API use and documentation about yopass HOT 16 CLOSED

In case someone is still interested, I worte a small up-to-date bash snippet to encrypt a string using gpg and send it to yopass:

requirements: gnupg2, jq

message="top secret message"
password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20 );
echo $password > pass.txt

# encrypt message with pass.txt and replace newlines with "\n"
message=$(echo $message | gpg -a --batch --passphrase-file pass.txt -c  --cipher-algo AES256 | sed ':a;N;$!ba;s/\n/\\n/g' );

payload=$(cat << EOF
{
  "message": "${message}",
  "expiration": 604800 ,
  "one_time": true
}
EOF
)

secret_id=$(curl -s -XPOST  https://api.yopass.se/secret -H 'Content-Type: application/json' -d "${payload}" |  jq -r .message)

echo https://yopass.se/#/s/$secret_id/$password

from yopass.

Here a Powershell (v5.1) version. It requires to install GnuPG

$message = "top secret message"
$gpgExe = "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
$yopassUri = "https://yopass.se"
$yopassApi = "https://api.yopass.se/secret"

# Generate a 20 char alphanumeric random password
$password = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 20 | ForEach-Object {[char]$_})

# encrypt message with password and replace newlines with "\n"
$message = ($message | & $gpgExe -a --batch --passphrase $password -c --cipher-algo AES256) -join "\n"

# Create json body
$payload = "{ `"message`": `"$message`", `"expiration`": 604800, `"one_time`": true }"

# Call YoPass and get the resulting secret_id
$secret_id = (Invoke-RestMethod -Method "POST" -Uri $yopassApi -Body $payload -ContentType 'application/json').message

Write-host "$yopassUri/#/s/$secret_id/$password"

from yopass.

Hi.
We have created a simple shell and node script to automate calls to Whisper encryption API through CLI.
If someone needs it, we can share the code.
Best regards.

from yopass.

@sergeevabc I've fixed the script with correct api url and now works like a charm with public yopass (my local yopass works using the same base url for both, api and user access).

Regarding the encrypted message, I found the same issue back in the day: no way of create a valid AES-256 encryption without gpg.exe (it adds a lot of additional stuff which is very unclear for me where it comes from)

from yopass.

Hi,
Glad to hear that you're using yopass!
You're right that the earlier version had curl examples on how to post the secret.
The later version does client-side encryption so the secret needs to be encrypted beforehand and that's why I removed the example.
It would be easy to create a CLI in node to do the encryption and uploading to yopass but I haven't had the need.

from yopass.

Hi @macedogm,
this would be great! 👍

from yopass.

Hi @passw0rd123 .
Here is the code https://github.com/macedogm/whisper-cli-automation .
Fell free to improve it, it is just a quick hack for a simple need.
Best regards.

from yopass.

In case folks try to get bahho's version working on a mac (note curl doesn't support OAuth, so if your site uses Google auth, it will complain about no javascript support - look at headless chrome or macedogm idea above that uses node):

message="top secret message"
#password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20 );

#macos compatible:
password=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
echo $password > pass.txt

# encrypt message with pass.txt and replace newlines with "\n"
#message=$(echo $message | gpg -a --batch --passphrase-file pass.txt -c  --cipher-algo AES256 | sed ':a;N;$!ba;s/\n/\\n/g' );

#macos compatible
message=$(echo $message | gpg -a --batch --passphrase-file pass.txt -c  --cipher-algo AES256 | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g');

payload=$(cat << EOF
{
  "message": "${message}",
  "expiration": 604800 ,
  "one_time": true
}
EOF
)

secret_id=$(curl -s -L -XPOST  https://whisper.pp.dropbox.com/secret -H 'Content-Type: application/json' -d "${payload}" |  jq -r .message)

echo https://whisper.pp.dropbox.com/#/s/$secret_id/$password

from yopass.

I need to encrypt the text locally in java before sending that to yopass, can anyone help with the java code for this ?

from yopass.

@MBerdasco, your script returns 'Page Not Found' error, alas.

from yopass.

@sergeevabc it is strange, in my local server is still working, but certainly no way on the public one. Do still work the scripts from @dbxclathrope and @bahho? Perhaps there was a new version on public server which broke this?

from yopass.

@MBerdasco, I am able to communicate with the server by changing the endpoint address a bit, but cannot grasp how to create an encrypted message without third-party tools (i.e. by means of PowerShell) that the server would accept.

$ busybox.exe echo -n "hello" | gpg.exe -a --batch --passphrase bDSERrM1IioAyZc7da5l -c --cipher-algo AES256 | busybox.exe sed ":a;N;$!ba;s/\n/\\n/g"
-----BEGIN PGP MESSAGE-----\n\njA0ECQMI+Gw1aXnda1S30joB25REBvKHCQdk2ms77+dd3nfXphDefCCCxCGo1Dgk\nQYb/J6Nr+ceu1VkWLPYyc2K8lLN4Ty9/QFUs\n=q7n6\n-----END PGP MESSAGE-----

$ type secret.json
{
  "message": "-----BEGIN PGP MESSAGE-----\n\njA0ECQMI+Gw1aXnda1S30joB25REBvKHCQdk2ms77+dd3nfXphDefCCCxCGo1Dgk\nQYb/J6Nr+ceu1VkWLPYyc2K8lLN4Ty9/QFUs\n=q7n6\n-----END PGP MESSAGE-----",
  "one_time": false,
  "expiration": 604800
}

$ curl -X POST https://api.yopass.se/secret -H "Content-Type: application/json" -d @secret.json
{"message":"e9268686-92e1-4a11-ae56-f139f3ba8384"}

---

https://yopass.se/#/s/e9268686-92e1-4a11-ae56-f139f3ba8384/bDSERrM1IioAyZc7da5l

hello

For example, there is Invoke-AESEncryption.ps1, a succinct function to encrypt using AES-256 CBC.

$message = Invoke-AESEncryption -Mode Encrypt -Key "bDSERrM1IioAyZc7da5l" -Text "hello"
Write-Host $message

JAc0M8pjihrrctNo0+xbk3khw4heT9Q8eCQ3YteA4X8=

If I now send this line to the server, it will generate a link, but it cannot be opened with the specified password.

from yopass.

Hello everyone,

I would like to implement this locally as well. However, I am having trouble with $secret_id. Do I need to configure something within the container for this? Might I need a LABEL or an Environment variable? And should I still initialize the API variable in this way: "$yopassApi = "https://api.myserver/secret"?

Thank you in advance for the support.

from yopass.

@Hagbart84 as far as I remember I did not configure nothing special on the container, Do you have response from your local when you try to access with browser?

Regarding $yopassApi, In my local has the same value than $yopassUri and works perfectly:

$yopassUri = "https://myyopass.mydomain"
$yopassApi = "https://myyopass.mydomain"

Not sure yet why this is different in public yopass (maybe my local is an older version). Anyway, I would try both approaches to see what is the right one for your case.

from yopass.

I need to encrypt the text locally in java before sending that to yopass, can anyone help with the java code for this ?

Re: Java implementation, using PGPainless worked for me:

  private String encryptMessage(String message, String passphrase)
      throws IOException, PGPException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    ByteArrayOutputStream encryptedMessageOutputStream = new ByteArrayOutputStream();

    EncryptionStream encryptionStream =
        PGPainless.encryptAndOrSign()
            .onOutputStream(encryptedMessageOutputStream)
            .withOptions(
                ProducerOptions.encrypt(
                    EncryptionOptions.encryptCommunications()
                        .addPassphrase(Passphrase.fromPassword(passphrase))));

    encryptionStream.write(message.getBytes());
    encryptionStream.close();

    return encryptedMessageOutputStream.toString(java.nio.charset.StandardCharsets.UTF_8.name());
  }

from yopass.

Thanks @bahho for the command lines.

Here's my first try using Ansible (I haven't found a native way of using PGP).

---

- name: Encrypt a password using Yopass
  hosts: localhost
  gather_facts: false
  become: false
  vars:
    yopass_url: https://yopass.your.domain
    expiration: "1h"                           # 1h, 2d, 3w, etc.
  tasks:
    - name: Create a temporary directory
      ansible.builtin.tempfile:
        state: directory
        suffix: yopass
      register: temp_dir

    - name: Write password to a file
      ansible.builtin.copy:
        content: "{{ lookup('community.general.random_string', length=16, min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
        dest: "{{ temp_dir.path }}/password.txt"

    - name: Write decryption key to a file
      ansible.builtin.copy:
        content: "{{ lookup('community.general.random_string', length=8, min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}\n"
        dest: "{{ temp_dir.path }}/decryption_key.txt"

    - name: Encrypt password using GPG
      ansible.builtin.shell:
        cmd: cat {{ temp_dir.path }}/password.txt | gpg -a --batch --passphrase-file {{ temp_dir.path }}/decryption_key.txt -c  --cipher-algo AES256 | sed ':a;N;$!ba;s/\n/\\n/g'
      register: encrypted_password

    - name: Write JSON body to a file
      ansible.builtin.copy:
        content: '{ "expiration": {{ expiration | community.general.to_seconds | int }}, "message": "{{ encrypted_password.stdout }}", "one_time": true }'
        dest: "{{ temp_dir.path }}/message.json"

    - name: Generate encrypted message
      ansible.builtin.uri:
        url: '{{ yopass_url }}/secret'
        method: POST
        validate_certs: true
        body_format: json
        body: "{{ lookup('ansible.builtin.file', temp_dir.path + '/message.json') }}"
        status_code: 200
        return_content: true
      register: response

    - name: Display URL
      ansible.builtin.debug:
        msg:
          - "Password URL     : {{ yopass_url }}/#/s/{{ (response.content | from_json).message }}"
          - "Decryption key   : {{ lookup('ansible.builtin.file', temp_dir.path + '/decryption_key.txt') }}"

    - name: Remove temporary directory
      ansible.builtin.file:
        path: "{{ temp_dir.path }}"
        state: absent

from yopass.