initial commit

README.md

@@ -0,0 +1,22 @@
+# sshencdec.sh
+
+bash script to encrypt data using a users ssh public key.
+
+## examples
+
+### encrypt a file using your own ssh public key
+```
+./sshencdec.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+```
+
+### encrypt a file using the public key of a github user
+```
+./sshencdec.sh -p <(curl -sf "https://github.com/S2-.keys" | head -n1) < plain-text-file.txt
+```
+
+this line fetches the first public key for the github user `S2-` and encrypts the file `plain-text-file.txt` using this key.
+
+### decrypt a file
+```
+./sshencdec.sh -s ~/.ssh/id_rsa < encrypted.txt
+```

sshencdec.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# A POSIX variable
+OPTIND=1 # reset in case getopts has been used previously in the shell.
+
+public_key= #"~/.ssh/id_rsa.pub"
+private_key= #"~/.ssh/id_rsa"
+
+me=`basename "$0"`
+
+show_help() {
+cat << EOF
+usage: $me [-p <public ssh key> | -s <private ssh key>] [-h]
+
+examples:
+    - encrypt a file
+        $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+    - decrypt a file
+        $me -s ~/.ssh/id_rsa < encrypted.txt
+
+$me home page: https://git.e.tern.al/s2/sshencdec
+EOF
+}
+
+while getopts "h?p:s:" opt; do
+    case "$opt" in
+    h|\?)
+        show_help
+        exit 0
+        ;;
+    p)  public_key=$OPTARG
+        ;;
+    s)  private_key=$OPTARG
+        ;;
+    esac
+done
+
+shift $((OPTIND-1))
+
+[ "$1" = "--" ] && shift
+
+temp_file="$(mktemp "${TMPDIR:-/tmp}/$(basename "$0").XXXXXX")"
+trap '{ rm -f "$temp_file"; }' EXIT
+
+if [[ -e "$public_key" ]]; then
+    if openssl rsautl -encrypt -pubin -inkey <(ssh-keygen -f "$public_key" -e -m PKCS8) -ssl > "$temp_file"; then
+        echo "-- decrypt with (openssl base64 -d | openssl rsautl -decrypt -inkey ~/.ssh/id_rsa) < the-text-below.txt"
+        openssl base64 < "$temp_file"
+    fi
+elif [[ -e "$private_key" ]]; then
+    openssl base64 -d | openssl rsautl -decrypt -inkey $private_key
+else
+    show_help
+    exit 1
+fi