Added key exists check

Previously, if the KEY variable was unset, a new archive would be
created and would overwrite the original, losing all data (this is a
brand new script after all).

Now we check not only that KEY is set, but that KEY can be found with
'gpg --list-keys'.

Also added newline on "Re-encrypting for shutdown" message.

1 files changed, 15 insertions, 4 deletions

diff --git a/gpgsecure.sh b/gpgsecure.sh
index 9aa3048..0544671 100755
--- a/gpgsecure.sh
+++ b/gpgsecure.sh
@@ -16,12 +16,12 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-export KEY # GPG key to encrypt the container with
-export DIR # Directory path to present the gpg archive to
-export TMP # Temp directory in memory to decrypt to
+export KEY=${KEY:-} # GPG key to encrypt the container with
+export DIR          # Directory path to present the gpg archive to
+export TMP          # Temp directory in memory to decrypt to
 
 shutdown() {
-  printf 'Re-encrypting for shutdown\n'
+  printf '\nRe-encrypting for shutdown\n'
   tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
   printf 'Shredding\n'
   # Shred all files in memory
@@ -39,6 +39,17 @@ main() {
     return 1
   fi
 
+  if [ -z "${KEY}" ]; then
+    printf 'KEY variable unset. Cannot re-encrypt. Exiting.\n'
+    return 1
+  fi
+
+  gpg --list-keys ${KEY} 2>/dev/null 1>/dev/null
+  if [ $? -gt 0 ]; then
+    printf 'Unknown key "%s". Cannot proceed.\n' "${KEY}"
+    return 1
+  fi
+
   # Convert DIR to absolute path to avoid cd issues
   DIR="$(cd $(dirname ${DIR}) && pwd)/$(basename ${DIR})"
   # Create a temp dir in memory to extract to for safety