Due: Tue, Dec, 19 11:59pm
In this project, you will implement cyphr.sh -- a shell script that wraps a few operations of the openssl utility. Specifically, cyphr.sh provides an easy interface for:
Print a usage statement to stdout and exit with status 0.
Generate an RSA keypair. Here, INFILE is actually the path for storing the private key, and OUTFILE is the path for storing the public key.
Encrypt INFILE using (a key derived from) PASSWORD. The ciphertext is written to the OUTFILE.
Decrypt INFILE using (a key derived from) PASSWORD. The plaintext is written to the OUTFILE.
Sign INFILE using PRIVATE_KEY_FILE. The OUTFILE is the same as INFILE, but with the signature prepended. If both -e and -s are given, first encrypt INFILE, then sign the ciphertext.
Verify the signature on INFILE. If the signature is valid, skip over the signature and write the rest of INFILE to OUTFILE. If both -d and -v are given, first verify the file, then strip the signature and decrypt the rest of the file, writing the plaintext to OUTFILE.
The OpenSSL utility has many subcommands and options. To keep things simple (and facilitate grading), you must use the following OpenSSL commands:
openssl genpkey -algorithm RSA -out PRIVATE_KEY_FILE
openssl pkey -in PRIVATE_KEY_FILE -pubout -out PUBLIC_KEY_FILE
The first command generates the private key file, and the second produces the
public key file from the private one.
openssl enc -aes-256-cbc -pbkdf2 -pass pass:PASSWORD -in INPUT_FILE
Here, PASSWORD is the password and INPUT_FILE is
the file to encrypt. By default, openssl writes the
ciphertext to stdout; use the -out OUTPUT_FILE option to
write the output to a file.
openssl enc -aes-256-cbc -d -pbkdf2 -pass pass:PASSWORD -in INPUT_FILE
Here, PASSWORD is the password and INPUT_FILE is
the file to decrypt. By default, openssl writes the
plaintext to stdout; use the -out OUTPUT_FILE option to
write the output to a file.
openssl dgst -sha256 -sign PRIVATE_KEY_FILE -out SIGNATURE_FILE INPUT_FILE
The above command signs INPUT_FILE using
PRIVATE_KEY_FILE, and writes the signature to
SIGNATURE_FILE.
openssl dgst -sha256 -verify PUBLIC_KEY_FILE -signature SIGNATURE_FILE INPUT_FILE
The above command checks that SIGNATURE_FILE is a valid
signature of INPUT_FILE that was produced using the private
key that corresponds to PUBLIC_KEY_FILE.
Submit your project as a zip file via gradescope. Your zip file should include a single file: cyphr.sh. Please refer to the instructions for submitting an assignment for details on how to login to gradescope and properly zip your project.
Input Files: dog.txt
./cyphr.sh -h
Prints a usage statement to stdout. The statement must start with either Usage or usage; you decide the rest of the message. Conventionally, this option either prints the synopsis or a more verbose statement that also includes a description of the options.
./cyphr.sh -h
echo $?
0
The exit status is zero.
./cyphr.sh -e abcd1234 dog.txt dog.enc
Encrypts dog.txt.
./cyphr.sh -d abcd1234 dog.enc dog.dec
Decrypts dog.enc. (We asssume dog.enc already exists.)
./cyphr.sh -g private.pem public.pem
Produces a public and private key file.
./cyphr.sh -s -private.pem dog.txt dog.sign
Signs dog.txt using the key in private.pem.
./cyphr.sh -v public.pem dog.sign dog.ver
Validates the signature on dog.sign and the original file contents to dog.ver. Assume that public.pem and dog.sign already exist.
./cyphr.sh -v public-bad.pem dog.sign dog.ver
Fails to verify the document. (Assume that public-bad.pem and dog.sign already exist. cyphr.sh must (1) return a non-zero exit status, and (2) write at least one line to stderr. cyphr.sh must not create the file dog.ver.
./cyphr.sh -e abcd1234 -s private.pem dog.txt dog.enc.sign
The command should produce dog.enc.sign by encrypting dog.txt and preprending a signature for the encrypted data. Assume that private.pem already exists.
./cyphr.sh -d abcd1234 -v public.pem dog.enc.sign dog.ver.dec
Validates the signature on dog.enc.sign, and then decrypts the data, writing the original plaintext data to dog.ver.dec.