Skip to content

Instantly share code, notes, and snippets.

@entrity

entrity/Encrypt and Decrypt.md

Created April 22, 2015 00:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save entrity/c3e1db7c4d168a5aec8f to your computer and use it in GitHub Desktop.
Save entrity/c3e1db7c4d168a5aec8f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
decrypt.sh
#!/bin/bash
# This script decrypts the given file(s) using aes-256-cbc, a password, and salt.
#
# This script attempts to create a file whose name matches the input file, sans
# the suffix '.enc'. If a file already exists at this output filepath, the script will
# append the suffix '.dec' to the original (encrypted) filename and again check whether
# the destination filepath is already in use. This script will terminate rather than
# overwrite any existing file. Likewise it will terminate if it cannot read a password
# from the file designated by $PASSFILE.
#
# As arguments, provide as many filenames as you please.
#
# After dencrypting all of the provided files, this script will prompt for permission
# to move the original (encrypted) files to the trash (using trash-cli). This
# prompt defaults to No.
[ $PASSFILE ] || PASSFILE=$HOME/scripts/temppass
[ $ALGORITHM ] || ALGORITHM=aes-256-cbc
encrypt ()
{
OUT="${1%.enc}"
if [[ "$1" == "$OUT" ]]; then OUT="$1.dec"; fi
if [[ -e "$OUT" ]]; then
echo File $OUT exists. Aborting.
exit 1
fi
if [[ ! -r "$1" ]]; then
echo File $1 is unreadable. Aborting.
exit 2
fi
if [[ ! -f "$1" ]]; then
echo File $1 is not a file. Aborting.
exit 3
fi
echo Decrypting to $OUT
openssl enc -d -$ALGORITHM -pass file:"$PASSFILE" -in "$1" -out "$OUT"
}
for arg in "${@}"; do
encrypt "$arg"
done
printf "Move source(s) to trash? [y/N] "
read trash
if [[ "$trash" == "y" ]]; then
for arg in "${@}"; do
echo "Trashing $arg"
trash-put "$arg"
done
fi
Raw
Encrypt and Decrypt.md

These are convenience scripts for encrypting/decrypting files with a password, salt, and an algorithm of your choice.

After performing the encryption/decryption, the script will ask whether you want to move the source files to the trash (using trash-cli). This option defaults to No.

These scripts will not overwrite any existing files but rather will exit with an error code if an existing file blocks their operation.

Algorithm

The algorithm defaults to aes-256-cbc, but you can set an environment variable ALGORITHM to override it.

Password

The password is read from a file. The password filepath defaults to $HOME/scripts/temppass, but you can override it by setting an environment variable PASSFILE.

Raw
encrypt.sh
#!/bin/bash
# This script encrypts the given file(s) using aes-256-cbc, a password, and salt.
#
# This script attempts to create the file <file>.enc. This script will terminate
# rather than overwrite any existing file. Likewise it will
# terminate if it cannot read a password from the file designated by $PASSFILE.
#
# As arguments, provide as many filenames as you please.
#
# After encrypting all of the provided files, this script will prompt for permission
# to move the original (unencrypted) files to the trash (using trash-cli). This
# prompt defaults to No.
[ $PASSFILE ] || PASSFILE=$HOME/scripts/temppass
[ $ALGORITHM ] || ALGORITHM=aes-256-cbc
encrypt ()
{
OUT="$1.enc"
if [[ -e "$OUT" ]]; then
echo File $OUT exists. Aborting.
exit 1
fi
if [[ ! -r "$1" ]]; then
echo File $1 is unreadable. Aborting.
exit 2
fi
if [[ ! -f "$1" ]]; then
echo File $1 is not a file. Aborting.
exit 3
fi
echo Encrypting to $OUT
openssl enc -e -salt -$ALGORITHM -pass file:"$PASSFILE" -in "$1" -out "$OUT"
}
for arg in "${@}"; do
encrypt "$arg"
done
printf "Move original(s) to trash? [y/N] "
read trash
if [[ "$trash" == "y" ]]; then
for arg in "${@}"; do
echo "Trashing $arg"
trash-put "$arg"
done
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment