-
Notifications
You must be signed in to change notification settings - Fork 4
/
tokenc
executable file
·53 lines (48 loc) · 1.48 KB
/
tokenc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
# tokenc - Encrypt tokens.secrets
# Depends on openssl-tool package
# Check the dependency
if ! command -v openssl > /dev/null; then
echo "openssl not found" 1>&2
exit 1
fi
# Check if the version of OpenSSL is 1.1.1 or greater and add -pbkdf2 parameter
ossl111=""
read -r vmajor vminor vpatch <<< "$(
openssl version | while read -ra v; do v1="${v[1]}"; echo "${v1//./ }"; done
)"
read -r vmajor vminor vpatch <<< "${vmajor//[^0-9]/} ${vminor//[^0-9]/} ${vpatch//[^0-9]/}"
if [[
1 -lt $vmajor
|| (1 -eq $vmajor && 1 -lt $vminor)
|| (1 -eq $vmajor && 1 -eq $vminor && 1 -le $vpatch)
]]; then
ossl111="-pbkdf2"
fi
# Initial settings
rc=${TOKENSRC:-~/.tokensrc}
# shellcheck source=.tokensrc
[[ -r "$rc" ]] && source "$rc"
secretsfile=${secretsfile:-tokens.secrets}
cipherfile="${secretsfile}.cipher"
# Pick the passphrase
((tokpass = "0"))
((verpass = "1"))
while true; do
read -rsp "Enter the passphrase: " tokpass; echo 1>&2
if [[ ${#tokpass} -lt 4 ]]; then
echo "Length of the passphrase must be at least four characters" 1>&2
continue
fi
read -rsp "Repeat the passphrase: " verpass; echo 1>&2
if [[ "$tokpass" != "$verpass" ]]; then
echo "The passphrase differs from its verification" 1>&2
continue
fi
break
done
export tokpass
# Encrypt the secrets file
if openssl enc -aes128 -e -in <(gzip -c "$secretsfile") -out "$cipherfile" -pass env:tokpass $ossl111; then
rm -f "$secretsfile"
fi