nanch
provide a simple command to help users securely email themselves their encryption password
It would be nice to be able to use curl/mail from the command-line to securely email yourself an attachment of your private encryption key for safe-keeping.
A 1-liner without installing anything would be optimal.
Anyone know how to do this?
The intent of this feature is to prevent cases where a user loses their private key and is unable to restore.
I'm thinking of having a client-side-javascript browser implementation where the user encrypts their encryption password with a memorable unique key (e.g. birthdate+phonenumber+salt) and it gets emailed to themselves.
As of right now, this is a working prototype. A problem I see is that it's hard to upload from the terminal without a script to read the encoded-encrypted key and put it as a curl parameter. It'd be better to post it as a file, but the email address also has to be included, and you can't use --data-urlencode and -F options together.
To send yourself your encrypted key, use:
openssl enc -aes-256-cbc -salt -in encryption.key -out encryption.key.enc -pass pass:PASSPHRASE
openssl base64 -in encryption.key.enc -out encryption.key.enc.b64
curl https://tarbackup.com/api/v1/email -u username:password --data-urlencode "[email protected]" --data-urlencode "enckey=base64_encrypted_key"
To decrypt, the process is:
(get encoded-encrypted-key from email attachment or copy text from email)
# openssl base64 -d -in encryption.key.enc.b64.txt -out encryption.key.enc.txt
# openssl enc -d -aes-256-cbc -in encryption.key.enc.txt -out encryption.key -pass pass:XXXX
# sftp [email protected]
> wget backup.tgz.enc
# openssl enc -d -aes-256-cbc -in backup.tgz.enc -out backup.tgz -pass file:encryption.key
I updated the server-side to receive posts via the -F curl option.
So send yourself your private encryption key via email:
# curl https://tarbackup.com/api/v1/email -u username:password -F "[email protected]" -F "[email protected]"