Encrypting/Decrypting a file with openssl and AES-CBC (256 bits) algorithm
#!/bin/bash | |
# Copyright (C) 2013 Emanuele Tomasi <targzeta@gmail.com> | |
# | |
# This program is free software: you can redistribute it and/or modify | |
# it under the terms of the GNU General Public License as published by | |
# the Free Software Foundation, either version 3 of the License, or | |
# (at your option) any later version. | |
# | |
# This program is distributed in the hope that it will be useful, | |
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
# GNU General Public License for more details. | |
# | |
# You should have received a copy of the GNU General Public License | |
# along with this program. If not, see <http://www.gnu.org/licenses/>. | |
# Encrypting/Descrypting a file with openssl and AES-CBC (256 bits) algorithm. | |
# -h help | |
SCRIPT_NAME=${0##*/} | |
SCRIPT_AUTHOR="Emanuele Tomasi <targzeta@gmail.com>" | |
############# | |
# FUNCTIONS # | |
############# | |
function _exit | |
{ | |
echo -e "${SCRIPT_NAME}: ${1}" | |
exit $2 | |
} | |
function _help | |
{ | |
cat <<EOF | |
Use: ${SCRIPT_NAME} [-d | -c] filename | |
Encrpyts/decrypts a file with openssl and AES-CBC (256 bits) algorithm. | |
Options: | |
-e force ecrypting. | |
-d force decrypting. | |
-h display this help and exit. | |
by ${SCRIPT_AUTHOR}" | |
EOF | |
} | |
function _check_extern_programs | |
{ | |
local error=0 | |
local string_error | |
if ! which --version >&/dev/null | |
then | |
error=1 | |
string_error="which : command not founds.\n"; | |
else | |
for progr in $@ | |
do | |
if ! which $progr >& /dev/null | |
then | |
error=1 | |
string_error=${string_error}"${progr} : command not founds.\n" | |
fi | |
done | |
fi | |
if (( $error )) | |
then | |
_exit "You need to install these commands:\n$string_error" 1 | |
fi | |
} | |
function _encrypt_file() | |
{ | |
local _original_file="$1" | |
local _key=$2 | |
local _new_file="${_original_file}.enc" | |
echo "Encrypting ${_original_file}..." | |
openssl aes-256-cbc -pbkdf2 -k ${_key} -in "${_original_file}" -out "${_new_file}" | |
# Removing original file. | |
[ $? -eq 0 ] && rm "$_original_file" | |
} | |
function _decrypt_file() | |
{ | |
local _original_file="$1" | |
local _key=$2 | |
local _new_file="${_original_file%.enc}" | |
echo "Decrypting ${_original_file}..." | |
openssl aes-256-cbc -d -pbkdf2 -k ${_key} -in "${_original_file}" -out "${_new_file}" | |
# Removing original file. | |
if [ $? -eq 0 ] | |
then | |
rm "$_original_file" | |
else | |
rm "$_new_file" | |
fi | |
} | |
# Ensuring bash variables and builtin functions | |
IFS=$'\n\t ' | |
enable getopts echo exit | |
################ | |
# COMMAND LINE # | |
################ | |
_ENCRYPT=0 | |
_DECRYPT=0 | |
while getopts :hcd opzione | |
do | |
case $opzione in | |
c) _ENCRYPT=1 | |
;; | |
d) _DECRYPT=1 | |
;; | |
h) _help | |
exit | |
;; | |
?) _exit "-${OPTARG} : not valid argument." 1 | |
;; | |
esac | |
done | |
shift $((OPTIND-1)) | |
########## | |
# CHECKS # | |
########## | |
_FILE="$1" | |
_FILE_EXT="${_FILE##*.}" | |
_FILE_IS_ENCRYPTED=0 | |
# Sanity check 1: the file argument | |
[ -z "${_FILE}" ] && _exit "missing argument. ${SCRIPT_NAME} -h for help." 1 | |
[ ! -f "$_FILE" ] && _exit "${_FILE}: file not founds!" 1 | |
[ $_FILE_EXT == 'enc' ] && _FILE_IS_ENCRYPTED=1 | |
# Sanity check 2: options | |
[ $_ENCRYPT -eq 1 -a $_DECRYPT -eq 1 ] &&\ | |
_exit "only one between -c or -d must be set." 1 | |
# Sanity check 3: decrypting and file extension | |
[ $_DECRYPT -eq 1 -a $_FILE_IS_ENCRYPTED -eq 0 ] && \ | |
_exit "\"${_FILE}\", the encrypted filename must end with \".enc\"." 1 | |
# Sanity check 4: external programs | |
_check_extern_programs openssl | |
#################################### | |
# AUTO DISCOVER WHAT WE HAVE TO DO # | |
#################################### | |
# What have to do? Encrpyt or Decrypt? | |
if [ $_ENCRYPT -eq 0 -a $_DECRYPT -eq 0 ] | |
then | |
if [ $_FILE_IS_ENCRYPTED -eq 1 ] | |
then | |
_DECRYPT=1 | |
else | |
_ENCRYPT=1 | |
fi | |
fi | |
######## | |
# MAIN # | |
######## | |
read -sp 'Password: ' _KEY | |
echo | |
if [ $_ENCRYPT -eq 1 ] | |
then | |
_encrypt_file "$_FILE" $_KEY | |
else | |
_decrypt_file "$_FILE" $_KEY | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment