blob: 0544671feb8b0115728f788d6e7fb74f94290c4f (
plain)
1 #!/usr/bin/env bash
2 # GPGSecure is a shell script that manages GPG encrypted archives
3 # Copyright (C) 2018 Aaron Ball <nullspoon@oper.io>
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18
19 export KEY=${KEY:-} # GPG key to encrypt the container with
20 export DIR # Directory path to present the gpg archive to
21 export TMP # Temp directory in memory to decrypt to
22
23 shutdown() {
24 printf '\nRe-encrypting for shutdown\n'
25 tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
26 printf 'Shredding\n'
27 # Shred all files in memory
28 find "${TMP}" -type f -exec shred -n 100 -f -u "{}" \;
29 # Delete the link
30 rm "${DIR}"
31 # Delete the temp dir from memory
32 rm -rf "${TMP}"
33 }
34
35 main() {
36 DIR="${1}"
37 if [ -z "${DIR:-}" ]; then
38 printf 'Directory to decrypt required\n'
39 return 1
40 fi
41
42 if [ -z "${KEY}" ]; then
43 printf 'KEY variable unset. Cannot re-encrypt. Exiting.\n'
44 return 1
45 fi
46
47 gpg --list-keys ${KEY} 2>/dev/null 1>/dev/null
48 if [ $? -gt 0 ]; then
49 printf 'Unknown key "%s". Cannot proceed.\n' "${KEY}"
50 return 1
51 fi
52
53 # Convert DIR to absolute path to avoid cd issues
54 DIR="$(cd $(dirname ${DIR}) && pwd)/$(basename ${DIR})"
55 # Create a temp dir in memory to extract to for safety
56 TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX)
57 # Link!
58 ln -s "${TMP}" "${DIR}"
59
60 if [ ! -f "${DIR}.tar.gpg" ]; then
61 # Tell the user if that encrypted archive does not exist.
62 printf 'Encrypted archive does not exist. Creating.\n'
63 else
64 # Extract the encrypted tarchive if it exists
65 gpg -d ${DIR}.tar.gpg | tar -C "${TMP}" -x
66 fi
67
68 printf 'Do some secure work and press enter to re-encrypt when done\n'
69 read
70
71 shutdown
72 return $?
73 }
74
75 main ${@}
|
