From ce4ce311dd2e0bdf49ea7982929982d3e036923c Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sat, 30 Jun 2018 22:01:29 +0300 Subject: [PATCH 1/8] Added script to do symmetric encryption and base64 encoding on input files before passing them to papaerbackup. And another script to decode and decrypt resulting backups. --- gpg-paperbackup.sh | 18 ++++++++++++++++++ paperbackup-verify.sh | 2 +- paperrestore-gpg.sh | 11 +++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100755 gpg-paperbackup.sh create mode 100755 paperrestore-gpg.sh diff --git a/gpg-paperbackup.sh b/gpg-paperbackup.sh new file mode 100755 index 0000000..30196a5 --- /dev/null +++ b/gpg-paperbackup.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Encrypts specified file with gpg default symmetric cipher algorithm +# and prepares paperbackup PDF of encrypted version +# +# USAGE: gpg-paperbackup.sh plaintext_fpath output_fpath +# where plaintext_fpath is plaintext file to encode (can be text or binary) +# encrypted and base64 encoded version of plaintext will be written +# to output_fpath +# +# output_encrypted_path will then be passed to paperbackup.py and +# result written to output_encrypted_path.pdf + +PAPERBACKUPPATH="$(readlink -f $(dirname $0))" +gpg --symmetric -o- "$1" | base64 > "$2" +${PAPERBACKUPPATH}/paperbackup.py "$2" +${PAPERBACKUPPATH}/paperbackup-verify.sh "${2}.pdf" + diff --git a/paperbackup-verify.sh b/paperbackup-verify.sh index 2120667..17f79ac 100755 --- a/paperbackup-verify.sh +++ b/paperbackup-verify.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/bin/bash # USAGE: paperbackup-verify.sh backup.pdf # where backup.pdf should be the pdf created with paperbackup.py diff --git a/paperrestore-gpg.sh b/paperrestore-gpg.sh new file mode 100755 index 0000000..9f7debe --- /dev/null +++ b/paperrestore-gpg.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Restores data from scanned pages created with gpg-paperbackup.sh +# +# USAGE: paperrestore-gpg.sh input_fpath output_fpath +# where input_fpath is path to PDF with scanned paper backup +# previously created with gpg-paperbackup.sh +# Decrypted plaintext will be written to output_fpath + +PAPERBACKUPPATH="$(readlink -f $(dirname $0))" +${PAPERBACKUPPATH}/paperrestore.sh "$1" | base64 --decode | gpg -d > "$2" From 760ee915c66825623e876121a828e387bee231b5 Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 13:32:56 +0300 Subject: [PATCH 2/8] Changed default encryption tool to gpg2 with fallback to gpg if gpg2 is unavailable --- gpg-paperbackup.sh | 22 +++++++++++++++++----- paperrestore-gpg.sh | 17 +++++++++++++++-- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/gpg-paperbackup.sh b/gpg-paperbackup.sh index 30196a5..e6ec3e1 100755 --- a/gpg-paperbackup.sh +++ b/gpg-paperbackup.sh @@ -4,15 +4,27 @@ # and prepares paperbackup PDF of encrypted version # # USAGE: gpg-paperbackup.sh plaintext_fpath output_fpath -# where plaintext_fpath is plaintext file to encode (can be text or binary) -# encrypted and base64 encoded version of plaintext will be written -# to output_fpath # -# output_encrypted_path will then be passed to paperbackup.py and +# where plaintext_fpath is plaintext file to encode (can be text or binary). +# encrypted and base64 encoded version of plaintext will be written +# to output_fpath. +# The script uses gpg2 for symmetric encryption and falls back to gpg +# if gpg2 is not available. +# +# output_encrypted_path will then be passed to paperbackup.py and # result written to output_encrypted_path.pdf PAPERBACKUPPATH="$(readlink -f $(dirname $0))" -gpg --symmetric -o- "$1" | base64 > "$2" + +if ! GPGPATH=$(command -v gpg2) ; then + if ! GPGPATH=$(command -v gpg) ; then + echo "ERROR: gpg and gpg2 commands not found" + exit 1 + fi +fi +echo "${GPGPATH} will be used for encryption" + +${GPGPATH} --symmetric -o- "$1" | base64 > "$2" ${PAPERBACKUPPATH}/paperbackup.py "$2" ${PAPERBACKUPPATH}/paperbackup-verify.sh "${2}.pdf" diff --git a/paperrestore-gpg.sh b/paperrestore-gpg.sh index 9f7debe..918c4ca 100755 --- a/paperrestore-gpg.sh +++ b/paperrestore-gpg.sh @@ -5,7 +5,20 @@ # USAGE: paperrestore-gpg.sh input_fpath output_fpath # where input_fpath is path to PDF with scanned paper backup # previously created with gpg-paperbackup.sh -# Decrypted plaintext will be written to output_fpath +# Decrypted plaintext will be written to output_fpath. +# The script uses gpg2 for decryption and falls back to gpg +# if gpg2 is not available. + PAPERBACKUPPATH="$(readlink -f $(dirname $0))" -${PAPERBACKUPPATH}/paperrestore.sh "$1" | base64 --decode | gpg -d > "$2" + +if ! GPGPATH=$(command -v gpg2) ; then + if ! GPGPATH=$(command -v gpg) ; then + echo "ERROR: gpg and gpg2 commands not found" + exit 1 + fi +fi +echo "${GPGPATH} will be used for encryption" + + +${PAPERBACKUPPATH}/paperrestore.sh "$1" | base64 --decode | ${GPGPATH} -d > "$2" From 630a4e6dab1949bb69a95a8923c8c0f441832b7a Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 13:48:59 +0300 Subject: [PATCH 3/8] Added cipher selection option for gpg-paperbackup.sh --- gpg-paperbackup.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/gpg-paperbackup.sh b/gpg-paperbackup.sh index e6ec3e1..2a2952e 100755 --- a/gpg-paperbackup.sh +++ b/gpg-paperbackup.sh @@ -3,13 +3,15 @@ # Encrypts specified file with gpg default symmetric cipher algorithm # and prepares paperbackup PDF of encrypted version # -# USAGE: gpg-paperbackup.sh plaintext_fpath output_fpath +# USAGE: gpg-paperbackup.sh plaintext_fpath output_fpath cipher # # where plaintext_fpath is plaintext file to encode (can be text or binary). # encrypted and base64 encoded version of plaintext will be written # to output_fpath. # The script uses gpg2 for symmetric encryption and falls back to gpg # if gpg2 is not available. +# Encryption algorithm can be specified in third optional argument. +# Default is AES256. # # output_encrypted_path will then be passed to paperbackup.py and # result written to output_encrypted_path.pdf @@ -24,7 +26,13 @@ if ! GPGPATH=$(command -v gpg2) ; then fi echo "${GPGPATH} will be used for encryption" -${GPGPATH} --symmetric -o- "$1" | base64 > "$2" +if [ -z "$3" ] ; then + CIPHER_ALGO="AES256" +else + CIPHER_ALGO="$3" +fi + +${GPGPATH} --symmetric --cipher-algo $CIPHER_ALGO -o- "$1" | base64 > "$2" ${PAPERBACKUPPATH}/paperbackup.py "$2" ${PAPERBACKUPPATH}/paperbackup-verify.sh "${2}.pdf" From 5faaa34825dce827ae8dd770ca85d6357f13ff8d Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 15:42:56 +0300 Subject: [PATCH 4/8] Now gpg-paperbackup.sh paperrestore-gpg.sh scripts fail if gpg fails for some reason (missing input file, etc.) --- gpg-paperbackup.sh | 2 ++ paperrestore-gpg.sh | 1 + 2 files changed, 3 insertions(+) diff --git a/gpg-paperbackup.sh b/gpg-paperbackup.sh index 2a2952e..8aed78a 100755 --- a/gpg-paperbackup.sh +++ b/gpg-paperbackup.sh @@ -16,6 +16,8 @@ # output_encrypted_path will then be passed to paperbackup.py and # result written to output_encrypted_path.pdf +set -euf -o pipefail + PAPERBACKUPPATH="$(readlink -f $(dirname $0))" if ! GPGPATH=$(command -v gpg2) ; then diff --git a/paperrestore-gpg.sh b/paperrestore-gpg.sh index 918c4ca..62a3a12 100755 --- a/paperrestore-gpg.sh +++ b/paperrestore-gpg.sh @@ -9,6 +9,7 @@ # The script uses gpg2 for decryption and falls back to gpg # if gpg2 is not available. +set -euf -o pipefail PAPERBACKUPPATH="$(readlink -f $(dirname $0))" From 61ef90eefdcd77033629e42eca765fdc0c398777 Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 16:08:25 +0300 Subject: [PATCH 5/8] Changed shebang in gpg-paperbackup.sh and paperrestore-gpg.sh to more portable one. Restored intra2net's shebang in paperbackup-verify.sh --- gpg-paperbackup.sh | 2 +- paperbackup-verify.sh | 2 +- paperrestore-gpg.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gpg-paperbackup.sh b/gpg-paperbackup.sh index 8aed78a..9fe0a31 100755 --- a/gpg-paperbackup.sh +++ b/gpg-paperbackup.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Encrypts specified file with gpg default symmetric cipher algorithm # and prepares paperbackup PDF of encrypted version diff --git a/paperbackup-verify.sh b/paperbackup-verify.sh index 17f79ac..2120667 100755 --- a/paperbackup-verify.sh +++ b/paperbackup-verify.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/bash # USAGE: paperbackup-verify.sh backup.pdf # where backup.pdf should be the pdf created with paperbackup.py diff --git a/paperrestore-gpg.sh b/paperrestore-gpg.sh index 62a3a12..0381093 100755 --- a/paperrestore-gpg.sh +++ b/paperrestore-gpg.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Restores data from scanned pages created with gpg-paperbackup.sh # From 07da092621d2996b71bad6a9ba22c2d657279511 Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 16:31:47 +0300 Subject: [PATCH 6/8] Renamed scripts for symmetric encryption of files before backup --- gpg-paperbackup.sh => paperbackup-symmetric.sh | 0 paperrestore-gpg.sh => paperrestore-symmetric.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename gpg-paperbackup.sh => paperbackup-symmetric.sh (100%) rename paperrestore-gpg.sh => paperrestore-symmetric.sh (100%) diff --git a/gpg-paperbackup.sh b/paperbackup-symmetric.sh similarity index 100% rename from gpg-paperbackup.sh rename to paperbackup-symmetric.sh diff --git a/paperrestore-gpg.sh b/paperrestore-symmetric.sh similarity index 100% rename from paperrestore-gpg.sh rename to paperrestore-symmetric.sh From 13d0ffbda451a3616c91df54074fd299fe956c0c Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 16:55:13 +0300 Subject: [PATCH 7/8] Updated comments in paperbackup-symmetric.sh and paperbackup-symmetric.sh --- paperbackup-symmetric.sh | 2 +- paperrestore-symmetric.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/paperbackup-symmetric.sh b/paperbackup-symmetric.sh index 9fe0a31..e8978f4 100755 --- a/paperbackup-symmetric.sh +++ b/paperbackup-symmetric.sh @@ -3,7 +3,7 @@ # Encrypts specified file with gpg default symmetric cipher algorithm # and prepares paperbackup PDF of encrypted version # -# USAGE: gpg-paperbackup.sh plaintext_fpath output_fpath cipher +# USAGE: paperbackup-symmetric.sh plaintext_fpath output_fpath cipher # # where plaintext_fpath is plaintext file to encode (can be text or binary). # encrypted and base64 encoded version of plaintext will be written diff --git a/paperrestore-symmetric.sh b/paperrestore-symmetric.sh index 0381093..691648a 100755 --- a/paperrestore-symmetric.sh +++ b/paperrestore-symmetric.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash -# Restores data from scanned pages created with gpg-paperbackup.sh +# Restores data from scanned pages created with paperbackup-symmetric.sh # -# USAGE: paperrestore-gpg.sh input_fpath output_fpath +# USAGE: paperrestore-symmetric.sh input_fpath output_fpath # where input_fpath is path to PDF with scanned paper backup -# previously created with gpg-paperbackup.sh +# previously created with paperbackup-symmetric.sh # Decrypted plaintext will be written to output_fpath. # The script uses gpg2 for decryption and falls back to gpg # if gpg2 is not available. From 7e0f1cfb56fb94b1ea2ee00a2700e9d87bc156c4 Mon Sep 17 00:00:00 2001 From: Fedor Kotov Date: Sun, 8 Jul 2018 18:51:26 +0300 Subject: [PATCH 8/8] paperbackup-symmetric.sh can now read input data from stdin and paperrestore-symmetric.sh can write output data to stdout --- paperbackup-symmetric.sh | 12 +++++++++--- paperrestore-symmetric.sh | 12 +++++++++--- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/paperbackup-symmetric.sh b/paperbackup-symmetric.sh index e8978f4..2f0eefe 100755 --- a/paperbackup-symmetric.sh +++ b/paperbackup-symmetric.sh @@ -4,10 +4,12 @@ # and prepares paperbackup PDF of encrypted version # # USAGE: paperbackup-symmetric.sh plaintext_fpath output_fpath cipher +# or paperbackup-symmetric.sh - output_fpath cipher # # where plaintext_fpath is plaintext file to encode (can be text or binary). # encrypted and base64 encoded version of plaintext will be written # to output_fpath. +# If first argument is '-' the script reads input data from stdin. # The script uses gpg2 for symmetric encryption and falls back to gpg # if gpg2 is not available. # Encryption algorithm can be specified in third optional argument. @@ -16,7 +18,7 @@ # output_encrypted_path will then be passed to paperbackup.py and # result written to output_encrypted_path.pdf -set -euf -o pipefail +set -ef -o pipefail PAPERBACKUPPATH="$(readlink -f $(dirname $0))" @@ -34,7 +36,11 @@ else CIPHER_ALGO="$3" fi -${GPGPATH} --symmetric --cipher-algo $CIPHER_ALGO -o- "$1" | base64 > "$2" +if [ $1 = "-" ]; then + ${GPGPATH} --symmetric --cipher-algo $CIPHER_ALGO <&0 | base64 > "$2" +else + ${GPGPATH} --symmetric --cipher-algo $CIPHER_ALGO -o- "$1" | base64 > "$2" +fi ${PAPERBACKUPPATH}/paperbackup.py "$2" -${PAPERBACKUPPATH}/paperbackup-verify.sh "${2}.pdf" +bash ${PAPERBACKUPPATH}/paperbackup-verify.sh "${2}.pdf" diff --git a/paperrestore-symmetric.sh b/paperrestore-symmetric.sh index 691648a..d047a14 100755 --- a/paperrestore-symmetric.sh +++ b/paperrestore-symmetric.sh @@ -3,9 +3,12 @@ # Restores data from scanned pages created with paperbackup-symmetric.sh # # USAGE: paperrestore-symmetric.sh input_fpath output_fpath +# or paperrestore-symmetric.sh input_fpath - +# # where input_fpath is path to PDF with scanned paper backup -# previously created with paperbackup-symmetric.sh +# previously created with paperbackup-symmetric.sh. # Decrypted plaintext will be written to output_fpath. +# If second argument is '-' the script will write decrypted data to stdout. # The script uses gpg2 for decryption and falls back to gpg # if gpg2 is not available. @@ -21,5 +24,8 @@ if ! GPGPATH=$(command -v gpg2) ; then fi echo "${GPGPATH} will be used for encryption" - -${PAPERBACKUPPATH}/paperrestore.sh "$1" | base64 --decode | ${GPGPATH} -d > "$2" +if [ $2 = "-" ]; then + ${PAPERBACKUPPATH}/paperrestore.sh "$1" | base64 --decode | ${GPGPATH} -d +else + ${PAPERBACKUPPATH}/paperrestore.sh "$1" | base64 --decode | ${GPGPATH} -d > "$2" +fi