diff options
Diffstat (limited to 'bin/crypt')
| -rwxr-xr-x | bin/crypt | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/bin/crypt b/bin/crypt new file mode 100755 index 0000000..64afc42 --- /dev/null +++ b/bin/crypt @@ -0,0 +1,45 @@ +#!/bin/sh + +crypt_usage='Usage: crypt [-d] [-o output] [input] + +Encrypt or decrypt input (stdin) to ouput (stdout), using ssh rsa key. + +Options: + -d action is decrypt (default: encrypt) + -o output set ouput (default: stdout)' + +# Encrypt stdin to stdout. +encrypt() { + set -- "$(openssl rand -hex 32)" + + echo "$1" | openssl pkeyutl -encrypt -pubin -inkey /dev/fd/3 3<<- EOF + $(ssh-keygen -e -f ~/.ssh/id_rsa.pub -m PKCS8) + EOF + + openssl aes-256-cbc -pbkdf2 -pass file:/dev/fd/3 3<<- EOF + $1 + EOF +} + +# Decrypt stdin to stdout. +decrypt() { + openssl aes-256-cbc -d -pbkdf2 -pass file:/dev/fd/3 3<<- EOF + $(dd ibs=256 count=1 iflag=direct status=none | + openssl pkeyutl -decrypt -inkey ~/.ssh/id_rsa) + EOF +} + +# Execute main only if not sourced. +if [ "${0##*/}" = "crypt" ]; then + cmd=encrypt + while getopts :do: opt; do + case $opt in + d) cmd=decrypt ;; + o) exec 1>"$OPTARG" ;; + *) echo "$crypt_usage" >&2; exit 1 ;; + esac + done + shift $((OPTIND - 1)) + [ "$1" ] && exec 0<"$1" + "$cmd" +fi |