To protect your data, the CISO officer has suggested users to enable 2FA as soon as possible.
Currently 2.7% of users enabled 2FA.

Commit b189bd03 authored by COMP4300's avatar COMP4300
Browse files

initial version of files

parents
# Key Manager Software Package
#
This directory contains the files for the Key Manager software package,
used for maintaining web passwords. It assumes these are stored in a CSV
key file (keyfile) with the following format:
`isValid, key, username, password, auxInfo, recQuestions, url, notes, timestamp`
e.g.
`1, gmail, somebody@gmail.com, ********, , , https://mail.google.com, ,162628989`
* isValid: 1 or 0; if 1 the entry is considered valid
- set to 0 if you wish to delete the entry on the next merge operation
* key: a unique name for the entry
* username: the user name associated with the password
* auxInfo: auxiliary log in information, for example a PIN
* recQuestions: account recovery questions and answers
* url: typical web address where one logs into
* notes: any notes pertaining to the entry
* timestamp: an integer to specify the last modification date of the entry
- as generated by running `./getTimeStamp`
The utilities are only weakly sensitive to the format and should still work
with small deviations from it. Normally, the key file is encrypted (keyfile.gpg),
and the clear-text key file (keyfile) does not exist. The philosophy of the
utilities is to expose as little of the clear-text contents of the key file as possible.
The utilities assume keyfile.gpg has been created with an account-wide private key, which can be created by:
```
gpg --gen-key
gpg --list-key
```
The generate key command requires a GPG user id to be specified. If the email address of the id was
specified as `somebodysomebody@gmail.com`, then the key file show and edit utilities require the following environment:
```
export GPG_ID=somebody@gmail.com
```
The edit utility also requires the `EDITOR' environment to be set to a suitable text editor, e.g.
```
export EDITOR="emacs -nw"
```
Once keyfile is set to contain the required password entries (without timestamps), timestamps can be
added by:
```
./addTimeStamp < keyfile
```
Then the encrypted file can be created by
```
./key-edit -c keyfile
```
If keyfile.gpg was successfully created, keyfile will be removed. To show the entry associated with a key xyz:
```
./key-show xyz keyfile
./key-show -v xyz keyfile
```
The second command is to show the whole line (verbose mode); otherwise only the first 6 fields are displayed.
A `-c` option can be used to keep the clear-text keyfile (use with care).
To display a list all the keys, use:
```
./key-show -k keyfile
```
To edit the file, use
```
./key-edit keyfile
```
The command `./getTimeStamp' can be used to generate a new timestamp for the modified entries.
If the user is satisfied with the changes, keyfile is encrypted into keyfile.gpg and the clear-text
keyfile is deleted,
TODO: add a merge keyfile script
\ No newline at end of file
#!/bin/bash
# v1.0 written by Peter Strazdins, 28/07/21
ts=$1
awk -F',' "{ i=1;
while (length(\$i) != 0) {
# printf(\"%s%s\", \$i, \",\")
i++
}
if (i < 6) {print \$0} else {print \$0 $ts}
}"
#!/bin/bash
# v1.0 written by Peter Strazdins, 28/07/21
date "+%s"
#!/bin/bash
# v1.0 written by Peter Strazdins, 28/07/21
#GPG_ID=somebody@gmail.com
usage="usage: key-edit [-c] keyfile"
if [ -z "$GPG_ID" ] ; then
echo "$0: environment GPG_ID must be set to email addr. of a valid gpg id"
exit 1
fi
if [ -z "$EDITOR" ] ; then
echo "$0: environment EDITOR must be set"
exit 1
fi
createEnDB=false
while getopts "c" arg; do
case $arg in
c)
createEnDB=true
;;
*)
echo $usage; exit 1
;;
esac
done
shift $(($OPTIND - 1))
keyfile=$1
if [ -z "$keyfile" ] ; then
echo $usage ": missing keyfile"; exit 1
fi
if $createEnDB ; then
if [ ! -f "$keyfile" ] ; then
echo "$0: keyfile $keyfile must exist for -c option"
exit 2
fi
if [ -f $keyfile.gpg ] ; then
echo "$0: moving $keyfile.gpg to $keyfile.gpg.bak... "
mv $keyfile.gpg $keyfile.gpg.bak
fi
echo running: gpg --quiet --yes -r $GPG_ID -e $keyfile
gpg --quiet --yes -r $GPG_ID -e $keyfile && rm -f $keyfile
exit 0
elif [ -f $keyfile ] ; then
echo "$0: cowardly refusing to overwrite keyfile $keyfile. Use -c to encrypt this file"
exit 2
elif [ ! -f $keyfile.gpg ]; then
echo "$0: $keyfile.gpg does not exist"
exit 2
fi
# main path, decryptimg, editing and encrypting $keyfile
function keyEditInt() {
echo "$0: interrupted. Cleaning up clear-text $keyfile $keyfile.bak..."
rm -rf $keyfile $keyfile.bak
exit 4
}
trap keyEditInt SIGINT SIGTERM SIGKILL SIGSTOP SIGHUP SIGTSTP
echo running: gpg --quiet --yes -r $GPG_ID -o $keyfile -d $keyfile.gpg
gpg --quiet --yes -r $GPG_ID -o $keyfile -d $keyfile.gpg
cp $keyfile $keyfile.bak
abort=retry
while [ $abort = retry ] ; do
$EDITOR $keyfile
echo "$0: diff of new and old $keyfile: "
diff -b $keyfile $keyfile.bak
echo -n "Do you want to commit these changes? (y/N/R R=retry): "
read ans
abort=false
if [ ! -z "ans" ] ; then
case $ans in
n*)
abort=true ;;
N*)
abort=true ;;
r*)
abort=retry ;;
R*)
abort=retry ;;
esac
fi
done
rm -f $keyfile~ # for emacs users
if $abort ; then
echo "$0: abort; $keyfile and its previous version $keyfile.bak are left"
exit 2;
fi
echo echo "$0: copying $keyfile.gpg to $keyfile.bak.gpg"
cp $keyfile.gpg $keyfile.bak.gpg
echo running: gpg --quiet --yes -r $GPG_ID -e $keyfile
gpg --quiet --yes -r $GPG_ID -e $keyfile && rm -f $keyfile $keyfile.bak
#!/bin/bash
# v1.0 written by Peter Strazdins, 28/07/21
#GPG_ID=somebody@gmail.com
usage="usage: key-show [-c] [-k] | [-v] key keyfile"
if [ -z "$GPG_ID" ] ; then
echo "$0: environment GPG_ID must be set to email addr. of a valid gpg id"
exit 1
fi
showKeys=false
key=
verb=false
keepClearText=false
while getopts "ckv" arg; do
case $arg in
k)
showKeys=true
;;
c)
keepClearText=true
;;
v)
verb=true
;;
*)
echo $usage; exit 1
;;
esac
done
shift $(($OPTIND - 1))
if [ $showKeys = false ] ; then
key=$1; shift
if [ -z "$key" ] ; then
echo $usage ": missing key"; exit 1
fi
fi
echo $key
keyfile=$1
if [ -z "$keyfile" ] ; then
echo $usage ": missing keyfile"; exit 1
fi
if [ -f "$keyfile" ] ; then
echo "$0: WARNING: clear-text $keyfile exists"
fi
if [ -f "$keyfile" ] && $keepClearText ; then
echo "$0: $keyfile exists, -c given; cowardly refusing to overwrite it"
exit 2
fi
if [ ! -f "$keyfile.gpg" ] ; then
echo "$0: could not find encrypted keyfile $keyfile.gpg"
exit 2
fi
if $keepClearText ; then
echo running: gpg --quiet --yes -r $GPG_ID -o $keyfile -d $keyfile.gpg
gpg --quiet --yes -r $GPG_ID -o $keyfile -d $keyfile.gpg
if $showKeys ; then
keys=`awk -F, '{print $2}' $keyfile | sort`
echo $keys
elif $verbose ; then
grep $key $keyfile
else
grep $key $keyfile | awk -F, \
"for (i=2; i<6; i++) printf(\"%s%s\", \$i, \",\"); print"
fi
else
echo running: gpg --quiet --yes -r $GPG_ID -d $keyfile.gpg
gpg --quiet --yes -r $GPG_ID -d $keyfile.gpg | \
( if $showKeys ; then
awk -F, '{print $2}'
elif $verbose ; then
grep $key
else
grep $key | awk -F, \
"for (i=2; i<6; i++) printf(\"%s%s\", \$i, \",\"); print"
fi
)
fi
1, gmail, somebody@gmail.com, ********, , , https://mail.google.com, ,162628989
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment