From c262ccd0e187d55b2690969e62dbe21f773d75de Mon Sep 17 00:00:00 2001 From: Sun Knudsen Date: Tue, 22 Mar 2022 08:20:13 -0400 Subject: [PATCH] Saved .auth_private file securely --- .../tor-client-auth.sh | 21 ++++++++++++------- .../tor-client-auth.sh.asc | 8 +++---- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh b/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh index d1a2a48..b124d6c 100644 --- a/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh +++ b/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh @@ -4,17 +4,19 @@ set -e +umask u=rw,go= + bold=$(tput bold) normal=$(tput sgr0) basedir=$(pwd) if [ ! -d "$basedir/authorized_clients" ] || [ ! -f "$basedir/hostname" ]; then - printf "%s\n" "Run script inside hidden service directory" + printf '%s\n' 'Run script inside hidden service directory' exit 1 fi -printf "%s\n" "Enter key pair name and press enter" +printf '%s\n' 'Enter key pair name and press enter' read -r name @@ -22,7 +24,7 @@ private_key="$(openssl genpkey -algorithm x25519)" public=$(echo -n "$private_key" | \ openssl pkey -pubout | \ - grep -v " PUBLIC KEY" | \ + grep -v ' PUBLIC KEY' | \ base64pem -d | \ tail --bytes=32 | \ base32 | \ @@ -30,16 +32,19 @@ public=$(echo -n "$private_key" | \ auth="descriptor:x25519:$(echo -n $public)" -echo $auth > "$basedir/authorized_clients/$name.auth" +echo $auth | sudo -u debian-tor tee "$basedir/authorized_clients/$name.auth" + private=$(echo -n "$private_key" | \ - grep -v " PRIVATE KEY" | \ + grep -v ' PRIVATE KEY' | \ base64pem -d | \ tail --bytes=32 | \ base32 | \ sed 's/=//g') -auth_private="$(cat $basedir/hostname | awk -F "." '{print $1}'):descriptor:x25519:$private" +auth_private="$(cat $basedir/hostname | awk -F '.' '{print $1}'):descriptor:x25519:$private" + +echo $auth_private | sudo -u debian-tor tee "$basedir/$name.auth_private" client_command="$(echo "cat << EOF > ./$name.auth_private\n$auth_private\nEOF\nchmod 600 $name.auth_private")" @@ -47,6 +52,6 @@ printf "%s\n" "Run following on client (within “auth” folder)" echo "$bold$client_command$normal" -printf "%s $bold%s$normal %s\n" "Don’t forget to run" "systemctl restart tor" "on server" +printf "%s $bold%s$normal %s\n" 'Don’t forget to run' 'systemctl restart tor' 'on server' -printf "%s\n" "Done" +printf '%s\n' 'Done' diff --git a/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh.asc b/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh.asc index cb2fcd0..e55a33c 100644 --- a/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh.asc +++ b/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh.asc @@ -1,7 +1,7 @@ -----BEGIN PGP SIGNATURE----- -iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYg1KQwAKCRACxDrQctV3 -g5XyAP9s8r90O6NMxLPQEB518HHkXvpVby3EGFPuPsbVztXfiAEAjkB9XA/ue7Ef -tzrXGoBhnbMh5YoyxV0jIYKjbIz8Ggs= -=8vOZ +iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYjm98QAKCRACxDrQctV3 +g5ILAP9bisnUxUM2fSM94Z/81SnWhRvkg5vn+9wbE0D1+rVQmQD/ZUvUcvpu7OBq +HFIUc7TgrlK6JIZUapJkAsrJiq3q3A8= +=rSjk -----END PGP SIGNATURE-----