#!/bin/bash

# Generate RSA key pairs for Alice, Bob, and Ken
echo "Generate keys"
openssl genrsa -out keys/alice_private.pem 2048
openssl rsa -in keys/alice_private.pem -pubout -out keys/alice_public.pem

openssl genrsa -out keys/bob_private.pem 2048
openssl rsa -in keys/bob_private.pem -pubout -out keys/bob_public.pem

openssl genrsa -out keys/ken_private.pem 2048
openssl rsa -in keys/ken_private.pem -pubout -out keys/ken_public.pem

# Create a simple message file
echo "Hello, Alice! This is a secure message from Bob." > msg/message.txt

echo "Signing"
# Bob signs the message
openssl dgst -sha256 -sign keys/bob_private.pem -out msg/message.sig msg/message.txt

echo "Encrypt"
# Generate a symmetric AES key
openssl rand -base64 32 > msg/symmetric.key

# Encrypt the message and the signature with the symmetric key
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in msg/message.txt -out enc/message_enc.txt -pass file:msg/symmetric.key
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in msg/message.sig -out enc/signature_enc.txt -pass file:msg/symmetric.key

# Encrypt the symmetric key with Alice's public RSA key
openssl rsautl -encrypt -inkey keys/alice_public.pem -pubin -in msg/symmetric.key -out enc/symmetric_enc.key

echo "Decrypt"
# Alice decrypts the symmetric key with her private RSA key
openssl rsautl -decrypt -inkey keys/alice_private.pem -in enc/symmetric_enc.key -out dec/symmetric_dec.key

# Alice decrypts the message and the signature with the symmetric key
openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -in enc/message_enc.txt -out dec/message_dec.txt -pass file:dec/symmetric_dec.key
openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -in enc/signature_enc.txt -out dec/signature_dec.sig -pass file:dec/symmetric_dec.key

echo "Verify"
# Alice verifies the signature from Bob
if openssl dgst -sha256 -verify keys/bob_public.pem -signature dec/signature_dec.sig dec/message_dec.txt; then
    echo "Signature verification successful: The message is from Bob."
else
    echo "Signature verification failed: The message is not from Bob."
fi

# Attempt to verify the message as if it came from Ken
if openssl dgst -sha256 -verify keys/ken_public.pem -signature dec/signature_dec.sig dec/message_dec.txt; then
    echo "Signature verification false positive: The message is from Ken."
else
    echo "Signature verification correctly failed: The message is not from Ken."
fi