s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-23 01:03:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Saved .auth_private file securely

Browse Source
This commit is contained in:
Sun Knudsen 2022-03-22 08:20:13 -04:00
parent 188b008c89
commit c262ccd0e1
No known key found for this signature in database
GPG Key ID: 02C43AD072D57783
2 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh
View File

@ -4,17 +4,19 @@
set -e set -e
umask u=rw,go=
bold=$(tput bold) bold=$(tput bold)
normal=$(tput sgr0) normal=$(tput sgr0)
basedir=$(pwd) basedir=$(pwd)
if [ ! -d "$basedir/authorized_clients" ] || [ ! -f "$basedir/hostname" ]; then if [ ! -d "$basedir/authorized_clients" ] || [ ! -f "$basedir/hostname" ]; then
printf "%s\n" "Run script inside hidden service directory" printf '%s\n' 'Run script inside hidden service directory'
exit 1 exit 1
fi fi
printf "%s\n" "Enter key pair name and press enter" printf '%s\n' 'Enter key pair name and press enter'
read -r name read -r name
@ -22,7 +24,7 @@ private_key="$(openssl genpkey -algorithm x25519)"
public=$(echo -n "$private_key" | \ public=$(echo -n "$private_key" | \
openssl pkey -pubout | \ openssl pkey -pubout | \
grep -v " PUBLIC KEY" | \ grep -v ' PUBLIC KEY' | \
base64pem -d | \ base64pem -d | \
tail --bytes=32 | \ tail --bytes=32 | \
base32 | \ base32 | \
@ -30,16 +32,19 @@ public=$(echo -n "$private_key" | \
auth="descriptor:x25519:$(echo -n $public)" auth="descriptor:x25519:$(echo -n $public)"
echo $auth > "$basedir/authorized_clients/$name.auth" echo $auth | sudo -u debian-tor tee "$basedir/authorized_clients/$name.auth"
private=$(echo -n "$private_key" | \ private=$(echo -n "$private_key" | \
grep -v " PRIVATE KEY" | \ grep -v ' PRIVATE KEY' | \
base64pem -d | \ base64pem -d | \
tail --bytes=32 | \ tail --bytes=32 | \
base32 | \ base32 | \
sed 's/=//g') sed 's/=//g')
auth_private="$(cat $basedir/hostname | awk -F "." '{print $1}'):descriptor:x25519:$private" auth_private="$(cat $basedir/hostname | awk -F '.' '{print $1}'):descriptor:x25519:$private"
echo $auth_private | sudo -u debian-tor tee "$basedir/$name.auth_private"
client_command="$(echo "cat << EOF > ./$name.auth_private\n$auth_private\nEOF\nchmod 600 $name.auth_private")" client_command="$(echo "cat << EOF > ./$name.auth_private\n$auth_private\nEOF\nchmod 600 $name.auth_private")"
@ -47,6 +52,6 @@ printf "%s\n" "Run following on client (within “auth” folder)"
echo "$bold$client_command$normal" echo "$bold$client_command$normal"
printf "%s $bold%s$normal %s\n" "Dont forget to run" "systemctl restart tor" "on server" printf "%s $bold%s$normal %s\n" 'Dont forget to run' 'systemctl restart tor' 'on server'
printf "%s\n" "Done" printf '%s\n' 'Done'

8
how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh.asc
View File

@ -1,7 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYg1KQwAKCRACxDrQctV3 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYjm98QAKCRACxDrQctV3
g5XyAP9s8r90O6NMxLPQEB518HHkXvpVby3EGFPuPsbVztXfiAEAjkB9XA/ue7Ef g5ILAP9bisnUxUM2fSM94Z/81SnWhRvkg5vn+9wbE0D1+rVQmQD/ZUvUcvpu7OBq
tzrXGoBhnbMh5YoyxV0jIYKjbIz8Ggs= HFIUc7TgrlK6JIZUapJkAsrJiq3q3A8=
=8vOZ =rSjk
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----