blob: bcb974db4999158375f4fff6246400c6a6f11899 (
plain)
1 #!/usr/bin/env bash
2 # GPGSecure is a shell script that manages GPG encrypted archives
3 # Copyright (C) 2018 Aaron Ball <nullspoon@oper.io>
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18
19 export KEY=${KEY:-} # GPG key to encrypt the container with
20 export DIR # Directory path to present the gpg archive to
21 export TMP # Temp directory in memory to decrypt to
22
23 trap shutdown SIGINT SIGTERM SIGKILL SIGQUIT SIGHUP
24
25
26 shutdown() {
27 tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
28 # Shred all files in memory
29 find "${TMP}" -type f -exec shred -n 100 -f -u "{}" \;
30 # Delete the link
31 rm "${DIR}"
32 # Delete the temp dir from memory
33 rm -rf "${TMP}"
34 sync
35 exit
36 }
37
38 writeback() {
39 while [ 0 ]; do
40 printf '%s Syncing back to encrypted storage\n' "$(date '+%F %T')"
41 tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
42 if [ $? -gt 0 ]; then
43 printf 'WARNING: Something went wrong syncing back to encrypted storage\n'
44 printf 'Your data is likely in danger.\n'
45 printf 'If you see this message more than once, take a manual backup\n'
46 fi
47 sleep 15
48 done
49 }
50
51 main() {
52 DIR="${1}"
53 if [ -z "${DIR:-}" ]; then
54 printf 'Directory to decrypt required\n'
55 return 1
56 fi
57
58 if [ -z "${KEY}" ]; then
59 printf 'KEY variable unset. Cannot re-encrypt. Exiting.\n'
60 return 1
61 fi
62
63 gpg --list-keys ${KEY} 2>/dev/null 1>/dev/null
64 if [ $? -gt 0 ]; then
65 printf 'Unknown key "%s". Cannot proceed.\n' "${KEY}"
66 return 1
67 fi
68
69 # Convert DIR to absolute path to avoid cd issues
70 DIR="$(cd $(dirname ${DIR}) && pwd)/$(basename ${DIR})"
71 # Create a temp dir in memory to extract to for safety
72 TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX)
73 # Link!
74 ln -s "${TMP}" "${DIR}"
75
76 if [ ! -f "${DIR}.tar.gpg" ]; then
77 # Tell the user if that encrypted archive does not exist.
78 printf 'Encrypted archive does not exist. Creating.\n'
79 else
80 # Extract the encrypted tarchive if it exists
81 gpg -d ${DIR}.tar.gpg | tar -C "${TMP}" -x
82 fi
83
84 writeback
85 shutdown
86 return $?
87 }
88
89 main ${@}
|
