-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathcrypttool
executable file
·141 lines (123 loc) · 4.3 KB
/
crypttool
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/bash
__crypttool_editor=${EDITOR:-vim}
__crypttool_verbose=0
__crypttool_command=''
__crypttool_varsfile=''
__crypttool_password=''
__crypttool_password_file=''
__crypttool_decrypted_file=''
__crypttool_encrypted_file=''
_usage() {
echo "usage: $0 [args] command varsfile"
echo
echo "commands:"
echo " cat cat the decrypted contents of the varsfile"
echo " create create a new encrypted vars file"
echo " edit edit the varsfile (opens with ${EDITOR})"
echo " decrypt decrypt the varsfile"
echo " encrypt encrypt the varsfile"
echo
echo "args:"
echo " -p [password] (en|de)cryption password"
echo " -k [passfile] (en|de)cryption password file"
echo " -v verbose"
echo " -h help"
echo
}
_verbose() {
[ $__crypttool_verbose -eq 1 ] && echo ${1}
}
_error() {
echo "ERROR: ${1}"
exit 1
}
_clean() {
_verbose "Removing temporary files"
if ! [ -z "${__crypttool_decrypted_file}" ]; then
[ -f "${__crypttool_decrypted_file}" ] && rm $__crypttool_decrypted_file
fi
if ! [ -z "${__crypttool_encrypted_file}" ]; then
[ -f "${__crypttool_encrypted_file}" ] && rm $__crypttool_encrypted_file
fi
}
_decrypt() {
local varsfile=${1:-$__crypttool_varsfile}
_verbose "Decrypting file ${varsfile}"
__crypttool_decrypted_file=$(mktemp -t crypttool.XXXXXX)
openssl aes-256-cbc -d -salt -in ${varsfile} -out ${__crypttool_decrypted_file} -k ${__crypttool_password}
[ $? -eq 0 ] || _error "Unable to decrypt password vars file ${varsfile}"
}
_encrypt() {
local varsfile=${1:-$__crypttool_varsfile}
_verbose "Encrypting file ${varsfile}"
__crypttool_encrypted_file=$(mktemp -t crypttool.XXXXXX)
echo "${__crypttool_password}" | openssl aes-256-cbc -salt -in ${varsfile} -out ${__crypttool_encrypted_file} -pass stdin
[ $? -eq 0 ] || _error "Unable to encrypt password vars file ${varsfile}"
}
_edit() {
_decrypt
$__crypttool_editor $__crypttool_decrypted_file
read -p "Commit and encrypt the changes (y/n)? "
if [[ $REPLY == 'y' ]]; then
_encrypt $__crypttool_decrypted_file
mv $__crypttool_encrypted_file $__crypttool_varsfile
[ -f ${__crypttool_decrypted_file} ] && rm ${__crypttool_decrypted_file}
fi
}
_cat() {
_decrypt
cat $__crypttool_decrypted_file
rm $__crypttool_decrypted_file
}
_create() {
local varsfile=${1:-$__crypttool_varsfile}
__crypttool_decrypted_file=$(mktemp -t crypttool.XXXXXX)
$__crypttool_editor ${__crypttool_decrypted_file}
read -p "Commit and encrypt the changes (y/n)? "
if [[ $REPLY == 'y' ]]; then
_encrypt $__crypttool_decrypted_file
mv $__crypttool_encrypted_file ${__crypttool_varsfile//.enc/}.enc
[ -f ${__crypttool_decrypted_file} ] && rm ${__crypttool_decrypted_file}
fi
}
_main() {
[ -z "$1" ] && { _usage; exit 1; }
while [ ! -z "$1" ]; do
case "$1" in
-p) shift; __crypttool_password=${1};;
-k) shift; __crypttool_password_file=${1};;
-v) __crypttool_verbose=1;;
-h|--help) _usage; exit;;
*) __crypttool_command=${1};
shift; __crypttool_varsfile=${1};;
esac
shift
done
if [ ! -z "${__crypttool_password_file}" ]; then
[ -r ${__crypttool_password_file} ] || _error "Cannot read password file '${__crypttool_password_file}'"
__crypttool_password=$(head -n1 ${__crypttool_password_file})
fi
[ -z "${__crypttool_password}" ] && _error "must specify a password"
[ -z "${__crypttool_varsfile}" ] && _error "must specify a varsfile"
if [[ ${__crypttool_command} != "create" ]]; then
[ -r "${__crypttool_varsfile}" ] || _error "cannot read varsfile ${__crypttool_varsfile}"
fi
case "${__crypttool_command}" in
cat) _cat;;
create) _create;;
edit) _edit;;
decrypt) _decrypt
mv ${__crypttool_decrypted_file} ${__crypttool_varsfile//.enc/}
echo "Decrypted file to ${__crypttool_varsfile//.enc/}";;
encrypt) _encrypt
mv ${__crypttool_encrypted_file} ${__crypttool_varsfile//.unenc/}.enc
echo "Encrypted file to ${__crypttool_varsfile//.unenc/}.enc";;
*) _error "Invalid command: ${__crypttool_command}";;
esac
_clean
return 0
}
# test if script is being called or sourced
if [[ $(basename ${0//-/}) == "crypttool" ]]; then
_main "$@"
fi