SecureEnvelope.sh

#!/bin/bash

function apps_installed_check() {

	# Checks if the tools required (OpenSSL & ZIP) are installed or not.

	echo -e "[*] Checking if the required applications are installed or not"

	if [[ $(dpkg -l | awk {'print $2'} | grep ^gpg$) = "gpg" ]] && [[ $(dpkg -l | awk {'print $2'} | grep ^openssl$) = "openssl" ]]; then 
		echo -e "[+] GPG and OpenSSL is installed. Proceeding ...\n"
	else
		echo -e "[-] ERROR  ::: The required tools (OpenSSL and GPG) are not installed. Please install them and try again\n." > /dev/stderr
		exit
	fi
}

function arg_check() {

	# Checks if the number of arguments for 'SENDER' and 'RECEIVER' mode are correct or not.
	# Prints help message if '-h' or '--help' is passed as the first argument to the script.

	if [[ $2 == '-sender' ]]; then
		echo -e "[*] Operating in 'SENDER' mode\n"
		if ! [[ $# -eq 8 ]]; then
			echo -e "[-] ERROR  ::: Lesser arguments than required. Please check the script's usage and try again." > /dev/stderr
			exit
		fi

	elif [[ $2 == '-receiver' ]]; then
		echo -e "[*] Operating in 'RECEIVER' mode\n"
		if ! [[ $# -eq 6 ]]; then
			echo -e "[-] ERROR  ::: Lesser arguments than required. Please check the script's usage and try again." > /dev/stderr
			exit
		fi

	fi
}

function input_files_check() {
	if [[ $2 == '-sender' ]]; then
		echo -e "[*] The provided receiver #1's public key is at $3"
		echo -e "[*] The provided receiver #2's public key is at $4"
		echo -e "[*] The provided receiver #3's public key is at $5"
		echo -e "[*] The provided sender's private key is at $6"
		echo -e "[*] The provided plaintext file is at $7"
		echo -e "[*] The zip file for the intended receiver will be placed at $8\n"

		if ! [[ -f $3 ]]; then
			echo -e "[-] ERROR  ::: The receiver #1's public key ($3) does not exist. Please try again." > /dev/stderr
			exit
		fi

		if ! [[ -f $4 ]]; then
			echo -e "[-] ERROR  ::: The receiver #2's public key ($4) does not exist. Please try again." > /dev/stderr
			exit
		fi

		if ! [[ -f $5 ]]; then
			echo -e "[-] ERROR  ::: The receiver #3's public key ($5) does not exist. Please try again." > /dev/stderr
			exit
		fi

		if ! [[ -f $6 ]]; then
			echo -e "[-] ERROR  ::: The sender's private key ($6) does not exist. Please try again." > /dev/stderr
			exit
		fi

		if ! [[ -f $7 ]]; then
			echo -e "[-] ERROR  ::: The file ($7) does not exist. Please try again." > /dev/stderr
			exit
		fi

	elif [[ $2 == '-receiver' ]]; then
		echo -e "[*] The provided receiver's private key is at $3"
		echo -e "[*] The provided sender's public key is at $4"
		echo -e "[*] The provided zip file is at $5"
		echo -e "[*] The decrypted plaintext file will be placed at $6\n"

		if ! [[ -f $3 ]]; then
			echo -e "[-] ERROR  ::: The receiver's private key ($3) does not exist. Please try again." > /dev/stderr
			exit
		fi

		if ! [[ -f $4 ]]; then
			echo -e "[-] ERROR  ::: The sender's public key ($4) does not exist. Please try again." > /dev/stderr
			exit
		fi

		if ! [[ -f $5 ]]; then
			echo -e "[-] ERROR  ::: The provided zip file ($5) does not exist. Please try again." > /dev/stderr
			exit
		fi
	fi
}

function sender_operations() {
	cryptosystem_script=$1
	operating_mode=$2
	receiver1_pubkey=$3
	receiver2_pubkey=$4
	receiver3_pubkey=$5
	sender_pvtkey=$6
	plaintext_file=$7
	zipfile_for_receiver=$8

	encrypted_filename='file.enc'
	encrypted_filename_signature='file.enc.sign'
	randomsymmetricsession_key_encrypted_for_receiver1='rndsymm_r1.enc'
	randomsymmetricsession_key_encrypted_for_receiver2='rndsymm_r2.enc'
	randomsymmetricsession_key_encrypted_for_receiver3='rndsymm_r3.enc'

	tmp_sender_directory='/dev/shm/tmp_sender'
	mkdir $tmp_sender_directory 2>/dev/null

	echo -e "[*] Generating random symmetric session key to encrypt $plaintext_file"
	echo -e "[*] The random symmetric session key will be stored at $tmp_sender_directory as randomsymmetricsession.key"
	randomsymmetricsessionkey_outfilepath=$tmp_sender_directory/randomsymmetricsession.key
	openssl rand -base64 128 > $randomsymmetricsessionkey_outfilepath

	if ! [[ -f $randomsymmetricsessionkey_outfilepath ]]; then
		echo -e "\n[-] ERROR  ::: The random symmetric session key was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Encrypting $plaintext_file with the generated random session key ($randomsymmetricsessionkey_outfilepath)"
	echo -e "[*] The encrypted file will be stored at $tmp_sender_directory as $encrypted_filename"
	openssl enc -aes-256-cbc -pbkdf2 -e -in $plaintext_file -out $tmp_sender_directory/$encrypted_filename -pass file:$randomsymmetricsessionkey_outfilepath
	
	if ! [[ -f $tmp_sender_directory/$encrypted_filename ]]; then
		echo -e "\n[-] ERROR  ::: The encrypted file was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Generating $encrypted_filename file's signature."
	echo -e "[*] The file's signature will be stored at $tmp_sender_directory as $encrypted_filename_signature"
	openssl dgst -sha256 -sign $sender_pvtkey -out $tmp_sender_directory/$encrypted_filename_signature $tmp_sender_directory/$encrypted_filename
	
	if ! [[ -f $tmp_sender_directory/$encrypted_filename_signature ]]; then
		echo -e "\n[-] ERROR  ::: The encrypted file's signature was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Creating shared secret keys for all the receivers\n"

	echo -e "[*] Generating shared secret key for receiver #1"
	echo -e "[*] The shared secret key for receiver #1 will be stored at $tmp_sender_directory as sharedsecret_receiver1.key"
	sharedsecret_receiver1_outfile=$tmp_sender_directory/sharedsecret_receiver1.key
	openssl pkeyutl -derive -inkey $sender_pvtkey -peerkey $receiver1_pubkey -out $sharedsecret_receiver1_outfile
	
	if ! [[ -f $sharedsecret_receiver1_outfile ]]; then
		echo -e "\n[-] ERROR  ::: The shared secret key for receiver #1 was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Generating shared secret key for receiver #2"
	echo -e "[*] The shared secret key for receiver #2 will be stored at $tmp_sender_directory as sharedsecret_receiver2.key"
	sharedsecret_receiver2_outfile=$tmp_sender_directory/sharedsecret_receiver2.key
	openssl pkeyutl -derive -inkey $sender_pvtkey -peerkey $receiver2_pubkey -out $sharedsecret_receiver2_outfile
	
	if ! [[ -f $sharedsecret_receiver2_outfile ]]; then
		echo -e "\n[-] ERROR  ::: The shared secret key for receiver #2 was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Generating shared secret key for receiver #3"
	echo -e "[*] The shared secret key for receiver #3 will be stored at $tmp_sender_directory as sharedsecret_receiver3.key"
	sharedsecret_receiver3_outfile=$tmp_sender_directory/sharedsecret_receiver3.key
	openssl pkeyutl -derive -inkey $sender_pvtkey -peerkey $receiver3_pubkey -out $sharedsecret_receiver3_outfile
	
	if ! [[ -f $sharedsecret_receiver3_outfile ]]; then
		echo -e "\n[-] ERROR  ::: The shared secret key for receiver #3 was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Creating encrypted random session key for receiver #1, using receiver #1's shared secret key"
	echo -e "[*] The encrypted random session key for receiver #1 will be stored at $tmp_sender_directory as $randomsymmetricsession_key_encrypted_for_receiver1"
	randomsymmetricsession_key_encrypted_for_receiver1_outfilepath=$tmp_sender_directory/$randomsymmetricsession_key_encrypted_for_receiver1
	openssl enc -aes-256-cbc -pbkdf2 -e -in $randomsymmetricsessionkey_outfilepath -out $randomsymmetricsession_key_encrypted_for_receiver1_outfilepath -pass file:$sharedsecret_receiver1_outfile
	
	if ! [[ -f $randomsymmetricsession_key_encrypted_for_receiver1_outfilepath ]]; then
		echo -e "\n[-] ERROR  ::: The encrypted random session key for receiver #1 was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Creating encrypted random session key for receiver #2, using receiver #2's shared secret key"
	echo -e "[*] The encrypted random session key for receiver #2 will be stored at $tmp_sender_directory as $randomsymmetricsession_key_encrypted_for_receiver2"
	randomsymmetricsession_key_encrypted_for_receiver2_outfilepath=$tmp_sender_directory/$randomsymmetricsession_key_encrypted_for_receiver2
	openssl enc -aes-256-cbc -pbkdf2 -e -in $randomsymmetricsessionkey_outfilepath -out $randomsymmetricsession_key_encrypted_for_receiver2_outfilepath -pass file:$sharedsecret_receiver2_outfile
	
	if ! [[ -f $randomsymmetricsession_key_encrypted_for_receiver2_outfilepath ]]; then
		echo -e "\n[-] ERROR  ::: The encrypted random session key for receiver #2 was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Creating encrypted random session key for receiver #3, using receiver #3's shared secret key"
	echo -e "[*] The encrypted random session key for receiver #3 will be stored at $tmp_sender_directory as $randomsymmetricsession_key_encrypted_for_receiver3"
	randomsymmetricsession_key_encrypted_for_receiver3_outfilepath=$tmp_sender_directory/$randomsymmetricsession_key_encrypted_for_receiver3
	openssl enc -aes-256-cbc -pbkdf2 -e -in $randomsymmetricsessionkey_outfilepath -out $randomsymmetricsession_key_encrypted_for_receiver3_outfilepath -pass file:$sharedsecret_receiver3_outfile
	
	if ! [[ -f $randomsymmetricsession_key_encrypted_for_receiver3_outfilepath ]]; then
		echo -e "\n[-] ERROR  ::: The encrypted random session key for receiver #3 was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Generating a zip file with the required files to be sent to the receiver"
	echo -e "[*] The zip file for receiver #3 will be here - $zipfile_for_receiver"
	zip -j $zipfile_for_receiver $tmp_sender_directory/$encrypted_filename $tmp_sender_directory/$encrypted_filename_signature $randomsymmetricsession_key_encrypted_for_receiver1_outfilepath $randomsymmetricsession_key_encrypted_for_receiver2_outfilepath $randomsymmetricsession_key_encrypted_for_receiver3_outfilepath > /dev/null
	
	if ! [[ -f $zipfile_for_receiver ]]; then
		echo -e "\n[-] ERROR  ::: The zip file for the intended receiver was not created. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		exit
	else
		echo -e "[*] Deleting all the intermediate files stored at $tmp_sender_directory"
		rm -rf $tmp_sender_directory
		echo -e "[+] DONE\n"
	fi
}

function receiver_operations() {
	cryptosystem_script=$1
	operating_mode=$2
	receiver_pvtkey=$3
	sender_pubkey=$4
	zipfile_for_receiver=$5
	decrypted_plaintext_file=$6

	encrypted_filename='file.enc'
	encrypted_filename_signature='file.enc.sign'
	randomsymmetricsession_key_encrypted_for_receiver1='rndsymm_r1.enc'
	randomsymmetricsession_key_encrypted_for_receiver2='rndsymm_r2.enc'
	randomsymmetricsession_key_encrypted_for_receiver3='rndsymm_r3.enc'

	tmp_receiver_directory='/home/kali/Desktop/receiver/tmp_receiver'
	mkdir $tmp_receiver_directory 2>/dev/null

	echo -e "[*] Extracting the zip file containing the files intended for the receiver, present at $zipfile_for_receiver"
	echo -e "[*] The zip file for the receiver will be extracted here - $tmp_receiver_directory"
	unzip -o $zipfile_for_receiver -d $tmp_receiver_directory > /dev/null
	
	if ! [[ -d $tmp_receiver_directory ]] || ! [[ -f $tmp_receiver_directory/$encrypted_filename ]] || ! [[ -f $tmp_receiver_directory/$encrypted_filename_signature ]] || ! [[ -f $tmp_receiver_directory/$randomsymmetricsession_key_encrypted_for_receiver1 ]] || ! [[ -f $tmp_receiver_directory/$randomsymmetricsession_key_encrypted_for_receiver2 ]] || ! [[ -f $tmp_receiver_directory/$randomsymmetricsession_key_encrypted_for_receiver3 ]]; then
		echo -e "\n[-] ERROR  ::: The zip file was not extracted properly, as there are less files extracted than expected. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_receiver_directory"
		rm -rf $tmp_receiver_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Checking the integrity of the encrypted file."
	sigcheck_output=$(openssl dgst -sha256 -verify $sender_pubkey -signature $tmp_receiver_directory/$encrypted_filename_signature $tmp_receiver_directory/$encrypted_filename)
	
	if [[ $sigcheck_output = "Verified OK" ]]; then
		echo -e "[+] Integrity check SUCCESSFUL.\n"
	else
		echo -e "\n[-] ERROR  ::: Signature verification FAILED. The file might have been tampered with. Exiting..." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_receiver_directory\n"
		rm -rf $tmp_receiver_directory
		exit
	fi

	echo -e "[*] Generating shared secret key for the receiver"
	echo -e "[*] The shared secret key for the receiver will be stored at $tmp_receiver_directory as sharedsecret_receiver.key"
	sharedsecret_receiver_outfile=$tmp_receiver_directory/sharedsecret_receiver.key
	openssl pkeyutl -derive -inkey $receiver_pvtkey -peerkey $sender_pubkey -out $sharedsecret_receiver_outfile
	
	if ! [[ -f $sharedsecret_receiver_outfile ]]; then
		echo -e "\n[-] ERROR  ::: The shared secret key for the receiver was not created." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_receiver_directory"
		rm -rf $tmp_receiver_directory
		exit
	else
		echo -e "[+] DONE\n"
	fi

	echo -e "[*] Trying to decrypt the encrypted random symmetric session key required to retrieve the encrypted file"
	
	randomsymmetricsessionkey_decrypted_status=0
	
	openssl enc -aes-256-cbc -pbkdf2 -d -in $tmp_receiver_directory/$randomsymmetricsession_key_encrypted_for_receiver1 -out $tmp_receiver_directory/decryptedrandomsymmetricsession.key.1 -pass file:$sharedsecret_receiver_outfile 2> /dev/null
	decryptedrandomsymmetricsessionkey_filecheck=$(file $tmp_receiver_directory/decryptedrandomsymmetricsession.key.1 | awk -F ':' {'print $2'})
	if [[ $decryptedrandomsymmetricsessionkey_filecheck = " ASCII text" ]]; then
		randomsymmetricsessionkey_decrypted_status=1
		decrypted_randomsymmetricsessionkey_filepath=$tmp_receiver_directory/decryptedrandomsymmetricsession.key.1
	fi

	openssl enc -aes-256-cbc -pbkdf2 -d -in $tmp_receiver_directory/$randomsymmetricsession_key_encrypted_for_receiver2 -out $tmp_receiver_directory/decryptedrandomsymmetricsession.key.2 -pass file:$sharedsecret_receiver_outfile 2> /dev/null
	decryptedrandomsymmetricsessionkey_filecheck=$(file $tmp_receiver_directory/decryptedrandomsymmetricsession.key.2 | awk -F ':' {'print $2'})
	if [[ $decryptedrandomsymmetricsessionkey_filecheck = " ASCII text" ]]; then
		randomsymmetricsessionkey_decrypted_status=1
		decrypted_randomsymmetricsessionkey_filepath=$tmp_receiver_directory/decryptedrandomsymmetricsession.key.2
	fi

	openssl enc -aes-256-cbc -pbkdf2 -d -in $tmp_receiver_directory/$randomsymmetricsession_key_encrypted_for_receiver3 -out $tmp_receiver_directory/decryptedrandomsymmetricsession.key.3 -pass file:$sharedsecret_receiver_outfile 2> /dev/null
	decryptedrandomsymmetricsessionkey_filecheck=$(file $tmp_receiver_directory/decryptedrandomsymmetricsession.key.3 | awk -F ':' {'print $2'})
	if [[ $decryptedrandomsymmetricsessionkey_filecheck = " ASCII text" ]]; then
		randomsymmetricsessionkey_decrypted_status=1
		decrypted_randomsymmetricsessionkey_filepath=$tmp_receiver_directory/decryptedrandomsymmetricsession.key.3
	fi

	if [[ $randomsymmetricsessionkey_decrypted_status = 0 ]]; then
		echo -e "\n[-] ERROR  ::: Digital Envelope Decryption failed. Private key provided cannot access any envelope." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_receiver_directory"
		rm -rf $tmp_receiver_directory
		exit
	else
		echo -e "[+] The random symmetric session key was SUCCESSFULLY decrypted."
		echo -e "[+] It is present here - $decrypted_randomsymmetricsessionkey_filepath\n"
	fi

	echo -e "[*] Decrypting the file ($tmp_receiver_directory/$encrypted_filename)"
	echo -e "[*] The decrypted file will be here - $decrypted_plaintext_file"
	openssl enc -aes-256-cbc -pbkdf2 -d -in $tmp_receiver_directory/$encrypted_filename -out $decrypted_plaintext_file -pass file:$decrypted_randomsymmetricsessionkey_filepath

	if ! [[ -f $decrypted_plaintext_file ]]; then
		echo -e "\n[-] ERROR  ::: The encrypted file was not decrypted. Please try again." > /dev/stderr
		echo -e "[-] Deleting all the intermediate files stored at $tmp_receiver_directory"
		rm -rf $tmp_receiver_directory
		exit
	else
		echo -e "[+] The file was SUCCESSFULLY decrypted, place at $decrypted_plaintext_file"
		echo -e "[*] Deleting all the intermediate files stored at $tmp_receiver_directory"
		rm -rf $tmp_receiver_directory
	fi
}

if [[ $1 == '-sender' ]]; then
	apps_installed_check
	arg_check $0 $1 $2 $3 $4 $5 $6 $7
	input_files_check $0 $1 $2 $3 $4 $5 $6 $7
	sender_operations $0 $1 $2 $3 $4 $5 $6 $7
elif [[ $1 == '-receiver' ]]; then
	apps_installed_check
	arg_check $0 $1 $2 $3 $4 $5
	input_files_check $0 $1 $2 $3 $4 $5
	receiver_operations $0 $1 $2 $3 $4 $5
elif [[ $1 == '-h' ]] || [[ $1 == '--help' ]]; then
	echo -e "Usage: $1 -sender [RECEIVER #1 PUBLIC KEY] [RECEIVER #2 PUBLIC KEY] [RECEIVER #3 PUBLIC KEY] [SENDER'S PRIVATE KEY] [PLAINTEXT FILE] [ZIPFILE OUTPUT PATH INTENDED FOR RECEIVERS]"
	echo -e "Usage: $1 -receiver [RECEIVER'S PRIVATE KEY] [SENDER'S PUBLIC KEY] [ZIPFILE PATH INTENDED FOR THE RECEIVER] [DECRYPTED PLAINTEXT FILE PATH]"
else
	echo -e "[-] ERROR  ::: Invalid operating mode. Please check the script's usage and try again.\n" > /dev/stderr
	exit
fi