NPASTE_IS_PLAINTEXT=0
NPASTE_AGE=0
NPASTE_CONFIG="$HOME/.config/npaste/cli.conf"
NPASTE_VAULTS="$HOME/.config/npaste/vaults"
NPASTE_FILE="-" # default stdin
NPASTE_USE_AUTO_PIPE_COMMAND=1
NPASTE_ARCHIVE=0
@ -73,6 +76,9 @@ while [ "$1" != "" ]; do
--encrypt)
NPASTE_ENCRYPT=1
;;
--vault)
NPASTE_VAULT=$VALUE
;;
--archive)
NPASTE_ARCHIVE=1
;;
@ -185,11 +191,24 @@ else
fi
if [ "$NPASTE_DO_ENCRYPT" = "1" ]; then
# encrypt file
NPASTE_VAULT_KEY=""
if [ "$NPASTE_VAULT" ]; then
while IFS=':' read -ra VAULTS; do
if [ "${VAULTS[0]}" = "$NPASTE_VAULT" ]; then
NPASTE_VAULT_KEY="${VAULTS[1]}"
fi
done <<< $(cat $NPASTE_VAULTS)
if [ -z "$NPASTE_VAULT_KEY" ]; then
echo "Unable to find vault key for $NPASTE_VAULT"
exit
fi
fi
# create random encryption key
KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $NPASTE_ENCRYPTION_KEY_LENGTH | head -n 1)
# upload file to npaste
NPASTE_PASTE_URL=$(cat $NPASTE_FILE | base64 | gpg --armor --batch --passphrase "$KEY" --symmetric | api_request $NPASTE_USERNAME $NPASTE_APIKEY $NPASTE_URL "-F paste=@-" "-F plain=$NPASTE_IS_PLAINTEXT" "-F age=$NPASTE_AGE" "-F archive=$NPASTE_DO_ARCHIVE" "-F mimetype=$MIME_TYPE" "-F encrypted=1")
NPASTE_PASTE_URL=$(cat $NPASTE_FILE | base64 | gpg --armor --batch --passphrase "$KEY$NPASTE_VAULT_KEY" --symmetric | api_request $NPASTE_USERNAME $NPASTE_APIKEY $NPASTE_URL "-F paste=@-" "-F plain=$NPASTE_IS_PLAINTEXT" "-F age=$NPASTE_AGE" "-F archive=$NPASTE_DO_ARCHIVE" "-F mimetype=$MIME_TYPE" "-F encrypted=1" "-F vault=$NPASTE_VAULT")
else
NPASTE_PASTE_URL=$(cat $NPASTE_FILE | api_request $NPASTE_USERNAME $NPASTE_APIKEY $NPASTE_URL "-F paste=@-" "-F plain=$NPASTE_IS_PLAINTEXT" "-F age=$NPASTE_AGE" "-F archive=$NPASTE_DO_ARCHIVE" "-F encrypted=0")
fi

2
cli-script/v.sh
View File

@ -0,0 +1,2 @@
#/bin/sh

1
cli-script/vaults
View File

@ -0,0 +1 @@
ibooking:12345

4
src/lib/paste.js
View File

@ -186,6 +186,10 @@ const add = (req, res, next) => {
// deleting the file
metadata.archive = req.body.archive == 1 ? true : false;
if (req.body.vault) {
metadata.vault = req.body.vault;
}
// Create .meta file
// TODO: Move this to function or module
fs.writeFileSync(config.path + filename + '.meta', JSON.stringify(metadata));

10
src/public/javascripts/decrypt.js
View File

@ -14,12 +14,18 @@ ready(() => {
// Encryption stuff
if (window.location.hash) {
console.log("Decrypting image..");
let passphrase = '';
if (window.vault) {
passphrase = prompt("Enter passphrase for vault '" + window.vault + "':");
}
const data = document.getElementById('data').innerHTML;
try {
options = {
message: openpgp.message.readArmored(data),
password: window.location.hash.substr(1),
password: window.location.hash.substr(1) + passphrase,
};
}
catch (e) {
@ -36,7 +42,7 @@ ready(() => {
document.getElementById('decrypting').style.display = 'none';
}).catch(function(error) {
const errorDiv = document.getElementById('error');
errorDiv.innerHTML = 'Unable to decrypt message. You probably have the wrong decryption key.';
errorDiv.innerHTML = 'Unable to decrypt message. You probably have the wrong decryption key or passphrase.';
errorDiv.style.display = 'block';
document.getElementById('decrypting').style.display = 'none';
});

9
src/public/javascripts/syntax.js
View File

@ -57,11 +57,16 @@ ready(() => {
openpgp.initWorker({ path:'/javascripts/openpgp.worker.min.js' });
console.log("Decrypting text..");
let passphrase = '';
if (window.vault) {
passphrase = prompt("Enter passphrase for vault '" + window.vault + "':");
}
const data = document.getElementById('paste').innerHTML;
try {
options = {
message: openpgp.message.readArmored(data),
password: window.location.hash.substr(1),
password: window.location.hash.substr(1) + passphrase,
};
}
catch (e) {
@ -81,7 +86,7 @@ ready(() => {
document.getElementById('decrypting').style.display = 'none';
}).catch(function(error) {
const errorDiv = document.getElementById('error');
errorDiv.innerHTML = 'Unable to decrypt message. You probably have the wrong decryption key.';
errorDiv.innerHTML = 'Unable to decrypt message. You probably have the wrong decryption key or passphrase.';
errorDiv.style.display = 'block';
document.getElementById('decrypting').style.display = 'none';
});

4
src/views/image.jade
View File

@ -4,7 +4,9 @@ block head
if paste.encrypted === true
script(src='/javascripts/openpgp.min.js')
script(src='/javascripts/decrypt.js')
if paste.vault
script.
window.vault = '#{paste.vault}';
block content
#content
include header.jade

4
src/views/text.jade
View File

@ -8,7 +8,9 @@ block head
script(src='/javascripts/syntax.js')
link(rel='stylesheet', href='/stylesheets/gruvbox-dark.css')
link(rel='stylesheet', href='/stylesheets/line-numbers.css')
if paste.vault
script.
window.vault = '#{paste.vault}';
block content
#content
include header.jade

Write Preview
Loading…
Cancel
Save