Created
October 16, 2019 14:49
-
-
Save ascheel/ad6d69fdcaf6cf3bdca45ae635a4e41d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#H# This script reads and encrypts arbitrary text to individual files. | |
#H# It is set up to use a passphrase from a file or stdin as a prompt. | |
#H# | |
#H# Files are stored in $cryptodir by default. Due to limitations with gpg, | |
#H# this directory must NOT have any spaces in it if you are using a passphrase file. | |
#H# | |
#H# When supplying a keyword, the encrypted file will be created automatically | |
#H# if it does not already exist. | |
#H# | |
#H# Usage: crypto keyword [edit] | |
#H# crypto list | |
#H# crypto filename import | |
#H# This second will import the contents of a file, | |
#H# /path/of/filename.txt, and encrypt it to cryptodir/filename.txt.gpg | |
#H# and will thereafter be accessible using the keyword 'filename' | |
#H# | |
# Dependencies: pwgen (only if using a passphrase file) | |
# gnupg | |
# | |
cryptohelp () { | |
echo -e "List of ${0##*/} files:" | |
while read -r file; do | |
# Strip .gpg | |
file="${file%.*}" | |
# Strip .txt | |
file="${file%.*}" | |
# Strip path | |
file="${file##*/}" | |
# Display the file | |
echo -e "\t${file}" | |
done < <(ls -1 "${cryptodir}"/*.txt.gpg) | |
} | |
ver='1.0' | |
# Ensure this points to a RAMDRIVE mounted directory lest your data be compromised. | |
# To see a list of potentially usable ram drives, try this: mount | grep tmpfs | |
tmpdir="/run/shm" | |
usepassfile=0 | |
strictperms=1 | |
cryptodir="${HOME}/.crypto" | |
fileprefix=$1 | |
filecmd=$2 | |
tmpfile="${tmpdir}/tmp.${fileprefix}.txt" | |
passphrasefile="${cryptodir}/.crypto.passphrase.txt" | |
gpgfile="${cryptodir}/${fileprefix}.txt.gpg" | |
if [[ "${1}" = "-h" || "${1}" = "--help" || "${1}" = "help" || "${1}" = "" ]]; then | |
sed -n -e '/^\#H\#/s/^....//p' $0 | |
cryptohelp | |
exit 0 | |
fi | |
if [[ "${fileprefix}" == "list" || "${fileprefix}" == "" ]]; then | |
cryptohelp | |
exit 0 | |
fi | |
if [[ "${usepassfile}" = "1" ]]; then | |
passcmd="--batch --passphrase-file ${passphrasefile}" | |
else | |
echo -n "Enter passphrase: " | |
read -s thepass >/dev/null 2>&1 | |
echo "" | |
passcmd="--passphrase ${thepass}" | |
fi | |
gpgopts="--no-mdc-warning --quiet --no-use-agent ${passcmd}" | |
# Create dir to store everything | |
if [[ ! -d "${cryptodir}" ]]; then | |
mkdir "${cryptodir}" || exec echo -e "Error creating \"${cryptodir}\"" | |
fi | |
# If passphrase file does not exist and pwgen is not created | |
[[ ! -x "$(which pwgen)" && ! -r "${passphrasefile}" && "${usepassfile}" = "1" ]] && exec echo -e "'pwgen' not installed. Either install it or create a passphrase and store it in \"${passphrasefile}\"" | |
# No passphrase.txt? Create it! | |
if [[ ! -r "${passphrasefile}" && "${usepassfile}" = "1" ]]; then | |
pwgen 15 1 -s -y > "${passphrasefile}" | |
echo -e "New passphrase stored in \"${passphrasefile}\" ($(cat "${passphrasefile}"))" | |
echo -e "If you lose that file, all encrypted files will be irreversibly lost" | |
echo -e "Alternatively, you can supply your own password as the first line of \"${passphrasefile}\"" | |
exit 1 | |
fi | |
# Make sure perms are correct on all files | |
[[ -n "${strictperms}" ]] && chmod -R go-rwx "${cryptodir}" | |
# What are we doing? | |
if [[ "$2" == "edit" ]]; then | |
if [[ ! -r "${gpgfile}" ]]; then | |
# File doesn't exist, create a blank one. | |
echo -e "No encrypted file for \"${fileprefix}\". Creating one." | |
touch "${tmpfile}" || exec echo -e "Error creating new file \"${tmpfile}" | |
else | |
# File does exist. Decrypt it for editing. | |
gpg ${gpgopts} --output "${tmpfile}" "${gpgfile}" || exec echo -e "Problem decrypting with gpg." | |
fi | |
# Edit the file | |
vim "${tmpfile}" | |
# Kill the file | |
rm -f "${gpgfile}" | |
# Encrypt it again | |
cat "${tmpfile}" | gpg ${gpgopts} -c --output "${gpgfile}" | |
if [[ ! $? = 0 ]]; then | |
echo -e "Error encrypting file. No changes saved." | |
exit 100 | |
fi | |
# Delete the tmp file | |
rm -f "${tmpfile}" | |
elif [[ "$2" == "import" ]]; then | |
# Does file exist? | |
if [[ ! -r "${fileprefix}" ]]; then | |
echo -e "File ${fileprefix} is non-existant or unreadable." | |
exit 100 | |
fi | |
# Strip off the path | |
tmpvar="${fileprefix##*/}" | |
# Encrypt the file again. use of tmpvar is to strip off any extensions and path, leaving just the base name. | |
cat "${fileprefix}" | gpg ${gpgopts} -c --output "${cryptodir}/${tmpvar%.*}.txt.gpg" || exec echo -e "Failed to encrypt file." | |
# Get rid of the original | |
rm -f "${fileprefix}" | |
echo -e "File \"${fileprefix}\" imported to keyword \"${tmpvar%.*}\"." | |
else | |
if [[ ! -r "${gpgfile}" ]]; then | |
echo -e "No encrypted file for \"${fileprefix}\". Creating one." | |
echo -e "You got yourself a new file" | gpg ${gpgopts} -c --output "${gpgfile}" | |
fi | |
# We just want to see it at stdin. Remove | less if you want. | |
#gpg ${gpgopts} --output - "${gpgfile}" | less | |
gpg ${gpgopts} --decrypt "${gpgfile}" | less | |
echo -e "----------------------------------\nuse [edit] to modify your file.\n\tExample:\t${0##*/} ${fileprefix} edit" | |
fi | |
# Don't compromise security | |
[[ -n "${strictperms}" ]] && chmod -R go-rwx "${cryptodir}" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment