Skip to content

Instantly share code, notes, and snippets.

@pmarreck

pmarreck/encrypt_decrypt.sh

Last active May 30, 2022 14:50
Show Gist options
  • Save pmarreck/166ef449a9ac4d892b729974f2069a7e to your computer and use it in GitHub Desktop.
Save pmarreck/166ef449a9ac4d892b729974f2069a7e to your computer and use it in GitHub Desktop.
Download ZIP
Relatively simple encryption/decryption functions for Bash
Raw
encrypt_decrypt.sh
# ANSI color escape-code constants
export ANSI="\033["
export TXTBLK='0;30m' # Black - Regular
export TXTRED='0;31m' # Red
export TXTGRN='0;32m' # Green
export TXTYLW='0;33m' # Yellow
export TXTBLU='0;34m' # Blue
export TXTPUR='0;35m' # Purple
export TXTCYN='0;36m' # Cyan
export TXTWHT='0;37m' # White
export BLDBLK='1;30m' # Black - Bold
export BLDRED='1;31m' # Red
export BLDGRN='1;32m' # Green
export BLDYLW='1;33m' # Yellow
export BLDBLU='1;34m' # Blue
export BLDPUR='1;35m' # Purple
export BLDCYN='1;36m' # Cyan
export BLDWHT='1;37m' # White
export UNDBLK='4;30m' # Black - Underline
export UNDRED='4;31m' # Red
export UNDGRN='4;32m' # Green
export UNDYLW='4;33m' # Yellow
export UNDBLU='4;34m' # Blue
export UNDPUR='4;35m' # Purple
export UNDCYN='4;36m' # Cyan
export UNDWHT='4;37m' # White
export BAKBLK='40m' # Black - Background
export BAKRED='41m' # Red
export BAKGRN='42m' # Green
export BAKYLW='43m' # Yellow
export BAKBLU='44m' # Blue
export BAKPUR='45m' # Purple
export BAKCYN='46m' # Cyan
export BAKWHT='47m' # White
export TXTRST='0m' # Text Reset, disable coloring
needs() {
local bin=$1;
shift;
command -v $bin > /dev/null 2>&1 || {
echo "I require $bin but it's not installed or in PATH; $*" 1>&2;
return 1
}
}
# Encryption functions. Requires the GNUpg "gpg" commandline tool. On OS X, "brew install gnupg"
# Explanation of options here:
# --symmetric - Don't public-key encrypt, just symmetrically encrypt in-place with a passphrase.
# -z 9 - Compression level
# --require-secmem - Require use of secured memory for operations. Bails otherwise.
# cipher-algo, s2k-cipher-algo - The algorithm used for the secret key
# digest-algo - The algorithm used to mangle the secret key
# s2k-mode 3 - Enables multiple rounds of mangling to thwart brute-force attacks
# s2k-count 65000000 - Mangles the passphrase this number of times. Takes over a second on modern hardware.
# compress-algo BZIP2- Uses a high quality compression algorithm before encryption. BZIP2 is good but not compatible with PGP proper, FYI.
encrypt() {
needs gpg
case "$1" in
-h | --help | "")
echo 'Usage: encrypt <filepath>'
echo "This function is defined in $BASH_SOURCE"
echo 'Will ask for password and write <filepath>.gpg to same directory.'
;;
*)
>&2 echo -e "${ANSI}${TXTYLW}gpg --symmetric -z 9 --require-secmem --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 $@ ${ANSI}${TXTRST}"
gpg --symmetric -z 9 --require-secmem --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 $@
;;
esac
}
# note: will decrypt to STDOUT by default, for security reasons.
decrypt() {
needs gpg
case "$1" in
-h | --help | "")
echo 'Usage: decrypt [-o] <filepath.gpg>'
echo "This function is defined in $BASH_SOURCE"
echo 'Will ask for password and *output cleartext to stdout* for security reasons; redirect to file with > to write to disk,'
echo 'or pass -o option which will write to the original filename stored inside the file.'
;;
-o)
shift
>&2 echo -e "${ANSI}${TXTYLW}gpg ${@}${ANSI}${TXTRST}"
gpg $@
;;
*)
>&2 echo -e "${ANSI}${TXTYLW}gpg -d ${@}${ANSI}${TXTRST}"
gpg -d $@
;;
esac
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment