Merge pull request 'v2' (#5) from v2 into main

Reviewed-on: #5
This commit is contained in:
Frank Bischof 2024-04-17 12:17:45 +02:00
commit feaacb9df4
2 changed files with 33 additions and 26 deletions

View File

@ -1,12 +1,14 @@
# Crypter # Crypter
Script to encrypt and decrypt files easily using openssl Script to encrypt and decrypt files easily using openssl.
## Howto ## Howto
./crypter.sh -[e/d] [inputfile] ./crypter.sh -[e/d] inputfile [--no-verify]
### Options ### Options
-e for encrypt -e for encrypt - Encrypts the filename and adds a hash file.
-d for decrypt -d for decrypt - Decrypts the file and removes crypt files after hash check.
--no-verify - Decrypts the file without comparing the hash.
## Additional info ## Additional info
Uses des-ede3-cbc pbkdf2 with salt by default but can be configured in the ~/.crypter/.algos file.\ Uses des-ede3-cbc pbkdf2 with salt by default but can be configured in the ~/.crypter/.algos file.\
Files are converted using base64 encoding.\ Files are converted using base64 encoding.
Files hash is checked uppon decrypting Files hash is checked uppon decrypting\
This can be ignored using the --no-verify flag.

View File

@ -12,7 +12,7 @@ then
exit 2 exit 2
fi fi
else else
echo "Usage: ./crypter.sh -[e/d] [inputfile]"; echo "Usage: ./crypter.sh -[e/d] inputfile [--no-verify]";
exit 1 exit 1
fi fi
@ -28,9 +28,9 @@ source ~/.crypter/.algos
case "$1" in case "$1" in
"-e") "-e")
echo "Encrypting file ${INPUT}" echo "Encrypting file ${INPUT}"
HASH=$(sha256sum $INPUT | awk '{ print $1 }') OUTPUT="${INPUT}.crypt"
OUTPUT="${INPUT}.${HASH}.crypto" HASH=$(sha256sum ${INPUT} > ${OUTPUT}.hash)
openssl enc $ALGOS -salt -in ${INPUT} -out ${OUTPUT}.temp openssl enc ${ALGOS} -salt -in ${INPUT} -out ${OUTPUT}.temp > /dev/null 2>&1
base64 ${OUTPUT}.temp > ${OUTPUT} base64 ${OUTPUT}.temp > ${OUTPUT}
rm -f ${OUTPUT}.temp rm -f ${OUTPUT}.temp
if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ]
@ -42,22 +42,23 @@ case "$1" in
else else
# NOK - remove empty output file # NOK - remove empty output file
echo "CRITICAL - Output file ${OUTPUT} is 0 bytes! Not removing the source file ${INPUT}" echo "CRITICAL - Output file ${OUTPUT} is 0 bytes! Not removing the source file ${INPUT}"
rm -f ${OUTPUT} rm -f ${OUTPUT} ${OUTPUT}.hash
exit 2 exit 2
fi fi
;; ;;
"-d") "-d")
echo "Decrypting file ${INPUT}"; echo "Decrypting file ${INPUT}";
OUTPUT=$(echo $INPUT | sed 's/\.crypto//') OUTPUT=$(echo ${INPUT} | sed 's/\.crypt//')
HASH=$(echo $OUTPUT | sed 's/^.*\.//')
base64 -d ${INPUT} > ${INPUT}.temp base64 -d ${INPUT} > ${INPUT}.temp
openssl enc -d $ALGOS -in ${INPUT}.temp -out ${OUTPUT} openssl enc -d ${ALGOS} -in ${INPUT}.temp -out ${OUTPUT} > /dev/null 2>&1
rm -f ${INPUT}.temp rm -f ${INPUT}.temp
if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ] if [ "`stat ${OUTPUT} | grep Size | awk '{ print $2}'`" != 0 ]
then
if [ "$3" != '--no-verify' ]
then then
# SHA256SUM CHECK # SHA256SUM CHECK
CUR_HASH=$(sha256sum ${OUTPUT} | awk '{ print $1 }') CUR_HASH=$(sha256sum --quiet --check ${OUTPUT}.crypt.hash)
if [ "${HASH}" != "${CUR_HASH}" ] if [ $? != 0 ]
then then
# NOK - Hash mismatch # NOK - Hash mismatch
echo "CRITICAL - Hashes mismatching!" echo "CRITICAL - Hashes mismatching!"
@ -66,10 +67,14 @@ case "$1" in
else else
# OK - safe to delete the original input file # OK - safe to delete the original input file
echo "OK - Hashes matching, deleting input file" echo "OK - Hashes matching, deleting input file"
rm -f ${INPUT} rm -f ${INPUT} ${INPUT}.hash
mv ${OUTPUT} $(echo $OUTPUT | sed 's/\..*//')
exit 0 exit 0
fi fi
else
echo "Ignoring hash verify"
rm -f ${INPUT} ${INPUT}.hash
fi
else else
# NOK - remove empty output file # NOK - remove empty output file
echo "CRITICAL - Output file is 0 bytes! Not removing the input file" echo "CRITICAL - Output file is 0 bytes! Not removing the input file"