summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--bin/.gitignore1
-rw-r--r--bin/Makefile1
-rw-r--r--bin/README.74
-rw-r--r--bin/enc.sh70
-rw-r--r--bin/man1/enc.155
5 files changed, 130 insertions, 1 deletions
diff --git a/bin/.gitignore b/bin/.gitignore
index e695e844..59b60826 100644
--- a/bin/.gitignore
+++ b/bin/.gitignore
@@ -8,6 +8,7 @@ config.mk
 dehtml
 downgrade
 dtch
+enc
 ever
 freecell
 git-comment
diff --git a/bin/Makefile b/bin/Makefile
index 8b7de4b9..5d23ab3c 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -13,6 +13,7 @@ BINS += bit
 BINS += c
 BINS += dehtml
 BINS += dtch
+BINS += enc
 BINS += git-comment
 BINS += glitch
 BINS += hilex
diff --git a/bin/README.7 b/bin/README.7
index 6d4e4e8a..c562e84c 100644
--- a/bin/README.7
+++ b/bin/README.7
@@ -1,4 +1,4 @@
-.Dd September 23, 2021
+.Dd January 30, 2022
 .Dt BIN 7
 .Os "Causal Agency"
 .
@@ -28,6 +28,8 @@ extract text from HTML
 IRC features for all
 .It Xr dtch 1
 detached sessions
+.It Xr enc 1
+encrypt and decrypt files
 .It Xr ever 1
 watch files
 .It Xr freecell 6
diff --git a/bin/enc.sh b/bin/enc.sh
new file mode 100644
index 00000000..4233f0a3
--- /dev/null
+++ b/bin/enc.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+set -eu
+
+readonly Command='openssl enc -ChaCha20 -pbkdf2'
+
+base64=
+stdout=false
+mode=encrypt
+force=false
+
+while getopts 'acdef' opt; do
+	case $opt in
+		(a) base64=-a;;
+		(c) stdout=true;;
+		(d) mode=decrypt;;
+		(e) mode=encrypt;;
+		(f) force=true;;
+		(?) exit 1;;
+	esac
+done
+shift $((OPTIND - 1))
+
+confirm() {
+	$force && return 0
+	while :; do
+		printf '%s: overwrite %s? [y/N] ' "$0" "$1" >&2
+		read -r confirm
+		case "$confirm" in
+			(Y*|y*) return 0;;
+			(N*|n*|'') return 1;;
+		esac
+	done
+}
+
+encrypt() {
+	if test -z "${1:-}"; then
+		$Command -e $base64
+	elif $stdout; then
+		$Command -e $base64 -in "$1"
+	else
+		input=$1
+		output="${1}.enc"
+		if test -e "$output" && ! confirm "$output"; then
+			return
+		fi
+		$Command -e $base64 -in "$input" -out "$output"
+	fi
+}
+
+decrypt() {
+	if test -z "${1:-}"; then
+		$Command -d $base64
+	elif $stdout || [ "${1%.enc}" = "$1" ]; then
+		$Command -d $base64 -in "$1"
+	else
+		input=$1
+		output=${1%.enc}
+		if test -e "$output" && ! confirm "$output"; then
+			return
+		fi
+		$Command -d $base64 -in "$input" -out "$output"
+	fi
+}
+
+for input; do
+	$mode "$input"
+done
+if [ $# -eq 0 ]; then
+	$mode
+fi
diff --git a/bin/man1/enc.1 b/bin/man1/enc.1
new file mode 100644
index 00000000..32845847
--- /dev/null
+++ b/bin/man1/enc.1
@@ -0,0 +1,55 @@
+.Dd January 30, 2022
+.Dt ENC 1
+.Os
+.
+.Sh NAME
+.Nm enc
+.Nd encrypt and decrypt files
+.
+.Sh SYNOPSIS
+.Nm
+.Op Fl acdef
+.Op Ar
+.
+.Sh DESCRIPTION
+.Nm
+encrypts and decrypts files
+using ChaCha20 via
+.Xr openssl 1 .
+When encrypting files,
+the
+.Pa .enc
+extension is added.
+When decrypting files,
+the
+.Pa .enc
+extension is removed,
+if possible.
+Otherwise output is written
+to standard output.
+Input files are not removed.
+If no files are provided,
+standard input is encrypted or decrypted.
+.
+.Pp
+The arguments are as follows:
+.Bl -tag -width Ds
+.It Fl a
+Encrypted data is Base64-encoded.
+.It Fl c
+Always write to standard output.
+.It Fl d
+Decrypt.
+.It Fl e
+Encrypt.
+This is the default.
+.It Fl f
+Do not ask to confirm overwriting files.
+.El
+.
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ enc secret.txt
+$ rm secret.txt
+$ enc -d secret.txt.enc
+.Ed