Add key generation script + keys folder

2024-11-14 16:31:03 +00:00 · 2018-09-19 09:49:11 +01:00 · 2018-09-19 09:49:11 +01:00 · e392b3a040
commit e392b3a040
parent b674215c6c
3 changed files with 30 additions and 0 deletions
--- a/keys.sh
+++ b/keys.sh
@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# keys.sh generates keys used for the encryption of certain user data. Because
+# user data becomes unrecoverable without these keys, the script and won't 
+# overwrite any existing keys unless you explicitly delete them.
+#
+
+# Generate cookie encryption and authentication keys
+if [[ ! -e "$(pwd)/keys/cookies_enc.aes256" ]]; then
+	dd of=$(pwd)/keys/cookies_enc.aes256 if=/dev/urandom bs=32 count=1
+else
+	echo "cookies key already exists! rm keys/cookies_enc.aes256 if you understand the consquences."
+fi
+if [[ ! -e "$(pwd)/keys/cookies_auth.aes256" ]]; then
+	dd of=$(pwd)/keys/cookies_auth.aes256 if=/dev/urandom bs=32 count=1
+else
+	echo "cookies authentication key already exists! rm keys/cookies_auth.aes256 if you understand the consquences."
+fi
+
+# Generate email encryption key
+if [[ ! -e "$(pwd)/keys/email_enc.aes256" ]]; then
+	dd of=$(pwd)/keys/email_enc.aes256 if=/dev/urandom bs=32 count=1
+else
+	echo "email key already exists! rm keys/email_enc.aes256 if you understand the consquences."
+fi
--- a/keys/.gitignore
+++ b/keys/.gitignore
@ -0,0 +1 @@
+*.aes256
--- a/keys/README.md
+++ b/keys/README.md
@ -0,0 +1,4 @@
+Keys
+====
+
+Contains keys for encrypting database and session data. Generate necessary keys by running (from the root of the project) `./keys.sh`.