# Simple script which decode and encode messages based on user github key

ghcrypt.sh

#!/bin/bash
# Simple script which decode and encode messages based on user github key.
# Usage:
#   Encrypt:
#     echo "My secret is" | ./ghcrypt.sh -u ctrlok
#   Decrypt:
#     echo "BASE64SCRET"  | ./ghcrypt.sh -k ~/.ssh/id_rsa


while getopts "u:k:" opt
do
case $opt in
u) USERNAME=$OPTARG;;
k) SSH_KEY=$OPTARG;;
*) echo "No reasonable options found!";;
esac
done

if [ -n "${USERNAME}" ]; then
    TMP_PUB_RSA=$(mktemp)
    TMP_PUB_PEM=$(mktemp)
    OUTFILE=$(mktemp)
    KEYS=$(curl --silent https://api.github.com/users/${USERNAME}/keys | grep key | awk '{print $2" "$3}' | sed 's/^"\(.*\)"$/\1/')
    KEY=${KEYS[0]}
    echo $KEY > $TMP_PUB_RSA
    ssh-keygen -f $TMP_PUB_RSA -e -m PKCS8 > $TMP_PUB_PEM
    cat /dev/stdin | openssl rsautl -encrypt -pubin -inkey $TMP_PUB_PEM -ssl -out /dev/stdout | openssl enc -base64
    echo "Decrypt command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey <%SSH_PRIVATE_KEY_PATH%> -out /dev/stdout" 1>&2
fi

if [ -n "${SSH_KEY}" ]; then
    echo "Running command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout" 1>&2
    cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout
fi

echo "Encrypt command: cat /file| openssl rsautl -decrypt -inkey <%SSH_PRIVATE_KEY_PATH%> -out /dev/stdout" 1>&2

Decrypt

Move echo "Decrypt command ..." inside the first if.

Or you want it always to be displayed? It makes sense it case someone trying to edit it depending on the situation and add pbcopy for example.

Then I would suggest something line the following:

#!/bin/bash
# Simple script which decode and encode messages based on user github key.
# Usage:
#   Encrypt:
#     echo "My secret is" | ./ghcrypt.sh -u ctrlok
#   Decrypt:
#     echo "BASE64SCRET"  | ./ghcrypt.sh -k ~/.ssh/id_rsa


while getopts "u:k:" opt
do
case $opt in
u) USERNAME=$OPTARG;;
k) SSH_KEY=$OPTARG;;
*) echo "No reasonable options found!";;
esac
done

if [ -n "${USERNAME}" ]; then
    TMP_PUB_RSA=$(mktemp)
    TMP_PUB_PEM=$(mktemp)
    OUTFILE=$(mktemp)
    KEYS=$(curl --silent https://api.github.com/users/${USERNAME}/keys | grep key | awk '{print $2" "$3}' | sed 's/^"\(.*\)"$/\1/')
    KEY=${KEYS[0]}
    echo $KEY > $TMP_PUB_RSA
    ssh-keygen -f $TMP_PUB_RSA -e -m PKCS8 > $TMP_PUB_PEM
    cat /dev/stdin | openssl rsautl -encrypt -pubin -inkey $TMP_PUB_PEM -ssl -out /dev/stdout | openssl enc -base64
    echo "Decrypt command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey <%SSH_PRIVATE_KEY_PATH%> -out /dev/stdout" 1>&2
fi

if [ -n "${SSH_KEY}" ]; then
    echo "Running command: cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout" 1>&2
    cat /dev/stdin | openssl enc -d -base64 | openssl rsautl -decrypt -inkey $SSH_KEY -out /dev/stdout
fi

@ybogdanov Thanks!