-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathd.sh
110 lines (85 loc) · 3.25 KB
/
d.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env bash
# Decrypting archive with private cert and archive key.
#
# 0. Ask for archive location.
# 1. Ask for key location (default ./name.key.enc)
# 2. Ask for private key location (default ./private.pem)
# 3. Decrypt key with private key and password prompt
# 4. Decrypt archive with decrypted key
# 5. Delete decrypted key
PATH_TO_ARCH=""; FILE_NAME=""; PATH_TO_OUT=""; PATH_TO_KEY=""; PATH_TO_PEM=""; ANSWER="n"
# reset vars
function cleanup() {
PATH_TO_ARCH=""; FILE_NAME=""; PATH_TO_OUT=""; PATH_TO_KEY=""; PATH_TO_PEM=""; ANSWER="n"
}
# set up all vars
function setup() {
# enc'ted file location
while [[ ! -f "$PATH_TO_ARCH" ]]; do
if [[ ! -f "$PATH_TO_ARCH" ]] && [[ ! -z "$PATH_TO_ARCH" ]]; then echo "$PATH_TO_ARCH is not a file."; fi
read -e -p "Absolute path to archive for decryption: " PATH_TO_ARCH
done
echo "---"
# stripping file name
FILE_NAME_ENC=$(basename ${PATH_TO_ARCH})
FILE_NAME=${FILE_NAME_ENC%.enc}
# path to output decrypted file
while [[ -z "$PATH_TO_OUT" ]] || [[ -f ${PATH_TO_OUT} ]]; do
read -e -p "Output file path with file name: " PATH_TO_OUT
if [[ -f ${PATH_TO_OUT} ]]; then echo "File: $PATH_TO_OUT already exists."; fi
done
echo "---"
# enc'ted key location
while [[ -z ${PATH_TO_KEY} ]] || [[ ! -f ${PATH_TO_KEY} ]]; do
read -e -p "Absolute path to enc'ted key: " PATH_TO_KEY
if [[ ! -f ${PATH_TO_KEY} ]]; then echo "$PATH_TO_KEY is not a file."; fi
done
echo "---"
# private key location
while [[ -z ${PATH_TO_PEM} ]] || [[ ! -f ${PATH_TO_PEM} ]]; do
read -e -p "Absolute path to pem: [./private.pem] " PATH_TO_PEM
# if read is "" than it means user wants default
if [[ -z ${PATH_TO_PEM} ]]; then PATH_TO_PEM=${PATH_TO_PEM:=./private.pem}; fi
if [[ ! -f ${PATH_TO_PEM} ]]; then echo "$PATH_TO_PEM is not a file."; fi
done
echo "---"
echo "=================================="
printf "File to decrypt:\t\t%s\n" ${PATH_TO_ARCH}
printf "Enc'ted file name:\t%s\n" ${FILE_NAME_ENC}
printf "File name is:\t\t%s\n" ${FILE_NAME}
printf "Output file is:\t\t%s\n" ${PATH_TO_OUT}
printf "Enc'ted key:\t\t%s\n" ${PATH_TO_KEY}
printf "Key pem:\t\t%s\n" ${PATH_TO_PEM}
echo "=================================="
}
# decrypt
function decrypt() {
# decrypting key with private.pem
echo "Decrypting aes key with rsa private key..."
openssl rsautl -decrypt -inkey ${PATH_TO_PEM} -in ${PATH_TO_KEY} -out ${FILE_NAME}.key
# chcking that the key was decrypted
if [[ ! -f ${FILE_NAME}.key ]]; then echo "Error decrypting rsa key."; exit 1; fi
# decrypting file with decrypted aes key
echo "Decrypting file with aes key..."
openssl enc -d -aes-256-cbc -in ${PATH_TO_ARCH} -out ${PATH_TO_OUT} -pass file:${FILE_NAME}.key
# removing decrypted aes key
echo "Removing decrypted aes key..."
rm -f ${FILE_NAME}.key
}
# main
function run() {
setup
while [ "$ANSWER" != "y" ]; do
read -p "Setup ok?[$ANSWER]" ANSWER
ANSWER=${ANSWER:-n}
if [ "${ANSWER}" = "y" ]; then
decrypt
echo "Decryption successful."
else
cleanup
setup
fi
done
}
# start program
run