blob: 4233f0a3fa57c89a73ff393b9ed9541692d87c4b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/bin/sh
set -eu
readonly Command='openssl enc -ChaCha20 -pbkdf2'
base64=
stdout=false
mode=encrypt
force=false
while getopts 'acdef' opt; do
case $opt in
(a) base64=-a;;
(c) stdout=true;;
(d) mode=decrypt;;
(e) mode=encrypt;;
(f) force=true;;
(?) exit 1;;
esac
done
shift $((OPTIND - 1))
confirm() {
$force && return 0
while :; do
printf '%s: overwrite %s? [y/N] ' "$0" "$1" >&2
read -r confirm
case "$confirm" in
(Y*|y*) return 0;;
(N*|n*|'') return 1;;
esac
done
}
encrypt() {
if test -z "${1:-}"; then
$Command -e $base64
elif $stdout; then
$Command -e $base64 -in "$1"
else
input=$1
output="${1}.enc"
if test -e "$output" && ! confirm "$output"; then
return
fi
$Command -e $base64 -in "$input" -out "$output"
fi
}
decrypt() {
if test -z "${1:-}"; then
$Command -d $base64
elif $stdout || [ "${1%.enc}" = "$1" ]; then
$Command -d $base64 -in "$1"
else
input=$1
output=${1%.enc}
if test -e "$output" && ! confirm "$output"; then
return
fi
$Command -d $base64 -in "$input" -out "$output"
fi
}
for input; do
$mode "$input"
done
if [ $# -eq 0 ]; then
$mode
fi
|