2021-02-24 06:18:01 -05:00
|
|
|
#! /bin/bash
|
|
|
|
|
|
2021-02-25 14:03:38 -05:00
|
|
|
set -e
|
|
|
|
|
|
2021-04-15 12:53:41 -04:00
|
|
|
share_threshold=3
|
|
|
|
|
|
2021-02-25 14:03:38 -05:00
|
|
|
positional=()
|
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
|
|
|
argument="$1"
|
|
|
|
|
case $argument in
|
2021-03-02 16:44:24 -05:00
|
|
|
-h|--help)
|
|
|
|
|
printf "%s\n" \
|
|
|
|
|
"Usage: qr-restore.sh [options]" \
|
|
|
|
|
"" \
|
|
|
|
|
"Options:" \
|
2021-04-15 12:53:41 -04:00
|
|
|
" --shamir-secret-sharing combine secret using Shamir Secret Sharing" \
|
|
|
|
|
" --share-threshold shares required to access secret (defaults to 3)" \
|
|
|
|
|
" --word-list split secret into word list" \
|
|
|
|
|
" -h, --help display help for command"
|
2021-03-02 16:44:24 -05:00
|
|
|
exit 0
|
|
|
|
|
;;
|
2021-04-15 12:53:41 -04:00
|
|
|
--shamir-secret-sharing)
|
|
|
|
|
shamir_secret_sharing=true
|
|
|
|
|
shift
|
|
|
|
|
;;
|
|
|
|
|
--share-threshold)
|
|
|
|
|
share_threshold=$2
|
|
|
|
|
shift
|
|
|
|
|
shift
|
|
|
|
|
;;
|
2021-02-25 15:00:00 -05:00
|
|
|
--word-list)
|
|
|
|
|
word_list=true
|
2021-02-25 14:03:38 -05:00
|
|
|
shift
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
positional+=("$1")
|
|
|
|
|
shift
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
set -- "${positional[@]}"
|
|
|
|
|
|
2021-02-24 06:18:01 -05:00
|
|
|
bold=$(tput bold)
|
|
|
|
|
red=$(tput setaf 1)
|
|
|
|
|
normal=$(tput sgr0)
|
|
|
|
|
|
2021-02-25 15:00:00 -05:00
|
|
|
tput reset
|
|
|
|
|
|
2021-04-15 12:53:41 -04:00
|
|
|
scan_qr_code () {
|
|
|
|
|
local -n data=$1
|
2021-02-24 06:18:01 -05:00
|
|
|
|
2021-04-15 12:53:41 -04:00
|
|
|
printf "%s\n" "Scanning QR code…"
|
|
|
|
|
|
|
|
|
|
data=$(zbarcam --nodisplay --oneshot --quiet --set disable --set qrcode.enable | sed 's/QR-Code://')
|
2021-02-24 06:18:01 -05:00
|
|
|
|
2021-04-15 12:53:41 -04:00
|
|
|
data_hash=$(echo -n "$data" | openssl dgst -sha512 | sed 's/^.* //')
|
|
|
|
|
data_short_hash=$(echo -n "$data_hash" | head -c 8)
|
2021-02-24 06:18:01 -05:00
|
|
|
|
2021-04-15 12:53:41 -04:00
|
|
|
printf "%s\n" "$data"
|
|
|
|
|
printf "%s: $bold%s$normal\n" "SHA512 hash" "$data_hash"
|
|
|
|
|
printf "%s: $bold%s$normal\n" "SHA512 short hash" "$data_short_hash"
|
|
|
|
|
}
|
2021-02-24 06:18:01 -05:00
|
|
|
|
2021-04-15 14:04:08 -04:00
|
|
|
if [ -z "$duplicate" ] && [ "$shamir_secret_sharing" = true ]; then
|
2021-04-15 12:53:41 -04:00
|
|
|
for share_number in $(seq 1 $share_threshold); do
|
|
|
|
|
printf "$bold%s$normal" "Prepare share $share_number or $share_threshold and press enter"
|
|
|
|
|
read -r confirmation
|
|
|
|
|
scan_qr_code share
|
|
|
|
|
shares="$share\n$shares"
|
|
|
|
|
done
|
|
|
|
|
encrypted_secret="$(echo -e "$shares" | secret-share-combine)"
|
|
|
|
|
else
|
|
|
|
|
scan_qr_code encrypted_secret
|
|
|
|
|
fi
|
2021-02-24 06:18:01 -05:00
|
|
|
|
2021-04-15 14:04:08 -04:00
|
|
|
if [ -z "$duplicate" ]; then
|
|
|
|
|
printf "$bold$red%s$normal\n" "Show secret? (y or n)? "
|
|
|
|
|
read -r answer
|
|
|
|
|
if [ "$answer" = "y" ]; then
|
|
|
|
|
if [[ "$encrypted_secret" =~ "-----BEGIN PGP MESSAGE-----" ]]; then
|
|
|
|
|
secret=$(echo -e "$encrypted_secret" | gpg --decrypt)
|
|
|
|
|
else
|
|
|
|
|
secret=$encrypted_secret
|
|
|
|
|
fi
|
2021-02-24 06:18:01 -05:00
|
|
|
|
2021-04-15 14:04:08 -04:00
|
|
|
if [ "$word_list" = true ]; then
|
|
|
|
|
printf "%s\n" "Secret:"
|
|
|
|
|
array=($secret)
|
|
|
|
|
last_index=$(echo "${#array[@]} - 1" | bc)
|
|
|
|
|
for index in ${!array[@]}; do
|
|
|
|
|
position=$(($index + 1))
|
|
|
|
|
printf "%d. $bold%s$normal" "$position" "${array[$index]}"
|
|
|
|
|
if [ $index -lt $last_index ]; then
|
|
|
|
|
printf " "
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
printf "\n"
|
|
|
|
|
else
|
|
|
|
|
printf "%s\n" "Secret:"
|
|
|
|
|
echo "$bold$secret$normal"
|
|
|
|
|
fi
|
2021-02-25 14:03:38 -05:00
|
|
|
fi
|
2021-02-24 06:18:01 -05:00
|
|
|
fi
|
|
|
|
|
|
2021-02-25 14:03:38 -05:00
|
|
|
printf "%s\n" "Done"
|
