Comments (16)
In case someone is still interested, I worte a small up-to-date bash snippet to encrypt a string using gpg and send it to yopass:
requirements: gnupg2, jq
message="top secret message"
password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20 );
echo $password > pass.txt
# encrypt message with pass.txt and replace newlines with "\n"
message=$(echo $message | gpg -a --batch --passphrase-file pass.txt -c --cipher-algo AES256 | sed ':a;N;$!ba;s/\n/\\n/g' );
payload=$(cat << EOF
{
"message": "${message}",
"expiration": 604800 ,
"one_time": true
}
EOF
)
secret_id=$(curl -s -XPOST https://api.yopass.se/secret -H 'Content-Type: application/json' -d "${payload}" | jq -r .message)
echo https://yopass.se/#/s/$secret_id/$password
from yopass.
Here a Powershell (v5.1) version. It requires to install GnuPG
$message = "top secret message"
$gpgExe = "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
$yopassUri = "https://yopass.se"
$yopassApi = "https://api.yopass.se/secret"
# Generate a 20 char alphanumeric random password
$password = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 20 | ForEach-Object {[char]$_})
# encrypt message with password and replace newlines with "\n"
$message = ($message | & $gpgExe -a --batch --passphrase $password -c --cipher-algo AES256) -join "\n"
# Create json body
$payload = "{ `"message`": `"$message`", `"expiration`": 604800, `"one_time`": true }"
# Call YoPass and get the resulting secret_id
$secret_id = (Invoke-RestMethod -Method "POST" -Uri $yopassApi -Body $payload -ContentType 'application/json').message
Write-host "$yopassUri/#/s/$secret_id/$password"
from yopass.
Hi.
We have created a simple shell and node script to automate calls to Whisper encryption API through CLI.
If someone needs it, we can share the code.
Best regards.
from yopass.
@sergeevabc I've fixed the script with correct api url and now works like a charm with public yopass (my local yopass works using the same base url for both, api and user access).
Regarding the encrypted message, I found the same issue back in the day: no way of create a valid AES-256 encryption without gpg.exe (it adds a lot of additional stuff which is very unclear for me where it comes from)
from yopass.
Hi,
Glad to hear that you're using yopass!
You're right that the earlier version had curl examples on how to post the secret.
The later version does client-side encryption so the secret needs to be encrypted beforehand and that's why I removed the example.
It would be easy to create a CLI in node to do the encryption and uploading to yopass but I haven't had the need.
from yopass.
Hi @macedogm,
this would be great! 👍
from yopass.
Hi @passw0rd123 .
Here is the code https://github.com/macedogm/whisper-cli-automation .
Fell free to improve it, it is just a quick hack for a simple need.
Best regards.
from yopass.
In case folks try to get bahho's version working on a mac (note curl doesn't support OAuth, so if your site uses Google auth, it will complain about no javascript support - look at headless chrome or macedogm idea above that uses node):
message="top secret message"
#password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20 );
#macos compatible:
password=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w20 | head -n1)
echo $password > pass.txt
# encrypt message with pass.txt and replace newlines with "\n"
#message=$(echo $message | gpg -a --batch --passphrase-file pass.txt -c --cipher-algo AES256 | sed ':a;N;$!ba;s/\n/\\n/g' );
#macos compatible
message=$(echo $message | gpg -a --batch --passphrase-file pass.txt -c --cipher-algo AES256 | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g');
payload=$(cat << EOF
{
"message": "${message}",
"expiration": 604800 ,
"one_time": true
}
EOF
)
secret_id=$(curl -s -L -XPOST https://whisper.pp.dropbox.com/secret -H 'Content-Type: application/json' -d "${payload}" | jq -r .message)
echo https://whisper.pp.dropbox.com/#/s/$secret_id/$password
from yopass.
I need to encrypt the text locally in java before sending that to yopass, can anyone help with the java code for this ?
from yopass.
@MBerdasco, your script returns 'Page Not Found' error, alas.
from yopass.
@sergeevabc it is strange, in my local server is still working, but certainly no way on the public one. Do still work the scripts from @dbxclathrope and @bahho? Perhaps there was a new version on public server which broke this?
from yopass.
@MBerdasco, I am able to communicate with the server by changing the endpoint address a bit, but cannot grasp how to create an encrypted message without third-party tools (i.e. by means of PowerShell) that the server would accept.
$ busybox.exe echo -n "hello" | gpg.exe -a --batch --passphrase bDSERrM1IioAyZc7da5l -c --cipher-algo AES256 | busybox.exe sed ":a;N;$!ba;s/\n/\\n/g"
-----BEGIN PGP MESSAGE-----\n\njA0ECQMI+Gw1aXnda1S30joB25REBvKHCQdk2ms77+dd3nfXphDefCCCxCGo1Dgk\nQYb/J6Nr+ceu1VkWLPYyc2K8lLN4Ty9/QFUs\n=q7n6\n-----END PGP MESSAGE-----
$ type secret.json
{
"message": "-----BEGIN PGP MESSAGE-----\n\njA0ECQMI+Gw1aXnda1S30joB25REBvKHCQdk2ms77+dd3nfXphDefCCCxCGo1Dgk\nQYb/J6Nr+ceu1VkWLPYyc2K8lLN4Ty9/QFUs\n=q7n6\n-----END PGP MESSAGE-----",
"one_time": false,
"expiration": 604800
}
$ curl -X POST https://api.yopass.se/secret -H "Content-Type: application/json" -d @secret.json
{"message":"e9268686-92e1-4a11-ae56-f139f3ba8384"}
---
https://yopass.se/#/s/e9268686-92e1-4a11-ae56-f139f3ba8384/bDSERrM1IioAyZc7da5l
hello
For example, there is Invoke-AESEncryption.ps1, a succinct function to encrypt using AES-256 CBC.
$message = Invoke-AESEncryption -Mode Encrypt -Key "bDSERrM1IioAyZc7da5l" -Text "hello"
Write-Host $message
JAc0M8pjihrrctNo0+xbk3khw4heT9Q8eCQ3YteA4X8=
If I now send this line to the server, it will generate a link, but it cannot be opened with the specified password.
from yopass.
Hello everyone,
I would like to implement this locally as well. However, I am having trouble with $secret_id. Do I need to configure something within the container for this? Might I need a LABEL or an Environment variable? And should I still initialize the API variable in this way: "$yopassApi = "https://api.myserver/secret"?
Thank you in advance for the support.
from yopass.
@Hagbart84 as far as I remember I did not configure nothing special on the container, Do you have response from your local when you try to access with browser?
Regarding $yopassApi, In my local has the same value than $yopassUri and works perfectly:
$yopassUri = "https://myyopass.mydomain"
$yopassApi = "https://myyopass.mydomain"
Not sure yet why this is different in public yopass (maybe my local is an older version). Anyway, I would try both approaches to see what is the right one for your case.
from yopass.
I need to encrypt the text locally in java before sending that to yopass, can anyone help with the java code for this ?
Re: Java implementation, using PGPainless worked for me:
private String encryptMessage(String message, String passphrase)
throws IOException, PGPException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
ByteArrayOutputStream encryptedMessageOutputStream = new ByteArrayOutputStream();
EncryptionStream encryptionStream =
PGPainless.encryptAndOrSign()
.onOutputStream(encryptedMessageOutputStream)
.withOptions(
ProducerOptions.encrypt(
EncryptionOptions.encryptCommunications()
.addPassphrase(Passphrase.fromPassword(passphrase))));
encryptionStream.write(message.getBytes());
encryptionStream.close();
return encryptedMessageOutputStream.toString(java.nio.charset.StandardCharsets.UTF_8.name());
}
from yopass.
Thanks @bahho for the command lines.
Here's my first try using Ansible (I haven't found a native way of using PGP).
---
- name: Encrypt a password using Yopass
hosts: localhost
gather_facts: false
become: false
vars:
yopass_url: https://yopass.your.domain
expiration: "1h" # 1h, 2d, 3w, etc.
tasks:
- name: Create a temporary directory
ansible.builtin.tempfile:
state: directory
suffix: yopass
register: temp_dir
- name: Write password to a file
ansible.builtin.copy:
content: "{{ lookup('community.general.random_string', length=16, min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
dest: "{{ temp_dir.path }}/password.txt"
- name: Write decryption key to a file
ansible.builtin.copy:
content: "{{ lookup('community.general.random_string', length=8, min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}\n"
dest: "{{ temp_dir.path }}/decryption_key.txt"
- name: Encrypt password using GPG
ansible.builtin.shell:
cmd: cat {{ temp_dir.path }}/password.txt | gpg -a --batch --passphrase-file {{ temp_dir.path }}/decryption_key.txt -c --cipher-algo AES256 | sed ':a;N;$!ba;s/\n/\\n/g'
register: encrypted_password
- name: Write JSON body to a file
ansible.builtin.copy:
content: '{ "expiration": {{ expiration | community.general.to_seconds | int }}, "message": "{{ encrypted_password.stdout }}", "one_time": true }'
dest: "{{ temp_dir.path }}/message.json"
- name: Generate encrypted message
ansible.builtin.uri:
url: '{{ yopass_url }}/secret'
method: POST
validate_certs: true
body_format: json
body: "{{ lookup('ansible.builtin.file', temp_dir.path + '/message.json') }}"
status_code: 200
return_content: true
register: response
- name: Display URL
ansible.builtin.debug:
msg:
- "Password URL : {{ yopass_url }}/#/s/{{ (response.content | from_json).message }}"
- "Decryption key : {{ lookup('ansible.builtin.file', temp_dir.path + '/decryption_key.txt') }}"
- name: Remove temporary directory
ansible.builtin.file:
path: "{{ temp_dir.path }}"
state: absent
from yopass.
Related Issues (20)
- Redame mentions donations
- Terraform Module to Deploy Yopass on AWS
- Environment Variables - render.com HOT 1
- yopass.se displaying "translations" before every text block HOT 3
- [bug]: Not getting redirected to homepage when clicking on logo HOT 1
- Yopass self-hosted with cloudflared
- yopass-server CSP for `font-src` needs to have `data:`
- Feature request: Add logging for http request headers
- Feature request: Add copy buttons with descriptive instructions for recipients
- Ready translation into Russian
- Add documentation for configuring via ENV Vars
- Feature Request: Letter highlighting
- Feature Request: CAPTCHA i'm not a robot
- Show a confirmation dialog before revealing the secret message in a one-click link
- Feature Request: Manage Secrets
- Bug - Found a bug in one-time feature HOT 1
- Feature Request: Disable decryption key HOT 1
- Feature Request: enable an API that could be called with curl instead of CLI
- Add support for custom validation time to extend one week
- Integrating yopass with MariaDB HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yopass.