ianhattendorf/decrypt-symmetric.sh

## decrypt-symmetric.sh
#!/bin/sh

set -eu

# Usage: ./decrypt-symmetric.sh [input-file] [output-file] [passphrase]

gpg2 --passphrase "$3" --batch --yes --no-tty --output $2 --decrypt $1

## diceware.sh
#!/bin/sh

set -eu

# Usage: ./diceware.sh [word-count]

# Note: On first boot, run `dd if=/dev/random of=/dev/null bs=32 count=1` to ensure /dev/urandom is correctly seeded.
# Should only be needed on live USB/VMs.

LC_ALL=C egrep '^[[:lower:]]{4,6}$' /usr/share/dict/words | shuf --random-source=/dev/urandom -n$1 | paste -s -d ' '

## encrypt-symmetric.sh
#!/bin/sh

set -eu

# Usage: ./encrypt-symmetric.sh [input-file] [passphrase]

gpg2 --cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65011712 --passphrase "$2" --batch --yes --no-tty --symmetric "$1"

## mount-encrypted.sh
#!/bin/sh

set -eu

MOUNTNAME=encrypted
FILESIZE=32M
READONLY=true

while getopts ":f:m:s:p:w" opt; do
  case $opt in
    f)
      FILENAME="$OPTARG"
      ;;
    m)
      MOUNTNAME="$OPTARG"
      ;;
    s)
      FILESIZE="$OPTARG"
      ;;
    p)
      PASSPHRASE="$OPTARG"
      ;;
    w)
      READONLY=false
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

# Default FILENAME to MOUNTNAME.img
if [ -z "${FILENAME+x}" ]; then
  FILENAME="$MOUNTNAME".img
fi
VOLUMENAME="$MOUNTNAME"Volume

# Create encrypted volume if it doesn't exist
if [ ! -f "$FILENAME" ]; then

  if [ "$READONLY" = true ]; then
	  >&2 echo "Error: readonly but file doesn't exist"
		exit 1
	fi

	echo "Creating image file \"$FILENAME\" (size: $FILESIZE)..."
	fallocate -l $FILESIZE "$FILENAME"

	echo "Encrypting image file..."
	if [ -z "${PASSPHRASE+x}" ]; then
		sudo cryptsetup -y luksFormat "$FILENAME"
	else
		echo -n "$PASSPHRASE" | sudo cryptsetup -y luksFormat "$FILENAME" -d -
	fi

	echo "Opening encrypted volume..."
	if [ -z "${PASSPHRASE+x}" ]; then
		sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME"
	else
	  echo -n "$PASSPHRASE" | sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME" -d -
	fi

	echo "Formatting encrypted volume..."
	sudo mkfs.ext4 -L "$MOUNTNAME" /dev/mapper/"$VOLUMENAME"

	echo "Closing encrypted volume..."
	sudo cryptsetup luksClose /dev/mapper/"$VOLUMENAME"

fi

echo "Opening image file \"$FILENAME\"..."
if [ -z "${PASSPHRASE+x}" ]; then
  sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME"
else
  echo -n "$PASSPHRASE" | sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME" -d -
fi

echo "Mounting encrypted volume..."
mkdir -p ~/mnt/private/"$MOUNTNAME"
chmod 700 ~/mnt/private

if [ "$READONLY" = true ]; then
	sudo mount -o ro /dev/mapper/"$VOLUMENAME" ~/mnt/private/"$MOUNTNAME"
else
	sudo mount /dev/mapper/"$VOLUMENAME" ~/mnt/private/"$MOUNTNAME"
fi

echo "Done."

## umount-encrypted.sh
#!/bin/sh

set -eu

MOUNTNAME=encrypted

while getopts ":m:" opt; do
  case $opt in
    m)
      MOUNTNAME="$OPTARG"
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

VOLUMENAME="$MOUNTNAME"Volume

echo "Unmounting image file"
sudo umount ~/mnt/private/"$MOUNTNAME"

echo "Closing image file..."
sudo cryptsetup luksClose /dev/mapper/"$VOLUMENAME"

echo "Done."
	#!/bin/sh

	set -eu

	# Usage: ./decrypt-symmetric.sh [input-file] [output-file] [passphrase]

	gpg2 --passphrase "$3" --batch --yes --no-tty --output $2 --decrypt $1
	#!/bin/sh

	set -eu

	# Usage: ./diceware.sh [word-count]

	# Note: On first boot, run `dd if=/dev/random of=/dev/null bs=32 count=1` to ensure /dev/urandom is correctly seeded.
	# Should only be needed on live USB/VMs.

	LC_ALL=C egrep '^[[:lower:]]{4,6}$' /usr/share/dict/words \| shuf --random-source=/dev/urandom -n$1 \| paste -s -d ' '
	#!/bin/sh

	set -eu

	# Usage: ./encrypt-symmetric.sh [input-file] [passphrase]

	gpg2 --cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65011712 --passphrase "$2" --batch --yes --no-tty --symmetric "$1"
	#!/bin/sh

	set -eu

	MOUNTNAME=encrypted
	FILESIZE=32M
	READONLY=true

	while getopts ":f:m:s:p:w" opt; do
	case $opt in
	f)
	FILENAME="$OPTARG"
	;;
	m)
	MOUNTNAME="$OPTARG"
	;;
	s)
	FILESIZE="$OPTARG"
	;;
	p)
	PASSPHRASE="$OPTARG"
	;;
	w)
	READONLY=false
	;;
	\?)
	echo "Invalid option: -$OPTARG" >&2
	exit 1
	;;
	:)
	echo "Option -$OPTARG requires an argument." >&2
	exit 1
	;;
	esac
	done

	# Default FILENAME to MOUNTNAME.img
	if [ -z "${FILENAME+x}" ]; then
	FILENAME="$MOUNTNAME".img
	fi
	VOLUMENAME="$MOUNTNAME"Volume

	# Create encrypted volume if it doesn't exist
	if [ ! -f "$FILENAME" ]; then

	if [ "$READONLY" = true ]; then
	>&2 echo "Error: readonly but file doesn't exist"
	exit 1
	fi

	echo "Creating image file \"$FILENAME\" (size: $FILESIZE)..."
	fallocate -l $FILESIZE "$FILENAME"

	echo "Encrypting image file..."
	if [ -z "${PASSPHRASE+x}" ]; then
	sudo cryptsetup -y luksFormat "$FILENAME"
	else
	echo -n "$PASSPHRASE" \| sudo cryptsetup -y luksFormat "$FILENAME" -d -
	fi

	echo "Opening encrypted volume..."
	if [ -z "${PASSPHRASE+x}" ]; then
	sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME"
	else
	echo -n "$PASSPHRASE" \| sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME" -d -
	fi

	echo "Formatting encrypted volume..."
	sudo mkfs.ext4 -L "$MOUNTNAME" /dev/mapper/"$VOLUMENAME"

	echo "Closing encrypted volume..."
	sudo cryptsetup luksClose /dev/mapper/"$VOLUMENAME"

	fi

	echo "Opening image file \"$FILENAME\"..."
	if [ -z "${PASSPHRASE+x}" ]; then
	sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME"
	else
	echo -n "$PASSPHRASE" \| sudo cryptsetup luksOpen "$FILENAME" "$VOLUMENAME" -d -
	fi

	echo "Mounting encrypted volume..."
	mkdir -p ~/mnt/private/"$MOUNTNAME"
	chmod 700 ~/mnt/private

	if [ "$READONLY" = true ]; then
	sudo mount -o ro /dev/mapper/"$VOLUMENAME" ~/mnt/private/"$MOUNTNAME"
	else
	sudo mount /dev/mapper/"$VOLUMENAME" ~/mnt/private/"$MOUNTNAME"
	fi

	echo "Done."