Skip to content

Instantly share code, notes, and snippets.

@ctrlok

ctrlok/ghcrypt.sh

Last active November 2, 2016 19:54
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save ctrlok/f7ddd19ab0efb1dffc8120c3af0bb48b to your computer and use it in GitHub Desktop.
Save ctrlok/f7ddd19ab0efb1dffc8120c3af0bb48b to your computer and use it in GitHub Desktop.
Download ZIP
# Simple script which decode and encode messages based on user github key
Raw
ghcrypt.sh
#!/bin/bash
# Simple script which decode and encode messages based on user github key.
# Usage:
# Encrypt:
# echo "My secret is" | ./ghcrypt.sh -u ctrlok
# Decrypt:
# echo "BASE64SCRET" | ./ghcrypt.sh -k ~/.ssh/id_rsa
while getopts "u:k:" opt
do
case $opt in
u) USERNAME=$OPTARG;;
k) SSH_KEY=$OPTARG;;
*) echo "No reasonable options found!";;
esac
done
if [ -n "${USERNAME}" ]; then
TMP_PUB_RSA=$(mktemp)
TMP_PUB_PEM=$(mktemp)
OUTFILE=$(mktemp)
KEYS=$(curl --silent https://api.github.com/users/${USERNAME}/keys | grep key | awk '{print $2" "$3}' | sed 's/^"\(.*\)"$/\1/')
KEY=${KEYS[0]}
echo $KEY > $TMP_PUB_RSA
ssh-keygen -f $TMP_PUB_RSA -e -m PKCS8 > $TMP_PUB_PEM
cat /dev/stdin | openssl rsautl -encrypt -pubin -inkey $TMP_PUB_PEM -ssl -out /dev/stdout | openssl enc -base64
echo "Decrypt command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey <%SSH_PRIVATE_KEY_PATH%> -out /dev/stdout" 1>&2
fi
if [ -n "${SSH_KEY}" ]; then
echo "Running command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout" 1>&2
cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout
fi
@ybogdanov
Copy link 

echo "Encrypt command: cat /file| openssl rsautl -decrypt -inkey <%SSH_PRIVATE_KEY_PATH%> -out /dev/stdout" 1>&2

Decrypt

@ybogdanov
Copy link

Move echo "Decrypt command ..." inside the first if.

@ybogdanov
Copy link

Or you want it always to be displayed? It makes sense it case someone trying to edit it depending on the situation and add pbcopy for example.

@ybogdanov
Copy link

Then I would suggest something line the following:

#!/bin/bash
# Simple script which decode and encode messages based on user github key.
# Usage:
#   Encrypt:
#     echo "My secret is" | ./ghcrypt.sh -u ctrlok
#   Decrypt:
#     echo "BASE64SCRET"  | ./ghcrypt.sh -k ~/.ssh/id_rsa


while getopts "u:k:" opt
do
case $opt in
u) USERNAME=$OPTARG;;
k) SSH_KEY=$OPTARG;;
*) echo "No reasonable options found!";;
esac
done

if [ -n "${USERNAME}" ]; then
    TMP_PUB_RSA=$(mktemp)
    TMP_PUB_PEM=$(mktemp)
    OUTFILE=$(mktemp)
    KEYS=$(curl --silent https://api.github.com/users/${USERNAME}/keys | grep key | awk '{print $2" "$3}' | sed 's/^"\(.*\)"$/\1/')
    KEY=${KEYS[0]}
    echo $KEY > $TMP_PUB_RSA
    ssh-keygen -f $TMP_PUB_RSA -e -m PKCS8 > $TMP_PUB_PEM
    cat /dev/stdin | openssl rsautl -encrypt -pubin -inkey $TMP_PUB_PEM -ssl -out /dev/stdout | openssl enc -base64
    echo "Decrypt command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey <%SSH_PRIVATE_KEY_PATH%> -out /dev/stdout" 1>&2
fi

if [ -n "${SSH_KEY}" ]; then
    echo "Running command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout" 1>&2
    cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout
fi

@ctrlok
Copy link
Author

ctrlok commented Aug 8, 2016

@ybogdanov Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment