-
-
Save akhiljalagam/42cbbc40fe4ae85a72d64c4fd5848403 to your computer and use it in GitHub Desktop.
Some easy bash scripts to encrypt/decrypt data, for anyone who wants to go all cloak&dagger. (bitcoin private keys, etc.)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Encryption functions. Requires the GNUpg "gpg" commandline tool. On OS X, "brew install gnupg" | |
| # Explanation of options here: | |
| # --symmetric - Don't public-key encrypt, just symmetrically encrypt in-place with a passphrase. | |
| # -z 9 - Compression level | |
| # --require-secmem - Require use of secured memory for operations. Bails otherwise. | |
| # cipher-algo, s2k-cipher-algo - The algorithm used for the secret key | |
| # digest-algo - The algorithm used to mangle the secret key | |
| # s2k-mode 3 - Enables multiple rounds of mangling to thwart brute-force attacks | |
| # s2k-count 65000000 - Mangles the passphrase this number of times. Takes over a second on modern hardware. | |
| # compress-algo BZIP2- Uses a high quality compression algorithm before encryption. BZIP2 is good but not compatible with PGP proper, FYI. | |
| encrypt() { | |
| gpg --symmetric -z 9 --require-secmem --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 $@ | |
| } | |
| # note: will decrypt to STDOUT by default, for security reasons. remove "-d" or pipe to file to write to disk | |
| decrypt() { | |
| gpg -d $@ | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment