diff options
Diffstat (limited to 'bin/enc.sh')
-rw-r--r-- | bin/enc.sh | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/bin/enc.sh b/bin/enc.sh new file mode 100644 index 00000000..4233f0a3 --- /dev/null +++ b/bin/enc.sh @@ -0,0 +1,70 @@ +#!/bin/sh +set -eu + +readonly Command='openssl enc -ChaCha20 -pbkdf2' + +base64= +stdout=false +mode=encrypt +force=false + +while getopts 'acdef' opt; do + case $opt in + (a) base64=-a;; + (c) stdout=true;; + (d) mode=decrypt;; + (e) mode=encrypt;; + (f) force=true;; + (?) exit 1;; + esac +done +shift $((OPTIND - 1)) + +confirm() { + $force && return 0 + while :; do + printf '%s: overwrite %s? [y/N] ' "$0" "$1" >&2 + read -r confirm + case "$confirm" in + (Y*|y*) return 0;; + (N*|n*|'') return 1;; + esac + done +} + +encrypt() { + if test -z "${1:-}"; then + $Command -e $base64 + elif $stdout; then + $Command -e $base64 -in "$1" + else + input=$1 + output="${1}.enc" + if test -e "$output" && ! confirm "$output"; then + return + fi + $Command -e $base64 -in "$input" -out "$output" + fi +} + +decrypt() { + if test -z "${1:-}"; then + $Command -d $base64 + elif $stdout || [ "${1%.enc}" = "$1" ]; then + $Command -d $base64 -in "$1" + else + input=$1 + output=${1%.enc} + if test -e "$output" && ! confirm "$output"; then + return + fi + $Command -d $base64 -in "$input" -out "$output" + fi +} + +for input; do + $mode "$input" +done +if [ $# -eq 0 ]; then + $mode +fi |