ref: 261a306e87671cb561ed3905816d7389b1eddb50
iron/bin/ironcrypt
#! /bin/bash
CFG_FILE=$HOME/.ironcrypt.cfg
test -f $CFG_FILE && source $CFG_FILE
# Convention over configuration
SECURE_CA_HOME=${SECURE_HOME}/CA
CA_CERTIFICATE=${SECURE_CA_HOME}/ca.crt
CERTIFICATE=${SECURE_HOME}/${SECURE_SERVICE}/certs/${SECURE_CLIENT}/${SECURE_CLIENT}.crt
PRIVATE_KEY=${SECURE_HOME}/${SECURE_SERVICE}/certs/${SECURE_CLIENT}/${SECURE_CLIENT}.key
test -f ${CA_CERTIFICATE} || echo "Missing CA file: ${CA_CERTIFICATE}"
test -f ${CERTIFICATE} || echo "Missing Certificate file: ${CERTIFICATE}"
test -f ${PRIVATE_KEY} || echo "Missing Private KEY file: ${PRIVATE_KEY}"
function write_empty_config()
{
echo "SECURE_HOME=">> $CFG_FILE
echo "SECURE_SERVICE=">> $CFG_FILE
echo "SECURE_CLIENT=">> $CFG_FILE
echo "Edit config file: [$CFG_FILE]"
}
function test_config()
{
test -f $CFG_FILE || write_empty_config
}
function ironcrypt_check()
{
SOURCE_FILE=$1
DEST_FILE=$SOURCE_FILE.sig
openssl smime -verify \
-inform DER \
-content $SOURCE_FILE\
-in $DEST_FILE \
> /dev/null
}
function ironcrypt_decrypt()
{
SOURCE_FILE=$1
ORIG_NAME=$(echo $1 | sed -e s/.enc//)
test -f $ORIG_NAME && echo "file [$ORIG_NAME] exist - cannot overwrite";
test -f $ORIG_NAME && exit 1
openssl smime -decrypt -binary -in $SOURCE_FILE\
-inform DER -out $ORIG_NAME \
-inkey $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.key\
#-passin pass:yourpass
}
function ironcrypt_encrypt()
{
SOURCE_FILE=$1
#FILENAME_OUT=$(sha1sum $SOURCE_FILE)
FILENAME_OUT=$SOURCE_FILE.enc
test -f $FILENAME_OUT && echo "file [$FILENAME_OUT] exist - cannot overwrite";
test -f $FILENAME_OUT && exit 1
openssl smime -encrypt -binary -aes-256-cbc\
-in $SOURCE_FILE\
-out $FILENAME_OUT\
-outform DER\
$SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.crt
test -f $1.enc && rm $1
}
function ironcrypt_sign()
{
SOURCE_FILE=$1
SIGNATURE_FILE=$SOURCE_FILE.sig
test -f $SIGNATURE_FILE && echo "file [$SIGNATURE_FILE] exist - cannot overwrite";
test -f $SIGNATURE_FILE && exit 1
openssl smime -sign -binary \
-in $SOURCE_FILE\
-out $SIGNATURE_FILE\
-outform DER\
-inkey $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.key\
-signer $SECURE_HOME/$SECURE_SERVICE/certs/$SECURE_CLIENT/$SECURE_CLIENT.crt
}
function ironcrypt_usage()
{
prog_name=$(basename $0)
echo "$prog_name <-e|-d|-s|-c> "
echo ""
echo "$prog_name -e : encrypt "
echo "$prog_name -d : decrypt "
echo "$prog_name -s : sign "
echo "$prog_name -c : check .sign signature"
}
# MAIN
test_config
if [ "$#" == 1 ]; then
ironcrypt_usage
exit 1
fi
if [ "$#" == 2 ]; then
opt=$1
argvalue=$2
if [ "$opt" == "-e" ]; then
ironcrypt_encrypt $argvalue
exit 0
elif [ "$opt" == "-d" ]; then
ironcrypt_decrypt $argvalue
exit 0
elif [ "$opt" == "-s" ]; then
ironcrypt_sign $argvalue
exit 0
elif [ "$opt" == "-c" ]; then
ironcrypt_check $argvalue
exit 0
else
ironcrypt_usage
exit 1
fi
else
ironcrypt_usage
exit 1
fi