Encrypting/Decrypting a file with openssl and AES-CBC (256 bits) algorithm

dencrypt.sh

#!/bin/bash
# Copyright (C) 2013 Emanuele Tomasi <targzeta@gmail.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Encrypting/Descrypting a file with openssl and AES-CBC (256 bits) algorithm.

# -h help

SCRIPT_NAME=${0##*/}
SCRIPT_AUTHOR="Emanuele Tomasi <targzeta@gmail.com>"


#############
# FUNCTIONS #
#############
function _exit
{
  echo -e "${SCRIPT_NAME}: ${1}"
  exit $2
}

function _help
{
  cat <<EOF
Use: ${SCRIPT_NAME} [-d | -c] filename

Encrpyts/decrypts a file with openssl and AES-CBC (256 bits) algorithm.

Options:
-e    force ecrypting.
-d    force decrypting.
-h    display this help and exit.

by ${SCRIPT_AUTHOR}"
EOF
}

function _check_extern_programs
{
  local error=0
  local string_error

  if ! which --version >&/dev/null
  then
    error=1
    string_error="which : command not founds.\n";
  else
    for progr in $@
    do

      if ! which $progr >& /dev/null
      then
        error=1
        string_error=${string_error}"${progr} : command not founds.\n"
      fi
    done
  fi

  if (( $error ))
  then
    _exit "You need to install these commands:\n$string_error" 1
  fi
}

function _encrypt_file()
{
  local _original_file="$1"
  local _key=$2
  local _new_file="${_original_file}.enc"

  echo "Encrypting ${_original_file}..."
  openssl aes-256-cbc -pbkdf2 -k ${_key} -in "${_original_file}" -out "${_new_file}"

  # Removing original file.
  [ $? -eq 0 ] && rm "$_original_file"
}

function _decrypt_file()
{
  local _original_file="$1"
  local _key=$2
  local _new_file="${_original_file%.enc}"

  echo "Decrypting ${_original_file}..."
  openssl aes-256-cbc -d -pbkdf2 -k ${_key} -in "${_original_file}" -out "${_new_file}"

  # Removing original file.
  if [ $? -eq 0 ]
  then
    rm "$_original_file"
  else
    rm "$_new_file"
  fi
}


# Ensuring bash variables and builtin functions
IFS=$'\n\t '

enable getopts echo exit


################
# COMMAND LINE #
################
_ENCRYPT=0
_DECRYPT=0
while getopts :hcd opzione
do
  case $opzione in
    c) _ENCRYPT=1
      ;;
    d) _DECRYPT=1
      ;;
    h) _help
      exit
      ;;
    ?) _exit "-${OPTARG} : not valid argument." 1
      ;;
  esac
done
shift $((OPTIND-1))


##########
# CHECKS #
##########
_FILE="$1"
_FILE_EXT="${_FILE##*.}"
_FILE_IS_ENCRYPTED=0

# Sanity check 1: the file argument
[ -z "${_FILE}" ] && _exit "missing argument. ${SCRIPT_NAME} -h for help." 1
[ ! -f "$_FILE" ] && _exit "${_FILE}: file not founds!" 1

[ $_FILE_EXT == 'enc' ] && _FILE_IS_ENCRYPTED=1


# Sanity check 2: options
[ $_ENCRYPT -eq 1 -a $_DECRYPT -eq 1 ] &&\
   _exit "only one between -c or -d must be set." 1


# Sanity check 3: decrypting and file extension
[ $_DECRYPT -eq 1 -a $_FILE_IS_ENCRYPTED -eq 0 ] && \
  _exit "\"${_FILE}\", the encrypted filename must end with \".enc\"." 1


# Sanity check 4: external programs
_check_extern_programs openssl


####################################
# AUTO DISCOVER WHAT WE HAVE TO DO #
####################################
# What have to do? Encrpyt or Decrypt?
if [ $_ENCRYPT -eq 0 -a $_DECRYPT -eq 0 ]
then
  if [ $_FILE_IS_ENCRYPTED -eq 1 ]
  then
    _DECRYPT=1
  else
    _ENCRYPT=1
  fi
fi


########
# MAIN #
########
read -sp 'Password: ' _KEY
echo

if [ $_ENCRYPT -eq 1 ]
then
  _encrypt_file "$_FILE" $_KEY
else
  _decrypt_file "$_FILE" $_KEY
fi