ascheel/crypto.sh

## crypto.sh
#!/bin/bash

#H# This script reads and encrypts arbitrary text to individual files.
#H# It is set up to use a passphrase from a file or stdin as a prompt.
#H#
#H# Files are stored in $cryptodir by default.  Due to limitations with gpg,
#H#  this directory must NOT have any spaces in it if you are using a passphrase file.
#H#
#H# When supplying a keyword, the encrypted file will be created automatically
#H#    if it does not already exist.
#H#
#H# Usage: crypto keyword [edit]
#H#        crypto list
#H#        crypto filename import
#H#                  This second will import the contents of a file,
#H#                  /path/of/filename.txt, and encrypt it to cryptodir/filename.txt.gpg
#H#                  and will thereafter be accessible using the keyword 'filename'
#H#
# Dependencies: pwgen (only if using a passphrase file)
#               gnupg
#

cryptohelp () {
	echo -e "List of ${0##*/} files:"
	while read -r file; do
		# Strip .gpg
		file="${file%.*}"

		# Strip .txt
		file="${file%.*}"

		# Strip path
		file="${file##*/}"

		# Display the file
		echo -e "\t${file}"
	done < <(ls -1 "${cryptodir}"/*.txt.gpg)
}

ver='1.0'

# Ensure this points to a RAMDRIVE mounted directory lest your data be compromised.
# To see a list of potentially usable ram drives, try this:  mount | grep tmpfs
tmpdir="/run/shm"

usepassfile=0
strictperms=1
cryptodir="${HOME}/.crypto"
fileprefix=$1
filecmd=$2
tmpfile="${tmpdir}/tmp.${fileprefix}.txt"
passphrasefile="${cryptodir}/.crypto.passphrase.txt"
gpgfile="${cryptodir}/${fileprefix}.txt.gpg"

if [[ "${1}" = "-h" || "${1}" = "--help" || "${1}" = "help" || "${1}" = "" ]]; then
	sed -n -e '/^\#H\#/s/^....//p' $0
	cryptohelp
	exit 0
fi

if [[ "${fileprefix}" == "list" || "${fileprefix}" == "" ]]; then
	cryptohelp
	exit 0
fi

if [[ "${usepassfile}" = "1" ]]; then
	passcmd="--batch --passphrase-file ${passphrasefile}"
else
	echo -n "Enter passphrase: "
	read -s thepass >/dev/null 2>&1
	echo ""
	passcmd="--passphrase ${thepass}"
fi
gpgopts="--no-mdc-warning --quiet --no-use-agent ${passcmd}"

# Create dir to store everything
if [[ ! -d "${cryptodir}" ]]; then
	mkdir "${cryptodir}" || exec echo -e "Error creating \"${cryptodir}\""
fi

# If passphrase file does not exist and pwgen is not created
[[ ! -x "$(which pwgen)" && ! -r "${passphrasefile}" && "${usepassfile}" = "1" ]] && exec echo -e "'pwgen' not installed.  Either install it or create a passphrase and store it in \"${passphrasefile}\""

# No passphrase.txt?  Create it!
if [[ ! -r "${passphrasefile}" && "${usepassfile}" = "1" ]]; then
	pwgen 15 1 -s -y > "${passphrasefile}"
	echo -e "New passphrase stored in \"${passphrasefile}\" ($(cat "${passphrasefile}"))"
	echo -e "If you lose that file, all encrypted files will be irreversibly lost"
	echo -e "Alternatively, you can supply your own password as the first line of \"${passphrasefile}\""
	exit 1
fi

# Make sure perms are correct on all files
[[ -n "${strictperms}" ]] && chmod -R go-rwx "${cryptodir}"

# What are we doing?
if [[ "$2" == "edit" ]]; then
	if [[ ! -r "${gpgfile}" ]]; then
		# File doesn't exist, create a blank one.
		echo -e "No encrypted file for \"${fileprefix}\". Creating one."
		touch "${tmpfile}" || exec echo -e "Error creating new file \"${tmpfile}"
	else
		# File does exist.  Decrypt it for editing.
		gpg ${gpgopts} --output "${tmpfile}" "${gpgfile}" || exec echo -e "Problem decrypting with gpg."
	fi

	# Edit the file
	vim "${tmpfile}"

	# Kill the file
	rm -f "${gpgfile}"

	# Encrypt it again
	cat "${tmpfile}" | gpg ${gpgopts} -c --output "${gpgfile}"
	if [[ ! $? = 0 ]]; then
		echo -e "Error encrypting file.  No changes saved."
		exit 100
	fi

	# Delete the tmp file
	rm -f "${tmpfile}"
elif [[ "$2" == "import" ]]; then
	# Does file exist?
	if [[ ! -r "${fileprefix}" ]]; then
		echo -e "File ${fileprefix} is non-existant or unreadable."
		exit 100
	fi

	# Strip off the path
	tmpvar="${fileprefix##*/}"
	# Encrypt the file again.  use of tmpvar is to strip off any extensions and path, leaving just the base name.
	cat "${fileprefix}" | gpg ${gpgopts} -c --output "${cryptodir}/${tmpvar%.*}.txt.gpg" || exec echo -e "Failed to encrypt file."

	# Get rid of the original
	rm -f "${fileprefix}"
	echo -e "File \"${fileprefix}\" imported to keyword \"${tmpvar%.*}\"."
else
	if [[ ! -r "${gpgfile}" ]]; then
		echo -e "No encrypted file for \"${fileprefix}\".  Creating one."
		echo -e "You got yourself a new file" | gpg ${gpgopts} -c --output "${gpgfile}"
	fi

	# We just want to see it at stdin.  Remove | less if you want.
	#gpg ${gpgopts} --output - "${gpgfile}" | less
	gpg ${gpgopts} --decrypt "${gpgfile}" | less
	echo -e "----------------------------------\nuse [edit] to modify your file.\n\tExample:\t${0##*/} ${fileprefix} edit"
fi

# Don't compromise security
[[ -n "${strictperms}" ]] && chmod -R go-rwx "${cryptodir}"
	#!/bin/bash

	#H# This script reads and encrypts arbitrary text to individual files.
	#H# It is set up to use a passphrase from a file or stdin as a prompt.
	#H#
	#H# Files are stored in $cryptodir by default. Due to limitations with gpg,
	#H# this directory must NOT have any spaces in it if you are using a passphrase file.
	#H#
	#H# When supplying a keyword, the encrypted file will be created automatically
	#H# if it does not already exist.
	#H#
	#H# Usage: crypto keyword [edit]
	#H# crypto list
	#H# crypto filename import
	#H# This second will import the contents of a file,
	#H# /path/of/filename.txt, and encrypt it to cryptodir/filename.txt.gpg
	#H# and will thereafter be accessible using the keyword 'filename'
	#H#
	# Dependencies: pwgen (only if using a passphrase file)
	# gnupg
	#

	cryptohelp () {
	echo -e "List of ${0##*/} files:"
	while read -r file; do
	# Strip .gpg
	file="${file%.*}"

	# Strip .txt
	file="${file%.*}"

	# Strip path
	file="${file##*/}"

	# Display the file
	echo -e "\t${file}"
	done < <(ls -1 "${cryptodir}"/*.txt.gpg)
	}

	ver='1.0'

	# Ensure this points to a RAMDRIVE mounted directory lest your data be compromised.
	# To see a list of potentially usable ram drives, try this: mount \| grep tmpfs
	tmpdir="/run/shm"

	usepassfile=0
	strictperms=1
	cryptodir="${HOME}/.crypto"
	fileprefix=$1
	filecmd=$2
	tmpfile="${tmpdir}/tmp.${fileprefix}.txt"
	passphrasefile="${cryptodir}/.crypto.passphrase.txt"
	gpgfile="${cryptodir}/${fileprefix}.txt.gpg"

	if [[ "${1}" = "-h" \|\| "${1}" = "--help" \|\| "${1}" = "help" \|\| "${1}" = "" ]]; then
	sed -n -e '/^\#H\#/s/^....//p' $0
	cryptohelp
	exit 0
	fi

	if [[ "${fileprefix}" == "list" \|\| "${fileprefix}" == "" ]]; then
	cryptohelp
	exit 0
	fi

	if [[ "${usepassfile}" = "1" ]]; then
	passcmd="--batch --passphrase-file ${passphrasefile}"
	else
	echo -n "Enter passphrase: "
	read -s thepass >/dev/null 2>&1
	echo ""
	passcmd="--passphrase ${thepass}"
	fi
	gpgopts="--no-mdc-warning --quiet --no-use-agent ${passcmd}"

	# Create dir to store everything
	if [[ ! -d "${cryptodir}" ]]; then
	mkdir "${cryptodir}" \|\| exec echo -e "Error creating \"${cryptodir}\""
	fi

	# If passphrase file does not exist and pwgen is not created
	[[ ! -x "$(which pwgen)" && ! -r "${passphrasefile}" && "${usepassfile}" = "1" ]] && exec echo -e "'pwgen' not installed. Either install it or create a passphrase and store it in \"${passphrasefile}\""

	# No passphrase.txt? Create it!
	if [[ ! -r "${passphrasefile}" && "${usepassfile}" = "1" ]]; then
	pwgen 15 1 -s -y > "${passphrasefile}"
	echo -e "New passphrase stored in \"${passphrasefile}\" ($(cat "${passphrasefile}"))"
	echo -e "If you lose that file, all encrypted files will be irreversibly lost"
	echo -e "Alternatively, you can supply your own password as the first line of \"${passphrasefile}\""
	exit 1
	fi

	# Make sure perms are correct on all files
	[[ -n "${strictperms}" ]] && chmod -R go-rwx "${cryptodir}"

	# What are we doing?
	if [[ "$2" == "edit" ]]; then
	if [[ ! -r "${gpgfile}" ]]; then
	# File doesn't exist, create a blank one.
	echo -e "No encrypted file for \"${fileprefix}\". Creating one."
	touch "${tmpfile}" \|\| exec echo -e "Error creating new file \"${tmpfile}"
	else
	# File does exist. Decrypt it for editing.
	gpg ${gpgopts} --output "${tmpfile}" "${gpgfile}" \|\| exec echo -e "Problem decrypting with gpg."
	fi

	# Edit the file
	vim "${tmpfile}"

	# Kill the file
	rm -f "${gpgfile}"

	# Encrypt it again
	cat "${tmpfile}" \| gpg ${gpgopts} -c --output "${gpgfile}"
	if [[ ! $? = 0 ]]; then
	echo -e "Error encrypting file. No changes saved."
	exit 100
	fi

	# Delete the tmp file
	rm -f "${tmpfile}"
	elif [[ "$2" == "import" ]]; then
	# Does file exist?
	if [[ ! -r "${fileprefix}" ]]; then
	echo -e "File ${fileprefix} is non-existant or unreadable."
	exit 100
	fi

	# Strip off the path
	tmpvar="${fileprefix##*/}"
	# Encrypt the file again. use of tmpvar is to strip off any extensions and path, leaving just the base name.
	cat "${fileprefix}" \| gpg ${gpgopts} -c --output "${cryptodir}/${tmpvar%.*}.txt.gpg" \|\| exec echo -e "Failed to encrypt file."

	# Get rid of the original
	rm -f "${fileprefix}"
	echo -e "File \"${fileprefix}\" imported to keyword \"${tmpvar%.*}\"."
	else
	if [[ ! -r "${gpgfile}" ]]; then
	echo -e "No encrypted file for \"${fileprefix}\". Creating one."
	echo -e "You got yourself a new file" \| gpg ${gpgopts} -c --output "${gpgfile}"
	fi

	# We just want to see it at stdin. Remove \| less if you want.
	#gpg ${gpgopts} --output - "${gpgfile}" \| less
	gpg ${gpgopts} --decrypt "${gpgfile}" \| less
	echo -e "----------------------------------\nuse [edit] to modify your file.\n\tExample:\t${0##*/} ${fileprefix} edit"
	fi

	# Don't compromise security
	[[ -n "${strictperms}" ]] && chmod -R go-rwx "${cryptodir}"