upd: encrypto the CRLs, do not compress offline data before crypting, add summary

diff --git a/all.sh b/all.sh
index 546739788cb3469ea4c8cb76226328bbc908eb90..40a839f1e85b20c2e626ce1fb7a52f3bc8469a94 100755 (executable)
--- a/all.sh
+++ b/all.sh
@@ -24,3 +24,5 @@ echo "========== Collection things ======="
 ./collectGigiConfig.sh 2015
 ./collectOffline.sh 2015
 ./collectSignerConfig.sh 2015
+
+./summary.sh 2015

diff --git a/collectCRLs.sh b/collectCRLs.sh
index 82a9ec1f0d2f23d0882c186a35ca512146d6a735..b123ca35ab2101f5bf1694f8959c0a1d7c57ce9b 100755 (executable)
--- a/collectCRLs.sh
+++ b/collectCRLs.sh
@@ -14,10 +14,11 @@ fetchCRLS(){ #year, cyear month timeIdx
     cyear=$2
     month=$3
     timeIdx=$4
-    cp $year/ca/env_${year}_${timeIdx}.ca/${cyear}_${month}.crl crls-${year}/$year-$month/${year}/env_${year}_${timeIdx}.crl   
+    cp -v $year/ca/env_${year}_${timeIdx}.ca/${cyear}_${month}.crl crls-${year}/$cyear-$month/${year}/env_${year}_${timeIdx}.crl
     # no "for ca in $STRUCT_CAs" because that's cassiopeias work.
 }
 
+rm -Rf crls-${year}
 mkdir -p crls-${year}
 for month in {01..12}; do
     BASE=crls-${year}/$year-$month
@@ -55,7 +56,16 @@ for month in {01..06}; do
 done
 
 pushd crls-${year}
+rm -f crl-passwords1.txt crl-passwords2.txt
 for i in *; do
-    tar czf $i.tgz -C $i .
+    PASSW1=`head -c15 /dev/urandom | base64`
+    PASSW2=`head -c15 /dev/urandom | base64`
+    echo "Crypting CRL $i"
+    echo "$i: $PASSW1" >> crl-passwords1.txt
+    echo "$i: $PASSW2" >> crl-passwords2.txt
+    tar c -C $i . | openssl enc -e -kfile <(echo -n "$PASSW1$PASSW2") -md sha256 -aes-256-cbc > $i.tar.aes-256-cbc
+    PASSW1=
+    PASSW2=
+
 done
 popd

diff --git a/collectOffline.sh b/collectOffline.sh
index c5715a8ceb5738fc00026738cf17fb8e0749def9..190da54eb1575e22dffda8fe2d39439dac5c0d51 100755 (executable)
--- a/collectOffline.sh
+++ b/collectOffline.sh
@@ -2,4 +2,7 @@
 
 cd generated
 
-tar cz *.ca | openssl enc -e -kfile <(echo 1234) -md sha256 -aes-256-cbc > offline.tar.gz.aes-256-cbc
+PASSW=`head -c15 /dev/random | base64`
+echo $PASSW > offlinePassword.txt
+tar c *.ca | openssl enc -e -kfile <(echo -n "$PASSW") -md sha256 -aes-256-cbc > offline.tar.aes-256-cbc
+PASSW=

diff --git a/summary.sh b/summary.sh
new file mode 100755 (executable)
index 0000000..46ce2fb
--- /dev/null
+++ b/summary.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+[ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1 
+year=$1
+
+. structure
+. commonFunctions
+cd generated
+
+
+echo "Data for escrow{1,2}"
+ls -als offline.tar.aes-256-cbc
+#openssl enc -d -in offline.tar.aes-256-cbc -kfile <(cat offlinePassword.txt) -md sha256 -aes-256-cbc | tar t
+
+echo "Data for offlinePassword"
+ls -als offlinePassword.txt
+
+echo "Data for crlPassword1-{1,2}"
+ls -als crls-$year/crl-passwords1.txt
+
+echo "Data for crlPassword2-{1,2}"
+ls -als crls-$year/crl-passwords2.txt
+
+echo "Data for operative"
+ls -als crls-$year/*.tar.aes-256-cbc gigi-$year.tar.gz signer-client-$year.tar.gz signer-server-$year.tar.gz