Crypt Bash script that uses OpenSSL AES-256 CBC encryption to encrypt/decrypt a file salting it with password designated by user.
#!/usr/bin/env bash
#
# A wrapper for openssl that allows for quickly encrypting
# and decrypting files
#
# This is a modified version of Crypt by Alex Epstein. Changes include...
#
# - Removed `update` operation and option parsing
# - Encrypted files automatically have the ".crypt" file extension appended.
# - Removed option for output filename.
# - Double quote vars to prevent unexpected globing
#
# Original <https://github.com/alexanderepstein/Bash-Snippets/blob/master/crypt/crypt>
#
# Usage:
#
# To encrypt a file:
# $ crypt -e <original_file>
#
# To decrypt a file:
# $ crypt -d <encrypted_file>
#
# Author: Alexander Epstein <https://github.com/alexanderepstein>
# Modified by: Jon LaBelle <https://github.com/jonlabelle>
# Date: August 9, 2017
#
currentVersion="1.18.1"
state=""
configuredClient=""
checkOpenSSL()
{
if ! command -v openssl &>/dev/null; then
echo "Error: to use this tool openssl must be installed" >&2
return 1
else
return 0
fi
}
checkInternet()
{
httpGet github.com > /dev/null 2>&1 || { echo "Error: no active internet connection" >&2; return 1; } # query github with a get request
}
## This function determines which http get tool the system has installed and returns an error if there isnt one
getConfiguredClient()
{
if command -v curl &>/dev/null; then
configuredClient="curl"
elif command -v wget &>/dev/null; then
configuredClient="wget"
elif command -v http &>/dev/null; then
configuredClient="httpie"
elif command -v fetch &>/dev/null; then
configuredClient="fetch"
else
echo "Error: This tool reqires either curl, wget, httpie or fetch to be installed." >&2
return 1
fi
}
## Allows to call the users configured client without if statements everywhere
httpGet()
{
case "$configuredClient" in
curl) curl -A curl -s "$@" ;;
wget) wget -qO- "$@" ;;
httpie) http -b GET "$@" ;;
fetch) fetch -q "$@" ;;
esac
}
## uses openssl aes 256 cbc encryption to encrypt file salting it with password designated by user
encrypt()
{
echo "Encrypting '$1' to '${1}.crypt'..."
openssl enc -aes-256-cbc -salt -a -in "$1" -out "${1}.crypt" || { echo "File not found"; return 1; }
echo "Successfully encrypted"
}
## uses openssl aes 256 cbc decryption to decrypt file
decrypt()
{
decrypted_file=$(echo "$1" | sed 's/\.crypt$//g')
echo "Decrypting '$1' to '${decrypted_file}'..."
openssl enc -aes-256-cbc -d -a -in "$1" -out "$decrypted_file" || { echo "File not found"; return 1; }
echo "Successfully decrypted"
}
usage()
{
cat <<EOF
crypt -- Encrypt and decrypt files using OpenSSL.
Usage: crypt -<flag> <inputFile>
-e Encrypt the inputFile and store it in the outputFile
-d Decrypt the inputFile and store it in the outputFile
-h Show help
-v Show version
Examples:
crypt -e file.txt -- Encrypts the file to 'file.txt.crypt'.
crypt -d file.txt.crypt -- Decrypts the file back to 'file.txt'.
EOF
}
checkOpenSSL || exit 1
while getopts "hve:d:" opt; do ## alows for using options in bash
case $opt in
e) ## when trying to encrypt run this
if [[ $state != "decrypt" ]]; then
state="encrypt"
else
echo "Error: the -d and -e options are mutally exclusive" >&2
exit 1
fi
if [[ $# -ne 2 ]]; then
echo "Option -e needs and only accepts 1 argument [file to encrypt]" >&2
exit 1
fi
;;
\?) echo "Invalid option: -$OPTARG" >&2
exit 1
;;
d) ## when trying to decrypt run this
if [[ $state != "encrypt" ]]; then
state="decrypt"
else
echo "Error: the -e and -d options are mutally exclusive" >&2
exit 1
fi
if [[ $# -ne 2 ]]; then
echo "Option -d needs and only accepts one argument [file to decrypt]" >&2
exit 1
fi
;;
h) usage
exit 0
;;
v) echo "Version $currentVersion"
exit 0
;;
:) ## will run when no arguments are provided to to e or d options
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
if [[ $# == 0 ]]; then
usage
exit 0
elif [[ $1 == "help" ]]; then
usage
exit 0
elif [[ $state == "encrypt" ]]; then
encrypt "$2" "$3" || exit 1
exit 0
elif [[ $state == "decrypt" ]]; then
decrypt "$2" "$3" || exit 1
exit 0
fi