update urls

This reverts commit b2df05b763.

README.md

@@ -1,3 +1,48 @@
-# sshenc.sh
+# ![sshenc.sh](logo.png)
 
-Please see [https://sshenc.sh/](https://sshenc.sh/) (or the index.html file in this repository) for instructions.
+**bash script to encrypt data using a users ssh public key**
+
+If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command without installing anything:
+```
+bash <(curl -s https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc.sh) -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt
+```
+sshenc.sh uses openssl under the hood, so you need to have that installed in your path to make it work.
+
+## Install
+```
+curl -O https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc.sh
+chmod +x sshenc.sh
+```
+
+## Examples
+
+### encrypt a file using your own ssh public key
+```
+sshenc.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+```
+
+### encrypt a file using multiple recipients (broadcast encryption)
+```
+sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-text-file.txt > encrypted.txt
+```
+
+### encrypt a file using the public key of a github user
+```
+sshenc.sh -g S2- < plain-text-file.txt
+```
+this line fetches the public keys for the github user S2- and encrypts the file plain-text-file.txt using its key(s).
+
+### decrypt a file
+```
+sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt
+```
+
+## Notes
+[OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1/man1/openssl-enc.html) introduced a not backwards compatible change: the default digest to create a key from the passphrase changed from md5 to sha-256.  
+Also, a new `-iter` parameter to explicitly specify a given number of iterations on the password in deriving the encryption key was added.  
+Before OpenSSL 1.1.1 this option was not available.  
+Since the new parameters are more secure, `sshenc.sh` changed to adopt them, so since 2019-11-26, files encrypted with a previous version of `sshenc.sh` will not decrypt.  
+To do so, use the prevous `sshenc.sh` script, located at [https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc-pre1.1.1.sh](https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc-pre1.1.1.sh).
+
+## License
+[MIT](https://opensource.org/licenses/MIT)

index.html

@@ -11,11 +11,10 @@
 		<title>sshenc.sh</title>
 
 		<!-- Bootstrap core CSS -->
-		<link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
+		<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
 
 		<!-- my own stuff -->
 		<link href="main.css" rel="stylesheet">
-
 	</head>
 
 	<body>
@@ -56,92 +55,26 @@
 		<div class="container">
 			<div class="row">
 				<div class="col-lg-12">
-					<h1 class="mt-5">sshenc.sh</h1>
-					<hr>
-					<p class="lead">bash script to encrypt data using a users ssh public key.</p>
-					<hr>
-					<div class="bd-callout bd-callout-info">
-						If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command without installing anything:<br>
-						<code>bash <(curl -s https://sshenc.sh/sshenc.sh) -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt</code>
-					</div>
-					<p>sshenc.sh uses openssl under the hood, so you need to have that installed in yout path to make it work.</p>
-				</div>
-			</div>
-
-			<div class="row">
-				<div class="col-lg-12">
-					<h2>Install</h2>
-					<hr>
-					<h3>Install locally</h3>
-					<div class="bd-callout bd-callout-info">
-						<code>wget https://sshenc.sh/sshenc.sh<br>
-						chmod +x sshenc.sh</code>
-					</div>
-					<!--
-
-					<h3>Run it from remote every time</h3>
-					If you are
-					<ul>
-					<li>really brave, and</li>
-					<li>want to be sure to run the latest version every time, or</li>
-					<li>maybe don't want/can't install files</li>
-					</ul>
-					you can use an alias that downloads and executes the script every time:<br>
-					<code>alias sshenc.sh='bash <(curl -s https://sshenc.sh/sshenc.sh)'</code>
-					<br>
-					<br>
-					To add it to your environment permanently:<br>
-					<code>echo "alias sshenc.sh='bash <(curl -s https://sshenc.sh/sshenc.sh)'" >> ~/.bashrc</code>
-					<br>
-					Be careful: if you do this you trust https://sshenc.sh/ to always return the same script. It's actually a remote code execution if someone hacks https://sshenc.sh/ or the server becomes malicious.
-					<br>
-					<br>
-					-->
-				</div>
-			</div>
-
-			<div class="row">
-				<div class="col-lg-12">
-					<h2 id="examples">Examples</h2>
-					<hr>
-
-					<h3 id="encrypt-own">encrypt a file using your own ssh public key</h3>
-					<div class="bd-callout bd-callout-info">
-						<code>sshenc.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt</code>
-					</div>
-
-					<h3 id="encrypt-multi">encrypt a file using multiple recipients (broadcast encryption)</h3>
-					<div class="bd-callout bd-callout-info">
-						<code>sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-text-file.txt > encrypted.txt</code>
-					</div>
-
-					<h3 id="encrypt-gh">encrypt a file using the public key of a github user</h3>
-					<div class="bd-callout bd-callout-info">
-						<code>sshenc.sh -p <(curl -sf "https://github.com/S2-.keys" | grep ssh-rsa | tail -n1) < plain-text-file.txt</code>
-					</div>
-					<p>this line fetches the first public key for the github user S2- and encrypts the file plain-text-file.txt using this key.</p>
-
-					<h3 id="decrypt">dedecrypt a file</h3>
-					<div class="bd-callout bd-callout-info">
-						<code>sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt</code>
-					</div>
-				</div>
-			</div>
-
-			<div class="row">
-				<div class="col-lg-12">
-					<h2>License</h2>
-					<hr>
-					<a href="https://opensource.org/licenses/MIT">MIT</a>
+					<div id="md"></div>
 				</div>
 			</div>
 		</div>
 
 
+		<script src="https://cdnjs.cloudflare.com/ajax/libs/markdown-it/8.4.2/markdown-it.min.js"></script>
+		<script>
+			var md = window.markdownit();
 
-		<!-- Bootstrap core JavaScript -->
-		<script src="vendor/jquery/jquery.min.js"></script>
-		<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
+			var xmlhttp;
+			xmlhttp = new XMLHttpRequest();
+			xmlhttp.onreadystatechange = function(){
+				if (xmlhttp.readyState == 4 && xmlhttp.status == 200){
+					document.getElementById('md').innerHTML = md.render(xmlhttp.responseText);
+				}
+			}
+			xmlhttp.open("GET", 'README.md', true);
+			xmlhttp.send();
+		</script>
 
 	</body>
 

main.css

@@ -1,7 +1,5 @@
-.bd-callout-info {
+pre {
 	border-left-color: #5bc0de;
-}
-.bd-callout {
 	padding: 1.25rem;
 	margin-top: 1.25rem;
 	margin-bottom: 1.25rem;
@@ -11,3 +9,9 @@
 	border-left-width: .25rem;
 	border-radius: .25rem;
 }
+
+pre code {
+	font-size: inherit;
+	color: #e83e8c;
+	word-break: normal;
+}

sshenc-pre1.1.1.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+OPTIND=1 # reset in case getopts has been used previously in the shell.
+
+me=sshenc.sh
+
+show_help() {
+cat << EOF
+usage: $me [-p <public ssh key> | -s <private ssh key>] [-h]
+
+examples:
+    - encrypt a file
+    $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+    - decrypt a file
+    $me -s ~/.ssh/id_rsa < encrypted.txt
+
+$me home page: https://github.com/5im-0n/sshenc.sh/
+EOF
+}
+
+cleanup() {
+    rm -rf "$temp_dir"
+}
+
+while getopts "h?p:s:" opt; do
+    case "$opt" in
+    h|\?)
+    show_help
+    exit 0
+    ;;
+    p)  public_key+=("$OPTARG")
+    ;;
+    s)  private_key=$OPTARG
+    ;;
+    esac
+done
+
+shift $((OPTIND -1))
+
+[ "$1" = "--" ] && shift
+
+temp_dir="$(mktemp -d -t "$me.XXXXXX")"
+temp_file_key="$(mktemp "$temp_dir/$me.XXXXXX.key")"
+temp_file="$(mktemp "$temp_dir/$me.XXXXXX.cypher")"
+trap cleanup EXIT
+
+#encrypt
+if [[ "${#public_key[@]}" > 0 ]]; then
+    openssl rand 32 > $temp_file_key
+
+    echo "-- encrypted with https://github.com/5im-0n/sshenc.sh/"
+    echo "-- keys"
+    for pubkey in "${public_key[@]}"
+    do
+        if [[ -e "$pubkey" ]]; then
+            convertedpubkey=$temp_dir/$(basename "$pubkey").pem
+            ssh-keygen -f "$pubkey" -e -m PKCS8 > $convertedpubkey
+            #encrypt key with public keys
+            if openssl rsautl -encrypt -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc; then
+                echo "-- key"
+                openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
+                echo "-- /key"
+            fi
+        fi
+    done
+    echo "-- /keys"
+
+    if cat | openssl enc -aes-256-cbc -salt -pass file:"$temp_file_key" > "$temp_file"; then
+        openssl base64 -A < "$temp_file"
+    fi
+
+#decrypt
+elif [[ -e "$private_key" ]]; then
+    stdin=`cat`
+    keys_enc=$(echo "$stdin" | awk '/-- keys/{f=1;next} /-- \/keys/{f=0} f')
+    cypher=$(echo "$stdin" | sed -e '1,/-- \/keys/d')
+
+    i=0
+    while read line ; do \
+        if [ "$line" == "-- key" ]; then
+            i=$(($i + 1))
+        elif [ "$line" == "-- /key" ]; then
+            :
+        else
+            keys[i]="${keys[$i]}$line"
+        fi
+    done <<< "$keys_enc"
+
+    decrypted=false
+    for key in "${keys[@]}"
+    do
+        if ((echo "$key" | openssl base64 -d -A | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
+            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -d -pass file:"$temp_file"; then
+                decrypted=true
+            fi
+        fi
+    done
+
+    if [ $decrypted = false ]; then
+        >&2 echo "no valid decryption key supplied"
+        exit 1
+    fi
+
+#help
+else
+    show_help
+    exit 1
+fi

sshenc.sh

@@ -1,29 +1,33 @@
-#!/bin/bash
-
-OPTIND=1 # reset in case getopts has been used previously in the shell.
+#!/usr/bin/env bash
 
+# --- constants
 me=sshenc.sh
 
 show_help() {
 cat << EOF
-usage: $me [-p <public ssh key> | -s <private ssh key>] [-h]
+usage: $me [[-p <public ssh key> | -g <github handle>]| -s <private ssh key>] [-h]
 
 examples:
-    - encrypt a file
-    $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
 
     - decrypt a file
     $me -s ~/.ssh/id_rsa < encrypted.txt
 
-$me home page: https://sshenc.sh/
+    - encrypt a file
+    $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+    - encrypt using a GitHub users public SSH key (requires curl and bash 3.2)
+    $me -g foo < plain-text-file.txt > encrypted.txt
+
+    - encrypt using multiple public keys (file can be read by any associated private key)
+    $me -g foo -g bar -p baz -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+$me home page: https://github.com/5im-0n/sshenc.sh/
 EOF
 }
 
-cleanup() {
-    rm -rf "$temp_dir"
-}
-
-while getopts "h?p:s:" opt; do
+# --- process option parameters
+OPTIND=1                           # reset in case getopts has been used previously in the shell
+while getopts "h?p:s:g:" opt; do
     case "$opt" in
     h|\?)
     show_help
@@ -33,49 +37,99 @@ while getopts "h?p:s:" opt; do
     ;;
     s)  private_key=$OPTARG
     ;;
+    g)  github_handle+=("$OPTARG")
     esac
 done
 
-shift $((OPTIND -1))
-
+shift $((OPTIND -1))               # pop the processed options off the stack
 [ "$1" = "--" ] && shift
 
+# --- setup environment
+
+# data cache files
 temp_dir="$(mktemp -d -t "$me.XXXXXX")"
-temp_file_key="$(mktemp "$temp_dir/$(basename "$0").XXXXXX.key")"
-temp_file="$(mktemp "$temp_dir/$(basename "$0").XXXXXX.cypher")"
+temp_file_key="$(mktemp "$temp_dir/$me.XXXXXX.key")"
+temp_file="$(mktemp "$temp_dir/$me.XXXXXX.cypher")"
+
+cleanup() {
+    rm -rf "$temp_dir"
+}
 trap cleanup EXIT
 
-#encrypt
+# os specific configuration
+case "$(uname -s 2>/dev/null)" in
+    Darwin)
+        if [[ -n $(openssl version | grep -Eo "LibreSSL [2-9]") ]]; then
+            openssl_params=''
+        else
+            echo >&2 "Install openssl 1.1.1 or higher and add it to your \$PATH"
+            echo ''
+            echo '    brew install openssl'
+            echo '    echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile'
+            echo '    source ~/.bash_profile'
+            echo ''
+            exit 1
+        fi
+    ;;
+    *)
+        openssl_params='-pbkdf2 -iter 100000'
+esac
+
+# --- retrieve ssh keys from github
+if [[ "${#github_handle[@]}" -gt 0 ]]; then
+    if ! which curl >/dev/null ; then
+        >&2 echo "curl command not found"
+        exit 1
+    fi
+
+    OLDMASK=$(umask); umask 0266
+    for handle in "${github_handle[@]}"
+    do
+        curl -s "https://github.com/$handle.keys" | grep ssh-rsa > "$temp_dir/$handle"
+        if [ -s "$temp_dir/$handle" ]; then
+            key_index=0
+            while IFS= read -r key; do
+                printf "%s" "${key}" > "$temp_dir/$handle.$key_index"
+                public_key+=("$temp_dir/$handle.$key_index")
+                key_index=$((key_index+1))
+            done < "$temp_dir/$handle"
+        fi
+    done
+    umask "$OLDMASK"
+fi
+
+# --- encrypt stdin
 if [[ "${#public_key[@]}" > 0 ]]; then
     openssl rand 32 > $temp_file_key
 
-    plaintext=`cat`
-
-    echo "-- encrypted with https://sshenc.sh/"
+    echo "-- encrypted with https://github.com/5im-0n/sshenc.sh/"
     echo "-- keys"
     for pubkey in "${public_key[@]}"
     do
         if [[ -e "$pubkey" ]]; then
-            echo "-- key"
             convertedpubkey=$temp_dir/$(basename "$pubkey").pem
             ssh-keygen -f "$pubkey" -e -m PKCS8 > $convertedpubkey
             #encrypt key with public keys
-            openssl rsautl -encrypt -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc
-            openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
-            echo "-- /key"
+            if openssl rsautl -encrypt -oaep -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc; then
+                echo "-- key"
+                openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
+                echo "-- /key"
+            fi
         fi
     done
     echo "-- /keys"
 
-    if echo "$plaintext" | openssl enc -aes-256-cbc -salt -pass file:"$temp_file_key" > "$temp_file"; then
-        openssl base64 < "$temp_file"
+    if cat | openssl enc -aes-256-cbc -salt $openssl_params -pass file:"$temp_file_key" > "$temp_file"; then
+        openssl base64 -A < "$temp_file"
     fi
 
-#decrypt
+# --- decrypt stdin
 elif [[ -e "$private_key" ]]; then
     stdin=`cat`
     keys_enc=$(echo "$stdin" | awk '/-- keys/{f=1;next} /-- \/keys/{f=0} f')
     cypher=$(echo "$stdin" | sed -e '1,/-- \/keys/d')
+    install -m 0600 "$private_key" "$temp_dir/private_key"
+    ssh-keygen -p -m PEM -N '' -f "$temp_dir/private_key" >/dev/null
 
     i=0
     while read line ; do \
@@ -89,13 +143,12 @@ elif [[ -e "$private_key" ]]; then
     done <<< "$keys_enc"
 
     decrypted=false
-    for key in "${keys[@]}"
-    do
-        if ((echo "$key" | openssl base64 -d | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
-            if echo "$cypher" | openssl base64 -d | openssl aes-256-cbc -d -pass file:"$temp_file"; then
+    for key in "${keys[@]}"; do
+        if $(echo "$key" | openssl base64 -d -A | openssl rsautl -decrypt -oaep -inkey "$temp_dir/private_key" >"$temp_file_key" 2>/dev/null); then
+            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -d $openssl_params -pass file:"$temp_file_key"; then
                 decrypted=true
-            fi;
-        fi;
+            fi
+        fi
     done
 
     if [ $decrypted = false ]; then
@@ -103,7 +156,7 @@ elif [[ -e "$private_key" ]]; then
         exit 1
     fi
 
-#help
+# --- help
 else
     show_help
     exit 1

tests/id_rsa-1

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAm6z7s+JUxR/aWCMhgzOD7uVpy/gSitupO9VuP6qdtACSK86E
-dd6Rq3VImeC/3C8pREDmv5qpaHO42ggucebXc3Rl+42uWwXloHXzDIVcYb6AdUWr
-G6UcNZ9k44quzV9SyhrZMi9xHmOQGVspLR4rl/SNNRwBoaQndS+KvdbOmtjMo1wY
-U/CF8pIHDd46WK7BeGAuTVyR3s91YtE3LNz3R8Xf7x9aEy1XPEyPpLvlSt4YqcoI
-saGU+U24KZmyVXTYvXvUXHKczRhmZH01zUs/BnwQbmq0rboH/ivm3DgWoZYztJjw
-UdwmQUbRF2XlWguvkhXW4uLg7NaWhoX4qhkutQIDAQABAoIBADss9kDat/52rTjz
-obmNy4j0C9NM6T9/YEUuTEpHQMs7rFSanB9yC01xt7dGh6fbBYS8ZvpOgDcERjAb
-DAygAyYQCPQmVzCifTcRnuITj5pYH9x0LybDDIYVoPQds3S912qb6hP5lLZIgm4h
-CPXtkgShIUwe6T/YdmdFOygOj1qsltLRBfO9oOifM87F62Lf3pE4RnOGTeZqYqBA
-RrGtor2eDqUm4qINdjYff2yHAkoYFCXDD37w2e66Lpp7RK4ylGH8uVzi26hW6bKd
-Tb03Og+YwbY3H7iE3V8olZnxwB3yeBwUlCAMtVUPYKcvlxoxAnDU9jmYcAexmff6
-guqBC8ECgYEAyt+u8icaW9bzH+9DWS4atEP35d6LXVlsHI/TKUkBCMUWYr8Orpjo
-JJ9sxn3CngO+cBOWQZrQqc/JgFPFswVnLKLDbzQkwA03MTofn2Zyuu1qXLol6oqG
-K+6385VgB1+xu0S32eGRGWuT/wwTLQQkyI+RM7cPdZ9MJSQ5KDdd0KcCgYEAxHE4
-0KDhIfy1dwG7VH93l6JVS8OwzM54Ip8BmaA9DskMbIxpYD8UHbHccLxdQdc2Xcxi
-6W6ctOiHXpcVR7lfCHX2GZcpRgbh2CvF/WJa/V5sxsmNZtUOedxsAmCVCauWTy7N
-ryLX5tX6nN6ZRfbI2S4DVOw1pITu4rwG0wb/NUMCgYAl5ux0aUHPbrU1fioC+04Z
-56jk1VMMOaytGWHGENGUpd2szS0dCYw1a2OTIeO+SczGe6JS122sjBmFVCFXdOb1
-u+LvX7qN9uoc1FMcILPGoJyCfnSfAQpYIt1TMNEkD4jRB+GhXzcQnLylpcffXSrS
-HaBvHQBSZVSAi+fxz4ZDeQKBgFJEcFy+40nOgViDeyZZ84WnUD1YiNRcq2ckXBEw
-UCG/BNr4urC5+fytnfoAiLWoIXaKv+mujyYcM4TjlN/iu+/ZJuV0rq5K944GVvZU
-mHJ/duKRSgyEsXlLXFhqhj/0ghBLM4xi9TQQ7NGBT4NDZL2/TVnlSlnJ6hk+UUVT
-KtHtAoGBAI42TZgJn0+ZZKFruBXI0JdLj3y++cN2PgKqHpgdaip2/ANwSNCmm4VL
-12AkPsvYOQ/BfC12jyTebuPMUre4BFkbkBaFQ/j8r/8zY+JkF7tiAMeeHRJiFsdW
-XcRIy1nNcPbyqXSdyngIYj8Cjv/h5vbS9WvtjdzwoXsGt124eX3L
+MIIEpAIBAAKCAQEA+LbOiD+g7hbpAyFQGXpOjzhoU/v60G6pTbGOScO2P3U24ddv
++X8rDN7hvCPdXkMJWnJSIPsT9Xu6I2DmCFW4F2hDdTPHTTz799Kp3xPnvXUJGZb7
+CdpwyvWxx83lCpPTIe5NGMDxn16R6k++pya4Gd0dMiKVGlC1OB5P3/z1Sgx8wqpF
+m/ebZhIfR8fyNYi8z5Kt/SrB7bkHXAskQuNPZwc+a9riApMQRDcBcLgEywvskc35
+qyEJ/8dtumq+OhTRo8qjJObRG3tgJp7tAYJ9x+yxN8R38RzNEfTdmsIeZe42RFxz
+G+kEYAYmDso6ntFGFpm0R8IuF/CFhjzJI63ZMwIDAQABAoIBAAdpYzQ6OTB/LEh0
+mK95rpekBa/jBXFqqs7u6J+YHnk7o/wM8IBN4tmKVs3Ff9ZMRx4T5BCpism4+y4M
+uC4tZ8QCzmfSuDC8DYIwG/HS5QgHUdMaZbbAdLYHplme8CFlkFglgtSnA0xNhCmo
+YLUYeUoEBde1oh3bo9rdRGIXZrPjJlZIuAGhTV1bMBLbdF0Ha2jeKXnIeMNAu9mu
+/Czz7zI4cdWlA0ubmkxoEz/wrC28ZqOJsRT2pyMR/SmBaeAKUfalgs4m8zHXrH4m
+gp+G3c9u2hxH7U1P6kEW2Rzo7WRHh0yOKl4FRPOS5s5d3JiZin24Q+pPBWi38YHw
+jObm1VkCgYEA/7BHkk0/9smIkwYp/JNnCx4eh+H/F/thWRx5T/T0OI9ORZZ7ps2d
+zuOTYkx3iN+6SXPIasNfdcbERwyfiF4Wwm/h8gtz0gsVAi8mrVCVjzuAFclrhFBi
+LkvXRDRLxYictc93IZLgpqAUuAKUPSBR+YbSA3/cbs/1LYhIxx1UKVcCgYEA+QRa
+RfDSxv/S5YQi+ihi6iayGtclkAdhoRXoXF+/GCIXmtZPP1Hwrgq7hfjf3LvsQ043
+SZvlOD2VaAXveEHyhhjYHc8ooNgvAdcXrBb5E/+Oned1+aBOqrOer9jCVY93kgKp
+8wB+mrkD3MaFCVypGg+/Fkr8dgqXCZ8LGUxAOYUCgYEA44YryiZvut2PaLVde2J3
+mU8OAAC9DMwmzjMmSF5DTGlJT2cfVUk3Gjksl5ZP8D6V+HLNbyO3uIhNdKPo+mIv
+gooo10gVol02LqFim2tQCwr5aWm5AR6+n0/hmNGoc3ijaq3Y5slamytsBGpXGyW9
+jHvKOk73CqyHEiNqD7UrhTUCgYEAqUQwKMKeQ+65aJH9RJYXRpqvDleYjOK3lkvR
++piKyNjDuthaXexQ8b0R4utdICoNW2LbagmyMhyKZn9CXDhXppdUsE6Ui2Dn8xRG
+Xw/ul41rYCJpqxkw4A/gmh95Wbd/y5xL8YYwiPOikHvRCqAVwkVZ2sl1+rcQG9Yk
+MToHnhECgYAsMy/TwgwltU1Dzz5r/BGAR3790h2jyN6dtKl10xALPzfAFx2Lvaet
+EPFTO9AfUp+t4ca509XuiltRi8CJyoD366jXyELMSoZ0l+K9sO5J6SoE2gYWOwFN
+/9CuKpTv38/BEeu5S6Ta7e/y10qNwDzGMCAvc/nhtgjUIFSDcGgSzQ==
 -----END RSA PRIVATE KEY-----

tests/id_rsa-1.pub

@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbrPuz4lTFH9pYIyGDM4Pu5WnL+BKK26k71W4/qp20AJIrzoR13pGrdUiZ4L/cLylEQOa/mqloc7jaCC5x5tdzdGX7ja5bBeWgdfMMhVxhvoB1RasbpRw1n2Tjiq7NX1LKGtkyL3EeY5AZWyktHiuX9I01HAGhpCd1L4q91s6a2MyjXBhT8IXykgcN3jpYrsF4YC5NXJHez3Vi0Tcs3PdHxd/vH1oTLVc8TI+ku+VK3hipygixoZT5TbgpmbJVdNi9e9RccpzNGGZkfTXNSz8GfBBuarStugf+K+bcOBahljO0mPBR3CZBRtEXZeVaC6+SFdbi4uDs1paGhfiqGS61 ssantoro@SSANTORO-PC1
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD4ts6IP6DuFukDIVAZek6POGhT+/rQbqlNsY5Jw7Y/dTbh12/5fysM3uG8I91eQwlaclIg+xP1e7ojYOYIVbgXaEN1M8dNPPv30qnfE+e9dQkZlvsJ2nDK9bHHzeUKk9Mh7k0YwPGfXpHqT76nJrgZ3R0yIpUaULU4Hk/f/PVKDHzCqkWb95tmEh9Hx/I1iLzPkq39KsHtuQdcCyRC409nBz5r2uICkxBENwFwuATLC+yRzfmrIQn/x226ar46FNGjyqMk5tEbe2Amnu0Bgn3H7LE3xHfxHM0R9N2awh5l7jZEXHMb6QRgBiYOyjqe0UYWmbRHwi4X8IWGPMkjrdkz s2@silver

tests/id_rsa-2

@@ -1,27 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxSK0G1uxhG4QNJhfircl9G4j2aERZj9mSVFSdua0sE1Itjiq
-lhz1j9Wy6Y03GfJeX3B+zDpocD150VRNWuHExGrr+BnrCs87BK95ncX3rxvybEKm
-DDYa7kIZXRrlL/LIDQagrSA/vY/Qx7SpEv9d5+LVzRQoAltia2tRZcwgCuKFVlSu
-0Q9BhLu0GcT4M6JB88+v05sdXTIUnH+zYxW42IoLRyNYw3CiIoh2yruIZH2qEOyV
-7bdy+W2lXM5+8ZrwLa90Yx9W4ELMyJki0OKIeqtyFLPeSlAbv3vjAI0TWh379jTg
-4W6vzSgIecljk5B1WI43fHKGQXzaWiXHbqM0VwIDAQABAoIBADi1vAQmw5FqLCVF
-NC7ucu+3A38ms5+rW1x6FXP4+D/Da8hn0sLuP8IJ4rcHFbPUIkvoS8Gqh8LKHJIY
-Y0xiqD0s2Qb9Rb1NUhgN9rlpatAoBPwZzDS1F9g0kaFUDFxXxi7hGjXTkiKRDal1
-kjHR3ozHl2OwibXr3gsyyy6yowEeGRGugCUUE3rRHArCLWjUxh2GB0xIOIwX6rFO
-mIhHSwa4cgDg6vHmYz1wXLra6Qfitsulv+X2D6wqxjptrMxq4t3CC2sbrkIi900E
-DSxd8u0Z6aQVaTB16GpwNjLxAe47iahN/LmEOGUaT1W0b4QMhdYQH8kcWbK4SUbW
-OTG9YzkCgYEA9wyiiyE1KJzhIKpKmfF94aVpay3XOQ1Q36J3f5GwWyDkSGv4BYoi
-KPaPbh7vGmaBiiyRyYwPyf324VzjRwkLSzvZ9dJYoCxHesQUzgmfUIXjKoKAup53
-5pVD9TApu0zmvfW+sBsmaI4rs/gerIA9REIiAJHaQKYXqMnQg25SHU0CgYEAzEcf
-Klwb3XkVgnNDdBfGIHtstPd2IPNOoJlHk5qmGvpJGoQd89J05jYfGzrzVZSQH6SG
-9mzYJ51RAuhAnKzOK6oH4fkyBYDCeU0apS+dEKwVfeZRwXU+PXF4n31g39X1IPj8
-EBxfTx4IuLeot1A2Jfxdmxjei2MgDPsi+65t1jMCgYBXYD2g7ZbKjWnGTtRhzBqU
-kxdM1AK55+7Bmcmf8dwo7uIuhxlKhEd+q22hKgmxEa4hO5A4c3QmIc+Od3be6eD3
-s+xr2ACGbgK99dnR4W9aYHAu2cdDucZ4ZDSL5IPt/c3iQ6c0y/Vyp03nsgrPQe/p
-U2aJQwypLtVRWkeIJJ2gRQKBgQCt8xZP3PWBh71QQ1S6RBBb0p5ED8GQ138p9Lxl
-rbgqmtyrbruOx7Tx4D5m0rEpPAPqXhDrQM5kFWtJvXpfsCs0NWrW+3ukAfwYjRbW
-eRAXhWIbvof55Bum+LxNm9dlY+2EMWF7Wp2yYpHsscBCsVQazqbrDqdbLIK7axNk
-HCm9zwKBgQDLuCZgEUDyftmrtoejpo4To/AHTpak1iFCJlq57D60bUoBD+eV0EFr
-S1AIJVHHnMp28V8X0zbpSg/ozV7gyQj9KI5AHkQ6S2RgxHQBGSXMSrtKLmV+toyf
-OnC8uZiPto1/0Nr6/Wzg1ykWHA21OE6XERbgm8kvKU0s/wlwuXcrcQ==
+MIIJKAIBAAKCAgEAzdjMULAvaKvZegHt9YDSQYF/dVHYqDHH5GYgnafDIQoyHyhe
+Xz/fUa/lrH+AU3yPQ2FUIBwtX0L6ksjdjg3RkTEFSGnRPmpdiELOjFqqZ02Lvoy0
+q5QY5Xubbva5FeTvh+DwXyj6Qjprry+R/exKbcsU1X4lxBbRQQrnEYRKhzXO6rQ5
+cpH6FTWGkY0eazlw7AqaVEPoO7haAa/KoG/vVY+GPz3Yqoj/bFiqcNNUBYAiU/Oa
+JiRVu7t/5L5eb7QDoSbqI0R27s1PhVCJfampYhQj8xFFOQd4ejVFix71WQO1z+lC
+SmCq0nkkUIYNlNm9oLmnTBAUxAuDFljeucolqa8pDhbBLQAQXzivNgkPRpoAavav
+li7m/CgjxfVFnbANf45+21XTOjfyHy1jHSdZ85bNKPccPSoCHcmA53GpQpf19QlR
+6L8M7MOqZ/ENNFVf12ktEfEb7g6i2OWJJLYFmQ+xq4d3WthSytYfK6qoLb3sE1X3
+bYGvjurBbqZWwmsajEmsYmDk58+l53fWA+tsYRF0bVKDrT4rYJuJai34ax/iJfef
+Tg8cspO5VgyhW509y+avMA7Sl3pKWn5wCXNYwRbAM3UcZD6MfX/koJgzl5okgOVK
+FDqirDykCX3KxL1pZrUeN9eeRPk4Uowa+W+roV9MhB9sLHammM8SyF4522UCAwEA
+AQKCAgBugqWt6+iH2Tq4NbD6zF4UrOEwqvAV3CPkiq+X9Cjd5Atkjtebaz8JK9Wx
+9gF+0LBZDDeNxZLWQa8kfpHzYZfQyvB7H9QmHhR4wuUAlOxG6WrMsd2M/8Ud7m5T
+9EEJcA7oc+qYK/eu9o45TuCh4elTaGOW+lJsI5PTx3amAM/CJzEe8AKnb5dDK6lD
+Gu/pwLzO/CI+evaCmUY5AZdW6sEivhrkeN+JLmNyV2episrg6RmE2JM5RuiAEPlo
+ZItujMYmDi5FIMx5B+BZQhOOUzeMYCOsquju5QPZGCBtwAEX+NXy+NeN9re+pyrH
+0DAaaYtUbldSjo+XcFa/+JYaSFxO9hBQNEBS71RVy2bi1ESo/rF7BZxM41DB9k+R
+0ta+QcUCEO5pS1xY54mn6lvFm9P+ILbP4RKmjreo9hhtZtBROylPxlPh0bf2TLEf
+2FDb4LLrGm9eppaXuvE6KvLcHJoouhCg2B4nT8+LH+zM3GPneezmtSYpG7Fnq6Cx
+QsmTVh7fw7ZTmyX/LgoMFEkKiHlcvkN6VoFdoodrT+OX4QGDJ7/LyXOJo1A5DAkx
+/NxeW2SESAcaf1ncjbAZKAMXvfTdPLOZQnYlK/VJ8h27XpDCnBOKjz0sS51Y5EA3
+7HPCoZm/P0LoUXvjQ4EQH/u3IWSnZD7TPb7KxxJ49dKoqCsUAQKCAQEA7NJTMq5I
+T1VNh67oWHFty1WfHq2eMqqJr2L70w0oPzjHf4utVsZVSR10upckwbGmBV0zyA+l
+SQ/ul5jGrUq75eoofm2QogkAMqYleVUvR3HjjM7mBEwm3+/DQdqE8TUc/1pJ/ThT
+cc6tMoFDwkXzlkn2OeNqPdkKbvJX+FRyM2zlZ1se0y+tZgn/tqZYBhG5kXSGTXE5
+CvLsYo5Q3bYlxp+yeLX+WAiOhkzy5XHUHihtd6hdrojuMZTzqL8bF4B3MXKM5dc2
+ost88ZFy81iCvADs8e8qd8QvDChWi1ZQAJ4XucVjpyyF6Jxqw4meS5t+bMnUF8Ks
+WsAq2OBCZnom8QKCAQEA3oRR2ZesHUtjavFMcdBGcoFlz7BXrrhGpcuOoJYqheDq
+MNLbnmIyUlkm3la9M8Lj0+AQBMWGDpgjdAVwhJbt/WhFROYlx9f6CXQpQMPdHLkh
+SFOC9hY46QRsKio1BMxBPiQx3K0pwhYFxxDy5oP1t7mgEDn6K8eXeyp/i7QnPbdF
+in66wNyAd0dt/ru6q3d81gejxlrVupOB6BROBEl1XH9tfcCLCamlax9VfP8igb16
+DLAwgplR6qsbdEccOCEzTKzWA3VRrqdY+olUjdVeWX7qqSQ61vBiZuZdSepGtsRR
+Pp69dMAPZY/FjKS+7k8rnSHGSlqf2RjWcYOtPN+DtQKCAQEAnIvkB2qBzj97Qqfy
+WxSQGYt95c+q9Z8Z6OAryzW1VyV3au6wJN5yXiSklvt2hruiHYWgxyzge82WUIvj
+OYZfcvo4zmoq45HDmbeOqggPetDkNJ5IGqskP3/EuPF0U+ZiRsIuir8DGgYfI3Wj
+jvaisMQvidC02DFy3ihA0p0v6KKhepMXa07m9r7BVMHdChYJbwdyCBtCM+SlMfkV
+p5nSmtvSJE1Z1mPBozGWlumJ6G2c/y5Czy8hFZF7CB9cD0sSf5NTZFPBgBe3fhBB
+xm7J7PFHsB4DGqyK1SSNIQprVB0tXdYHq+iYlE1hneSIyT3+cndwRkyfllXVfQux
+mQBCYQKCAQBWRxIBf5jBxxBmT+dnHe2iyl9ylxp4aYUjFflYdMFKJbpIcgmrsMF4
+Qo8amKFF56Q06+TqJLhlAkKE4vMMxgTDQ+HP5Djz8t9FOSAht5ANag7on1DhIB6y
+4v8ZnkHueVA2ywv2V8IgOi/FTuIP1Uy6DyRsBj7lKL+ohwLrZU/t0xkIqTi6PQUm
+urCAm8O2Zl8mEdJDv8atUDKHjQ/vA5iY4+PNZZHDjl7QWVbpX3e+vHwNXWeBy/cC
+OZQsksHzVZQxf7Z/osaoJMUQZ508XWX254oPSTfzTUOqSFoVpdwDU714vU4SbcHK
+jGN5tAtAFbyAca8T922RXNsRKpBKURQdAoIBAHSZpK6NceBpAkDfnO6z+wemWiF7
+R3PT/A2gDKyQqoWR8Skvtxu1d6MyzaBABRIW2Lfxg4UF0FG7ju1DPg0h8FkEeiD3
+nWmc3b8wXXw7WkuDHyJhWxGxhoSETu3BA508eIHGmz3Fr1lUjwoPwIfI5IP6jGJ+
+IJ2dgYP5dq/g8JMyYZ1zO2mXb/pN3ZffUN5T74zk4tQdN6mH903SAO/6ZzTWHD6F
+PncbEWvQKzXuYwcciHA+5jAau3CKucbVaLNOaEHvgq4qX44682chztZQBKXExd4d
+1+iuOV1bjOOG6xcTea+bafmqx30wAa9JSI3n4l1QBxWjCU1VErGnG0ZMf9U=
 -----END RSA PRIVATE KEY-----

tests/id_rsa-2.pub

@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFIrQbW7GEbhA0mF+KtyX0biPZoRFmP2ZJUVJ25rSwTUi2OKqWHPWP1bLpjTcZ8l5fcH7MOmhwPXnRVE1a4cTEauv4GesKzzsEr3mdxfevG/JsQqYMNhruQhldGuUv8sgNBqCtID+9j9DHtKkS/13n4tXNFCgCW2Jra1FlzCAK4oVWVK7RD0GEu7QZxPgzokHzz6/Tmx1dMhScf7NjFbjYigtHI1jDcKIiiHbKu4hkfaoQ7JXtt3L5baVczn7xmvAtr3RjH1bgQszImSLQ4oh6q3IUs95KUBu/e+MAjRNaHfv2NODhbq/NKAh5yWOTkHVYjjd8coZBfNpaJcduozRX ssantoro@SSANTORO-PC1
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN2MxQsC9oq9l6Ae31gNJBgX91UdioMcfkZiCdp8MhCjIfKF5fP99Rr+Wsf4BTfI9DYVQgHC1fQvqSyN2ODdGRMQVIadE+al2IQs6MWqpnTYu+jLSrlBjle5tu9rkV5O+H4PBfKPpCOmuvL5H97EptyxTVfiXEFtFBCucRhEqHNc7qtDlykfoVNYaRjR5rOXDsCppUQ+g7uFoBr8qgb+9Vj4Y/PdiqiP9sWKpw01QFgCJT85omJFW7u3/kvl5vtAOhJuojRHbuzU+FUIl9qaliFCPzEUU5B3h6NUWLHvVZA7XP6UJKYKrSeSRQhg2U2b2guadMEBTEC4MWWN65yiWprykOFsEtABBfOK82CQ9GmgBq9q+WLub8KCPF9UWdsA1/jn7bVdM6N/IfLWMdJ1nzls0o9xw9KgIdyYDncalCl/X1CVHovwzsw6pn8Q00VV/XaS0R8RvuDqLY5YkktgWZD7Grh3da2FLK1h8rqqgtvewTVfdtga+O6sFuplbCaxqMSaxiYOTnz6Xnd9YD62xhEXRtUoOtPitgm4lqLfhrH+Il959ODxyyk7lWDKFbnT3L5q8wDtKXekpafnAJc1jBFsAzdRxkPox9f+SgmDOXmiSA5UoUOqKsPKQJfcrEvWlmtR43155E+ThSjBr5b6uhX0yEH2wsdqaYzxLIXjnbZQ== s2@silver

tests/sometext

@@ -0,0 +1 @@
+hello!

tests/test.sh

@@ -0,0 +1,51 @@
+sshenc=../sshenc.sh
+#to test the pre OpenSSL 1.1.1 script, uncomment the line below:
+#sshenc=../sshenc-pre1.1.1.sh
+
+cleanup() {
+    rm -rf "$temp_dir"
+}
+
+trap cleanup EXIT
+
+temp_dir="$(mktemp -d -t "sshenc.sh.XXXXXX")"
+tempfile="$(mktemp "$temp_dir/sshenc.sh.XXXXXX.cypher")"
+plaintext=$(cat sometext)
+
+echo -n 'testing multiple pubkeys: '
+$sshenc -p id_rsa-1.pub -p id_rsa-2.pub -p id_rsa-3.pub < sometext > $tempfile
+
+for i in {1..3}; do
+    cyph=$($sshenc -s id_rsa-$i < $tempfile)
+    if [ "$cyph" == "$plaintext" ]; then
+        echo -n "key$i: ✓ "
+    else
+        echo -n "key$i: ⛝ "
+    fi
+done
+echo
+
+echo -n 'testing encryption with a single key: '
+$sshenc -p id_rsa-1.pub < sometext > $tempfile
+cyph=$($sshenc -s id_rsa-1 < $tempfile)
+if [ "$cyph" == "$plaintext" ]; then
+    echo -n "✓"
+else
+    echo -n "⛝"
+fi
+echo
+
+echo -n 'testing encryption of a binary file: '
+$sshenc -p id_rsa-1.pub < ../logo.png > $tempfile
+$sshenc -s id_rsa-1 < $tempfile > $temp_dir/binary
+diff ../logo.png $temp_dir/binary
+retval=$?
+if [ $retval -eq 0 ]; then
+    echo -n "✓"
+else
+    echo -n "⛝"
+fi
+echo
+
+echo
+echo done.