#!/usr/bin/env bash # # Encrypt files to multiple recipients. # # Load functions LIB="`dirname $0`/../functions" source "$LIB" write $* || exit 1 # Usage function keyringer_usage_encrypt { echo "Usage: keyringer $BASENAME [file]" } # Alias for keyringer_usage_encrypt function keyringer_usage_encrypt_batch { keyringer_usage_encrypt $* } # Encrypt a file into the datastore function keyringer_encrypt { local file="$1" shift if [ -z "$1" ]; then return 1 fi if [ "$*" != "-" ]; then echo "Encrypting $*..." fi mkdir -p "$KEYDIR/`dirname "$file"`" $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$file" "$*" printf "\n" } # Usage if [ -z "$2" ]; then keyringer_action_usage exit 1 fi # Aditional parameters if [ ! -z "$3" ]; then # Set secret name and original file BASEPATH="$2" shift 2 UNENCRYPTED_FILE="$*" if [ ! -d "$UNENCRYPTED_FILE" ] && echo "$UNENCRYPTED_FILE" | grep -q -e '\.'; then # Get original file EXTENSION FILENAME="$(basename "$UNENCRYPTED_FILE")" EXTENSION="${FILENAME##*.}" # Append file extension in the secret name # # Useful when opening files and the application needs the # extension to guess the file type. if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then echo "Appending '$EXTENSION' into secret name..." FILE="$BASEPATH.$EXTENSION" else FILE="$BASEPATH" fi else FILE="$BASEPATH" fi keyringer_get_new_file $FILE if [ ! -e "$UNENCRYPTED_FILE" ]; then echo "Error: cannot encrypt $UNENCRYPTED_FILE: path not found." exit 1 fi else UNENCRYPTED_FILE="-" shift keyringer_get_new_file $* fi # Set recipients file keyringer_set_recipients "$FILE" # Verbosity if [ "$BASENAME" == "encrypt" ]; then # Only display directions if we're running encrypt, not encrypt-batch if [ "$UNENCRYPTED_FILE" == "-" ]; then echo "Type your message and finish your input with EOF (Ctrl-D)." fi fi # Encrypt if [ "$UNENCRYPTED_FILE" != "-" ] && [ -d "$UNENCRYPTED_FILE" ]; then # Time to go recursive BASEPATH="`basename $FILE .asc`" FILEPATH="`dirname "$UNENCRYPTED_FILE"`" if [ "$FILEPATH" == "." ]; then FILEPATH="$(cd `dirname "$UNENCRYPTED_FILE"` &> /dev/null & pwd)" fi find $UNENCRYPTED_FILE | while read file; do if [ ! -d "$file" ]; then dir="`dirname "$file" | sed -e "s|^$UNENCRYPTED_FILE|$BASEPATH|" -e "s|^$FILEPATH|$BASEPATH|"`" keyringer_get_new_file `basename "$file"` keyringer_encrypt "$dir/$FILE" $file fi done FILE="$OLD_FILE" else keyringer_encrypt $FILE $UNENCRYPTED_FILE fi # Check exit status err="$?" if [ "$err" != "0" ]; then exit "$err" fi # Wipe information if [ "$UNENCRYPTED_FILE" != "-" ]; then echo "Done. PLEASE WIPE the non-encrypted $UNENCRYPTED_FILE." fi # Stage if [ -d "$BASEDIR/.git" ]; then keyringer_exec git "$BASEDIR" add "keys/$FILE" fi # Optional commit depending on the value of this setting if [ "$COMMIT_AFTER_ENCRYPT" == "yes" ]; then FILE="`echo $FILE | sed -e 's|/./||'`" echo Changes for keys/$FILE | keyringer_exec git "$BASEDIR" commit -F - fi # Optional push depending on the value of this setting if [ "$PUSH_AFTER_ENCRYPT" == "yes" ]; then keyringer_exec git "$BASEDIR" push fi # Done exit "$?"