Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provide a simple command to help users securely email themselves their encryption password #10

Open
nanch opened this issue Oct 1, 2012 · 3 comments

Comments

@nanch
Copy link
Owner

nanch commented Oct 1, 2012

It would be nice to be able to use curl/mail from the command-line to securely email yourself an attachment of your private encryption key for safe-keeping.

A 1-liner without installing anything would be optimal.

Anyone know how to do this?

@nanch
Copy link
Owner Author

nanch commented Nov 4, 2012

The intent of this feature is to prevent cases where a user loses their private key and is unable to restore.

I'm thinking of having a client-side-javascript browser implementation where the user encrypts their encryption password with a memorable unique key (e.g. birthdate+phonenumber+salt) and it gets emailed to themselves.

@nanch
Copy link
Owner Author

nanch commented Nov 9, 2012

As of right now, this is a working prototype. A problem I see is that it's hard to upload from the terminal without a script to read the encoded-encrypted key and put it as a curl parameter. It'd be better to post it as a file, but the email address also has to be included, and you can't use --data-urlencode and -F options together.

To send yourself your encrypted key, use:

openssl enc -aes-256-cbc -salt -in encryption.key -out encryption.key.enc -pass pass:PASSPHRASE
openssl base64 -in encryption.key.enc -out encryption.key.enc.b64
curl https://tarbackup.com/api/v1/email -u username:password --data-urlencode "[email protected]" --data-urlencode "enckey=base64_encrypted_key"

To decrypt, the process is:

(get encoded-encrypted-key from email attachment or copy text from email)

# openssl base64 -d -in encryption.key.enc.b64.txt -out encryption.key.enc.txt
# openssl enc -d -aes-256-cbc -in encryption.key.enc.txt -out encryption.key -pass pass:XXXX

# sftp [email protected]
> wget backup.tgz.enc

# openssl enc -d -aes-256-cbc -in backup.tgz.enc -out backup.tgz -pass file:encryption.key

@nanch
Copy link
Owner Author

nanch commented Nov 9, 2012

I updated the server-side to receive posts via the -F curl option.

So send yourself your private encryption key via email:

# curl https://tarbackup.com/api/v1/email -u username:password -F "[email protected]" -F "[email protected]"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant