1 files changed, 70 insertions, 0 deletions

diff --git a/bin/enc.sh b/bin/enc.sh
new file mode 100644
index 00000000..4233f0a3
--- /dev/null
+++ b/bin/enc.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+set -eu
+
+readonly Command='openssl enc -ChaCha20 -pbkdf2'
+
+base64=
+stdout=false
+mode=encrypt
+force=false
+
+while getopts 'acdef' opt; do
+	case $opt in
+		(a) base64=-a;;
+		(c) stdout=true;;
+		(d) mode=decrypt;;
+		(e) mode=encrypt;;
+		(f) force=true;;
+		(?) exit 1;;
+	esac
+done
+shift $((OPTIND - 1))
+
+confirm() {
+	$force && return 0
+	while :; do
+		printf '%s: overwrite %s? [y/N] ' "$0" "$1" >&2
+		read -r confirm
+		case "$confirm" in
+			(Y*|y*) return 0;;
+			(N*|n*|'') return 1;;
+		esac
+	done
+}
+
+encrypt() {
+	if test -z "${1:-}"; then
+		$Command -e $base64
+	elif $stdout; then
+		$Command -e $base64 -in "$1"
+	else
+		input=$1
+		output="${1}.enc"
+		if test -e "$output" && ! confirm "$output"; then
+			return
+		fi
+		$Command -e $base64 -in "$input" -out "$output"
+	fi
+}
+
+decrypt() {
+	if test -z "${1:-}"; then
+		$Command -d $base64
+	elif $stdout || [ "${1%.enc}" = "$1" ]; then
+		$Command -d $base64 -in "$1"
+	else
+		input=$1
+		output=${1%.enc}
+		if test -e "$output" && ! confirm "$output"; then
+			return
+		fi
+		$Command -d $base64 -in "$input" -out "$output"
+	fi
+}
+
+for input; do
+	$mode "$input"
+done
+if [ $# -eq 0 ]; then
+	$mode
+fi