diff options
| author | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2021-02-19 20:38:54 +0100 |
|---|---|---|
| committer | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2021-02-19 20:38:54 +0100 |
| commit | df041ddc05a59e81578012e99f05bfc8c67b9d14 (patch) | |
| tree | f0960c7430a1feadd678eaab3680c8650751c817 /auth2aes.sh | |
| download | auth2aes-master.tar.gz auth2aes-master.tar.bz2 auth2aes-master.zip | |
Diffstat (limited to 'auth2aes.sh')
| -rw-r--r-- | auth2aes.sh | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/auth2aes.sh b/auth2aes.sh new file mode 100644 index 0000000..ea087b0 --- /dev/null +++ b/auth2aes.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# auth2aes wraps "openssl enc" protect a file with a password +# with aes-256-cbc, with a pbkdf2-derived key. +# This file could be a ~/.bash_aliases or source'd from another script. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +# Copyright © 2021 Ludovic Pouzenc <ludovic@pouzenc.fr> + +alias auth2aes="_auth2aes e" +alias aes2auth="_auth2aes d" +_auth2aes() { + local aespass + local aespass2 + local res + local out + local status=0 + local iterations=XXX #TODO Choose a number > 800000 here, should be ~1 sec of CPU workload + local action="$1"; shift + + # Minimal "usage" / help if called without any args + if [[ $# -eq 0 || ( "e" != "$action" && "d" != "$action" ) ]]; then + echo "Usage: auth2aes <filepath-to-encrypt>..." >&2 + echo " aes2auth <filepath-to-decrypt>..." >&2 + return 1 + fi + # Interactive password input (2 times if encrypt) + read -sp "Please enter the password to derive the key from (undisplayed): " aespass + res=$?; echo + if [[ $res -ne 0 || -z "$aespass" ]]; then + echo "Wrong input" >&2 + return 2 + fi + if [ "e" == "$action" ]; then + read -sp "Please confirm by typing it again: " aespass2 + res=$?; echo + if [[ $res -ne 0 || "$aespass" != "$aespass2" ]]; then + echo "Wrong input" >&2 + return 3 + fi + fi + # for each command-line arg + while [ -n "$1" ]; do + # skip file if unreadable + if [ ! -r "$1" ]; then + echo "Unreadable file: '$1'" >&2 + status=$((status|4)) + shift; continue + fi + # Append or remove .aes output file extension according to $action + [ "e" == "$action" ] && out="$1.aes" || out="${1%.aes}" + + # Encode or decode verbosely + [ "d" == "$action" ] && echo "Decrypting '$1' => '$out'" + echo $aespass | openssl enc -$action -pass stdin -aes-256-cbc -pbkdf2 -iter $iterations -in "$1" -out "$out" + + if [ $? -eq 0 ]; then + [ "e" == "$action" ] && echo "File '$1' encrypted with aes-256-cbc pbkdf2 $iterations iterations => '$out'" + [ "d" == "$action" ] && echo "Success" + else + echo "failure with openssl enc -$action" >&2 + status=$((status|8)) + fi + shift + done + return $status +} |