shellcrypt.sh

#!/bin/bash -e

if [ $# -ne 1 ]; then
	echo "Usage: $0 device"
	exit 1
fi

SectorCount=$(( `blockdev --getsize "$1"` - 1 ))

echo -n "Password: "
read -s Password
echo
echo -n "Verify: "
read -s VerifyPassword
echo

if [ "$Password" != "$VerifyPassword" ]; then
	echo "Passwords do not match"
	exit 1
fi

dd if=/dev/zero of=$1 bs=512 count=1

PbkdfIters=1000000
Key=$(openssl rand 32 | od -vtx1 -An | tr -d '\n ')
KeyHash=$(echo $Key | sha256sum | cut -c 1-64)
export Password
echo ${Key}${KeyHash} | xxd -r -ps | openssl enc -aes-256-cbc -md sha256 -pbkdf2 -iter $PbkdfIters -pass env:Password -nopad | dd of=$1 bs=16 seek=27

cat <<EOF >"$1"
#!/bin/sh
e=echo
[ \$# -eq 1 ]||{ \$e Usage: \$0 name;exit 1;}
\$e -n Pass:
stty -\$e
export P="\`head -n1\`"
stty \$e
D=\`head -c512 \$0|tail -c80|openssl enc -d -aes-256-cbc -md sha256 -pbkdf2 -iter $PbkdfIters -pass env:P -nopad|od -vtx1 -An|tr -d " \n"\`
K=\`expr substr \$D 1 64\`
[ \`\$e \$K|sha256sum|cut -c1-64\` = \`expr substr \$D 65 64\` ]||{ \$e Invalid;exit 1;}
\$e OK
\$e 0 $SectorCount crypt aes-xts-plain64 \$K 0 \$0 1|dmsetup create \$1
exit 0
EOF