update urls

This reverts commit b2df05b763.

README.md

@@ -1,15 +1,16 @@
-# sshenc.sh
+# ![sshenc.sh](logo.png)
-> bash script to encrypt data using a users ssh public key.
+
+**bash script to encrypt data using a users ssh public key**
 
 If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command without installing anything:
 ```
-bash <(curl -s https://sshenc.sh/sshenc.sh) -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt
+bash <(curl -s https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc.sh) -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt
 ```
 sshenc.sh uses openssl under the hood, so you need to have that installed in your path to make it work.
 
 ## Install
 ```
-wget https://sshenc.sh/sshenc.sh
+curl -O https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc.sh
 chmod +x sshenc.sh
 ```
 
@@ -27,14 +28,21 @@ sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-tex
 
 ### encrypt a file using the public key of a github user
 ```
-sshenc.sh -p <(curl -sf "https://github.com/S2-.keys" | grep ssh-rsa | tail -n1) < plain-text-file.txt
+sshenc.sh -g S2- < plain-text-file.txt
 ```
-this line fetches the first public key for the github user S2- and encrypts the file plain-text-file.txt using this key.
+this line fetches the public keys for the github user S2- and encrypts the file plain-text-file.txt using its key(s).
 
-### dedecrypt a file
+### decrypt a file
 ```
 sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt
 ```
 
+## Notes
+[OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1/man1/openssl-enc.html) introduced a not backwards compatible change: the default digest to create a key from the passphrase changed from md5 to sha-256.  
+Also, a new `-iter` parameter to explicitly specify a given number of iterations on the password in deriving the encryption key was added.  
+Before OpenSSL 1.1.1 this option was not available.  
+Since the new parameters are more secure, `sshenc.sh` changed to adopt them, so since 2019-11-26, files encrypted with a previous version of `sshenc.sh` will not decrypt.  
+To do so, use the prevous `sshenc.sh` script, located at [https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc-pre1.1.1.sh](https://raw.githubusercontent.com/5im-0n/sshenc.sh/master/sshenc-pre1.1.1.sh).
+
 ## License
 [MIT](https://opensource.org/licenses/MIT)

index.html

@@ -64,13 +64,16 @@
 		<script src="https://cdnjs.cloudflare.com/ajax/libs/markdown-it/8.4.2/markdown-it.min.js"></script>
 		<script>
 			var md = window.markdownit();
-			fetch('README.md')
+
-			.then((r) => {
+			var xmlhttp;
-				return r.text();
+			xmlhttp = new XMLHttpRequest();
-			})
+			xmlhttp.onreadystatechange = function(){
-			.then((r) => {
+				if (xmlhttp.readyState == 4 && xmlhttp.status == 200){
-				document.getElementById('md').innerHTML = md.render(r);
+					document.getElementById('md').innerHTML = md.render(xmlhttp.responseText);
-			});
+				}
+			}
+			xmlhttp.open("GET", 'README.md', true);
+			xmlhttp.send();
 		</script>
 
 	</body>

sshenc-pre1.1.1.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+OPTIND=1 # reset in case getopts has been used previously in the shell.
+
+me=sshenc.sh
+
+show_help() {
+cat << EOF
+usage: $me [-p <public ssh key> | -s <private ssh key>] [-h]
+
+examples:
+    - encrypt a file
+    $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+    - decrypt a file
+    $me -s ~/.ssh/id_rsa < encrypted.txt
+
+$me home page: https://github.com/5im-0n/sshenc.sh/
+EOF
+}
+
+cleanup() {
+    rm -rf "$temp_dir"
+}
+
+while getopts "h?p:s:" opt; do
+    case "$opt" in
+    h|\?)
+    show_help
+    exit 0
+    ;;
+    p)  public_key+=("$OPTARG")
+    ;;
+    s)  private_key=$OPTARG
+    ;;
+    esac
+done
+
+shift $((OPTIND -1))
+
+[ "$1" = "--" ] && shift
+
+temp_dir="$(mktemp -d -t "$me.XXXXXX")"
+temp_file_key="$(mktemp "$temp_dir/$me.XXXXXX.key")"
+temp_file="$(mktemp "$temp_dir/$me.XXXXXX.cypher")"
+trap cleanup EXIT
+
+#encrypt
+if [[ "${#public_key[@]}" > 0 ]]; then
+    openssl rand 32 > $temp_file_key
+
+    echo "-- encrypted with https://github.com/5im-0n/sshenc.sh/"
+    echo "-- keys"
+    for pubkey in "${public_key[@]}"
+    do
+        if [[ -e "$pubkey" ]]; then
+            convertedpubkey=$temp_dir/$(basename "$pubkey").pem
+            ssh-keygen -f "$pubkey" -e -m PKCS8 > $convertedpubkey
+            #encrypt key with public keys
+            if openssl rsautl -encrypt -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc; then
+                echo "-- key"
+                openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
+                echo "-- /key"
+            fi
+        fi
+    done
+    echo "-- /keys"
+
+    if cat | openssl enc -aes-256-cbc -salt -pass file:"$temp_file_key" > "$temp_file"; then
+        openssl base64 -A < "$temp_file"
+    fi
+
+#decrypt
+elif [[ -e "$private_key" ]]; then
+    stdin=`cat`
+    keys_enc=$(echo "$stdin" | awk '/-- keys/{f=1;next} /-- \/keys/{f=0} f')
+    cypher=$(echo "$stdin" | sed -e '1,/-- \/keys/d')
+
+    i=0
+    while read line ; do \
+        if [ "$line" == "-- key" ]; then
+            i=$(($i + 1))
+        elif [ "$line" == "-- /key" ]; then
+            :
+        else
+            keys[i]="${keys[$i]}$line"
+        fi
+    done <<< "$keys_enc"
+
+    decrypted=false
+    for key in "${keys[@]}"
+    do
+        if ((echo "$key" | openssl base64 -d -A | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
+            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -d -pass file:"$temp_file"; then
+                decrypted=true
+            fi
+        fi
+    done
+
+    if [ $decrypted = false ]; then
+        >&2 echo "no valid decryption key supplied"
+        exit 1
+    fi
+
+#help
+else
+    show_help
+    exit 1
+fi

sshenc.sh

@@ -1,29 +1,33 @@
-#!/bin/bash
+#!/usr/bin/env bash
-
-OPTIND=1 # reset in case getopts has been used previously in the shell.
 
+# --- constants
 me=sshenc.sh
 
 show_help() {
 cat << EOF
-usage: $me [-p <public ssh key> | -s <private ssh key>] [-h]
+usage: $me [[-p <public ssh key> | -g <github handle>]| -s <private ssh key>] [-h]
 
 examples:
-    - encrypt a file
-    $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
 
     - decrypt a file
     $me -s ~/.ssh/id_rsa < encrypted.txt
 
-$me home page: https://sshenc.sh/
+    - encrypt a file
+    $me -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+    - encrypt using a GitHub users public SSH key (requires curl and bash 3.2)
+    $me -g foo < plain-text-file.txt > encrypted.txt
+
+    - encrypt using multiple public keys (file can be read by any associated private key)
+    $me -g foo -g bar -p baz -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
+
+$me home page: https://github.com/5im-0n/sshenc.sh/
 EOF
 }
 
-cleanup() {
+# --- process option parameters
-    rm -rf "$temp_dir"
+OPTIND=1                           # reset in case getopts has been used previously in the shell
-}
+while getopts "h?p:s:g:" opt; do
-
-while getopts "h?p:s:" opt; do
     case "$opt" in
     h|\?)
     show_help
@@ -33,47 +37,99 @@ while getopts "h?p:s:" opt; do
     ;;
     s)  private_key=$OPTARG
     ;;
+    g)  github_handle+=("$OPTARG")
     esac
 done
 
-shift $((OPTIND -1))
+shift $((OPTIND -1))               # pop the processed options off the stack
-
 [ "$1" = "--" ] && shift
 
+# --- setup environment
+
+# data cache files
 temp_dir="$(mktemp -d -t "$me.XXXXXX")"
-temp_file_key="$(mktemp "$temp_dir/$(basename "$0").XXXXXX.key")"
+temp_file_key="$(mktemp "$temp_dir/$me.XXXXXX.key")"
-temp_file="$(mktemp "$temp_dir/$(basename "$0").XXXXXX.cypher")"
+temp_file="$(mktemp "$temp_dir/$me.XXXXXX.cypher")"
+
+cleanup() {
+    rm -rf "$temp_dir"
+}
 trap cleanup EXIT
 
-#encrypt
+# os specific configuration
+case "$(uname -s 2>/dev/null)" in
+    Darwin)
+        if [[ -n $(openssl version | grep -Eo "LibreSSL [2-9]") ]]; then
+            openssl_params=''
+        else
+            echo >&2 "Install openssl 1.1.1 or higher and add it to your \$PATH"
+            echo ''
+            echo '    brew install openssl'
+            echo '    echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile'
+            echo '    source ~/.bash_profile'
+            echo ''
+            exit 1
+        fi
+    ;;
+    *)
+        openssl_params='-pbkdf2 -iter 100000'
+esac
+
+# --- retrieve ssh keys from github
+if [[ "${#github_handle[@]}" -gt 0 ]]; then
+    if ! which curl >/dev/null ; then
+        >&2 echo "curl command not found"
+        exit 1
+    fi
+
+    OLDMASK=$(umask); umask 0266
+    for handle in "${github_handle[@]}"
+    do
+        curl -s "https://github.com/$handle.keys" | grep ssh-rsa > "$temp_dir/$handle"
+        if [ -s "$temp_dir/$handle" ]; then
+            key_index=0
+            while IFS= read -r key; do
+                printf "%s" "${key}" > "$temp_dir/$handle.$key_index"
+                public_key+=("$temp_dir/$handle.$key_index")
+                key_index=$((key_index+1))
+            done < "$temp_dir/$handle"
+        fi
+    done
+    umask "$OLDMASK"
+fi
+
+# --- encrypt stdin
 if [[ "${#public_key[@]}" > 0 ]]; then
     openssl rand 32 > $temp_file_key
 
-    echo "-- encrypted with https://sshenc.sh/"
+    echo "-- encrypted with https://github.com/5im-0n/sshenc.sh/"
     echo "-- keys"
     for pubkey in "${public_key[@]}"
     do
         if [[ -e "$pubkey" ]]; then
-            echo "-- key"
             convertedpubkey=$temp_dir/$(basename "$pubkey").pem
             ssh-keygen -f "$pubkey" -e -m PKCS8 > $convertedpubkey
             #encrypt key with public keys
-            openssl rsautl -encrypt -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc
+            if openssl rsautl -encrypt -oaep -pubin -inkey "$convertedpubkey" -in "$temp_file_key" -out $temp_dir/$(basename "$pubkey").key.enc; then
+                echo "-- key"
                 openssl base64 -in $temp_dir/$(basename "$pubkey").key.enc
                 echo "-- /key"
             fi
+        fi
     done
     echo "-- /keys"
 
-    if cat | openssl enc -aes-256-cbc -salt -pass file:"$temp_file_key" > "$temp_file"; then
+    if cat | openssl enc -aes-256-cbc -salt $openssl_params -pass file:"$temp_file_key" > "$temp_file"; then
-        openssl base64 < "$temp_file"
+        openssl base64 -A < "$temp_file"
     fi
 
-#decrypt
+# --- decrypt stdin
 elif [[ -e "$private_key" ]]; then
     stdin=`cat`
     keys_enc=$(echo "$stdin" | awk '/-- keys/{f=1;next} /-- \/keys/{f=0} f')
     cypher=$(echo "$stdin" | sed -e '1,/-- \/keys/d')
+    install -m 0600 "$private_key" "$temp_dir/private_key"
+    ssh-keygen -p -m PEM -N '' -f "$temp_dir/private_key" >/dev/null
 
     i=0
     while read line ; do \
@@ -87,13 +143,12 @@ elif [[ -e "$private_key" ]]; then
     done <<< "$keys_enc"
 
     decrypted=false
-    for key in "${keys[@]}"
+    for key in "${keys[@]}"; do
-    do
+        if $(echo "$key" | openssl base64 -d -A | openssl rsautl -decrypt -oaep -inkey "$temp_dir/private_key" >"$temp_file_key" 2>/dev/null); then
-        if ((echo "$key" | openssl base64 -d | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
+            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -d $openssl_params -pass file:"$temp_file_key"; then
-            if echo "$cypher" | openssl base64 -d | openssl aes-256-cbc -d -pass file:"$temp_file"; then
                 decrypted=true
-            fi;
+            fi
-        fi;
+        fi
     done
 
     if [ $decrypted = false ]; then
@@ -101,7 +156,7 @@ elif [[ -e "$private_key" ]]; then
         exit 1
     fi
 
-#help
+# --- help
 else
     show_help
     exit 1

tests/id_rsa-1

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAm6z7s+JUxR/aWCMhgzOD7uVpy/gSitupO9VuP6qdtACSK86E
+MIIEpAIBAAKCAQEA+LbOiD+g7hbpAyFQGXpOjzhoU/v60G6pTbGOScO2P3U24ddv
-dd6Rq3VImeC/3C8pREDmv5qpaHO42ggucebXc3Rl+42uWwXloHXzDIVcYb6AdUWr
++X8rDN7hvCPdXkMJWnJSIPsT9Xu6I2DmCFW4F2hDdTPHTTz799Kp3xPnvXUJGZb7
-G6UcNZ9k44quzV9SyhrZMi9xHmOQGVspLR4rl/SNNRwBoaQndS+KvdbOmtjMo1wY
+CdpwyvWxx83lCpPTIe5NGMDxn16R6k++pya4Gd0dMiKVGlC1OB5P3/z1Sgx8wqpF
-U/CF8pIHDd46WK7BeGAuTVyR3s91YtE3LNz3R8Xf7x9aEy1XPEyPpLvlSt4YqcoI
+m/ebZhIfR8fyNYi8z5Kt/SrB7bkHXAskQuNPZwc+a9riApMQRDcBcLgEywvskc35
-saGU+U24KZmyVXTYvXvUXHKczRhmZH01zUs/BnwQbmq0rboH/ivm3DgWoZYztJjw
+qyEJ/8dtumq+OhTRo8qjJObRG3tgJp7tAYJ9x+yxN8R38RzNEfTdmsIeZe42RFxz
-UdwmQUbRF2XlWguvkhXW4uLg7NaWhoX4qhkutQIDAQABAoIBADss9kDat/52rTjz
+G+kEYAYmDso6ntFGFpm0R8IuF/CFhjzJI63ZMwIDAQABAoIBAAdpYzQ6OTB/LEh0
-obmNy4j0C9NM6T9/YEUuTEpHQMs7rFSanB9yC01xt7dGh6fbBYS8ZvpOgDcERjAb
+mK95rpekBa/jBXFqqs7u6J+YHnk7o/wM8IBN4tmKVs3Ff9ZMRx4T5BCpism4+y4M
-DAygAyYQCPQmVzCifTcRnuITj5pYH9x0LybDDIYVoPQds3S912qb6hP5lLZIgm4h
+uC4tZ8QCzmfSuDC8DYIwG/HS5QgHUdMaZbbAdLYHplme8CFlkFglgtSnA0xNhCmo
-CPXtkgShIUwe6T/YdmdFOygOj1qsltLRBfO9oOifM87F62Lf3pE4RnOGTeZqYqBA
+YLUYeUoEBde1oh3bo9rdRGIXZrPjJlZIuAGhTV1bMBLbdF0Ha2jeKXnIeMNAu9mu
-RrGtor2eDqUm4qINdjYff2yHAkoYFCXDD37w2e66Lpp7RK4ylGH8uVzi26hW6bKd
+/Czz7zI4cdWlA0ubmkxoEz/wrC28ZqOJsRT2pyMR/SmBaeAKUfalgs4m8zHXrH4m
-Tb03Og+YwbY3H7iE3V8olZnxwB3yeBwUlCAMtVUPYKcvlxoxAnDU9jmYcAexmff6
+gp+G3c9u2hxH7U1P6kEW2Rzo7WRHh0yOKl4FRPOS5s5d3JiZin24Q+pPBWi38YHw
-guqBC8ECgYEAyt+u8icaW9bzH+9DWS4atEP35d6LXVlsHI/TKUkBCMUWYr8Orpjo
+jObm1VkCgYEA/7BHkk0/9smIkwYp/JNnCx4eh+H/F/thWRx5T/T0OI9ORZZ7ps2d
-JJ9sxn3CngO+cBOWQZrQqc/JgFPFswVnLKLDbzQkwA03MTofn2Zyuu1qXLol6oqG
+zuOTYkx3iN+6SXPIasNfdcbERwyfiF4Wwm/h8gtz0gsVAi8mrVCVjzuAFclrhFBi
-K+6385VgB1+xu0S32eGRGWuT/wwTLQQkyI+RM7cPdZ9MJSQ5KDdd0KcCgYEAxHE4
+LkvXRDRLxYictc93IZLgpqAUuAKUPSBR+YbSA3/cbs/1LYhIxx1UKVcCgYEA+QRa
-0KDhIfy1dwG7VH93l6JVS8OwzM54Ip8BmaA9DskMbIxpYD8UHbHccLxdQdc2Xcxi
+RfDSxv/S5YQi+ihi6iayGtclkAdhoRXoXF+/GCIXmtZPP1Hwrgq7hfjf3LvsQ043
-6W6ctOiHXpcVR7lfCHX2GZcpRgbh2CvF/WJa/V5sxsmNZtUOedxsAmCVCauWTy7N
+SZvlOD2VaAXveEHyhhjYHc8ooNgvAdcXrBb5E/+Oned1+aBOqrOer9jCVY93kgKp
-ryLX5tX6nN6ZRfbI2S4DVOw1pITu4rwG0wb/NUMCgYAl5ux0aUHPbrU1fioC+04Z
+8wB+mrkD3MaFCVypGg+/Fkr8dgqXCZ8LGUxAOYUCgYEA44YryiZvut2PaLVde2J3
-56jk1VMMOaytGWHGENGUpd2szS0dCYw1a2OTIeO+SczGe6JS122sjBmFVCFXdOb1
+mU8OAAC9DMwmzjMmSF5DTGlJT2cfVUk3Gjksl5ZP8D6V+HLNbyO3uIhNdKPo+mIv
-u+LvX7qN9uoc1FMcILPGoJyCfnSfAQpYIt1TMNEkD4jRB+GhXzcQnLylpcffXSrS
+gooo10gVol02LqFim2tQCwr5aWm5AR6+n0/hmNGoc3ijaq3Y5slamytsBGpXGyW9
-HaBvHQBSZVSAi+fxz4ZDeQKBgFJEcFy+40nOgViDeyZZ84WnUD1YiNRcq2ckXBEw
+jHvKOk73CqyHEiNqD7UrhTUCgYEAqUQwKMKeQ+65aJH9RJYXRpqvDleYjOK3lkvR
-UCG/BNr4urC5+fytnfoAiLWoIXaKv+mujyYcM4TjlN/iu+/ZJuV0rq5K944GVvZU
++piKyNjDuthaXexQ8b0R4utdICoNW2LbagmyMhyKZn9CXDhXppdUsE6Ui2Dn8xRG
-mHJ/duKRSgyEsXlLXFhqhj/0ghBLM4xi9TQQ7NGBT4NDZL2/TVnlSlnJ6hk+UUVT
+Xw/ul41rYCJpqxkw4A/gmh95Wbd/y5xL8YYwiPOikHvRCqAVwkVZ2sl1+rcQG9Yk
-KtHtAoGBAI42TZgJn0+ZZKFruBXI0JdLj3y++cN2PgKqHpgdaip2/ANwSNCmm4VL
+MToHnhECgYAsMy/TwgwltU1Dzz5r/BGAR3790h2jyN6dtKl10xALPzfAFx2Lvaet
-12AkPsvYOQ/BfC12jyTebuPMUre4BFkbkBaFQ/j8r/8zY+JkF7tiAMeeHRJiFsdW
+EPFTO9AfUp+t4ca509XuiltRi8CJyoD366jXyELMSoZ0l+K9sO5J6SoE2gYWOwFN
-XcRIy1nNcPbyqXSdyngIYj8Cjv/h5vbS9WvtjdzwoXsGt124eX3L
+/9CuKpTv38/BEeu5S6Ta7e/y10qNwDzGMCAvc/nhtgjUIFSDcGgSzQ==
 -----END RSA PRIVATE KEY-----

tests/id_rsa-1.pub

@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbrPuz4lTFH9pYIyGDM4Pu5WnL+BKK26k71W4/qp20AJIrzoR13pGrdUiZ4L/cLylEQOa/mqloc7jaCC5x5tdzdGX7ja5bBeWgdfMMhVxhvoB1RasbpRw1n2Tjiq7NX1LKGtkyL3EeY5AZWyktHiuX9I01HAGhpCd1L4q91s6a2MyjXBhT8IXykgcN3jpYrsF4YC5NXJHez3Vi0Tcs3PdHxd/vH1oTLVc8TI+ku+VK3hipygixoZT5TbgpmbJVdNi9e9RccpzNGGZkfTXNSz8GfBBuarStugf+K+bcOBahljO0mPBR3CZBRtEXZeVaC6+SFdbi4uDs1paGhfiqGS61 ssantoro@SSANTORO-PC1
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD4ts6IP6DuFukDIVAZek6POGhT+/rQbqlNsY5Jw7Y/dTbh12/5fysM3uG8I91eQwlaclIg+xP1e7ojYOYIVbgXaEN1M8dNPPv30qnfE+e9dQkZlvsJ2nDK9bHHzeUKk9Mh7k0YwPGfXpHqT76nJrgZ3R0yIpUaULU4Hk/f/PVKDHzCqkWb95tmEh9Hx/I1iLzPkq39KsHtuQdcCyRC409nBz5r2uICkxBENwFwuATLC+yRzfmrIQn/x226ar46FNGjyqMk5tEbe2Amnu0Bgn3H7LE3xHfxHM0R9N2awh5l7jZEXHMb6QRgBiYOyjqe0UYWmbRHwi4X8IWGPMkjrdkz s2@silver

tests/id_rsa-2

@@ -1,27 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxSK0G1uxhG4QNJhfircl9G4j2aERZj9mSVFSdua0sE1Itjiq
+MIIJKAIBAAKCAgEAzdjMULAvaKvZegHt9YDSQYF/dVHYqDHH5GYgnafDIQoyHyhe
-lhz1j9Wy6Y03GfJeX3B+zDpocD150VRNWuHExGrr+BnrCs87BK95ncX3rxvybEKm
+Xz/fUa/lrH+AU3yPQ2FUIBwtX0L6ksjdjg3RkTEFSGnRPmpdiELOjFqqZ02Lvoy0
-DDYa7kIZXRrlL/LIDQagrSA/vY/Qx7SpEv9d5+LVzRQoAltia2tRZcwgCuKFVlSu
+q5QY5Xubbva5FeTvh+DwXyj6Qjprry+R/exKbcsU1X4lxBbRQQrnEYRKhzXO6rQ5
-0Q9BhLu0GcT4M6JB88+v05sdXTIUnH+zYxW42IoLRyNYw3CiIoh2yruIZH2qEOyV
+cpH6FTWGkY0eazlw7AqaVEPoO7haAa/KoG/vVY+GPz3Yqoj/bFiqcNNUBYAiU/Oa
-7bdy+W2lXM5+8ZrwLa90Yx9W4ELMyJki0OKIeqtyFLPeSlAbv3vjAI0TWh379jTg
+JiRVu7t/5L5eb7QDoSbqI0R27s1PhVCJfampYhQj8xFFOQd4ejVFix71WQO1z+lC
-4W6vzSgIecljk5B1WI43fHKGQXzaWiXHbqM0VwIDAQABAoIBADi1vAQmw5FqLCVF
+SmCq0nkkUIYNlNm9oLmnTBAUxAuDFljeucolqa8pDhbBLQAQXzivNgkPRpoAavav
-NC7ucu+3A38ms5+rW1x6FXP4+D/Da8hn0sLuP8IJ4rcHFbPUIkvoS8Gqh8LKHJIY
+li7m/CgjxfVFnbANf45+21XTOjfyHy1jHSdZ85bNKPccPSoCHcmA53GpQpf19QlR
-Y0xiqD0s2Qb9Rb1NUhgN9rlpatAoBPwZzDS1F9g0kaFUDFxXxi7hGjXTkiKRDal1
+6L8M7MOqZ/ENNFVf12ktEfEb7g6i2OWJJLYFmQ+xq4d3WthSytYfK6qoLb3sE1X3
-kjHR3ozHl2OwibXr3gsyyy6yowEeGRGugCUUE3rRHArCLWjUxh2GB0xIOIwX6rFO
+bYGvjurBbqZWwmsajEmsYmDk58+l53fWA+tsYRF0bVKDrT4rYJuJai34ax/iJfef
-mIhHSwa4cgDg6vHmYz1wXLra6Qfitsulv+X2D6wqxjptrMxq4t3CC2sbrkIi900E
+Tg8cspO5VgyhW509y+avMA7Sl3pKWn5wCXNYwRbAM3UcZD6MfX/koJgzl5okgOVK
-DSxd8u0Z6aQVaTB16GpwNjLxAe47iahN/LmEOGUaT1W0b4QMhdYQH8kcWbK4SUbW
+FDqirDykCX3KxL1pZrUeN9eeRPk4Uowa+W+roV9MhB9sLHammM8SyF4522UCAwEA
-OTG9YzkCgYEA9wyiiyE1KJzhIKpKmfF94aVpay3XOQ1Q36J3f5GwWyDkSGv4BYoi
+AQKCAgBugqWt6+iH2Tq4NbD6zF4UrOEwqvAV3CPkiq+X9Cjd5Atkjtebaz8JK9Wx
-KPaPbh7vGmaBiiyRyYwPyf324VzjRwkLSzvZ9dJYoCxHesQUzgmfUIXjKoKAup53
+9gF+0LBZDDeNxZLWQa8kfpHzYZfQyvB7H9QmHhR4wuUAlOxG6WrMsd2M/8Ud7m5T
-5pVD9TApu0zmvfW+sBsmaI4rs/gerIA9REIiAJHaQKYXqMnQg25SHU0CgYEAzEcf
+9EEJcA7oc+qYK/eu9o45TuCh4elTaGOW+lJsI5PTx3amAM/CJzEe8AKnb5dDK6lD
-Klwb3XkVgnNDdBfGIHtstPd2IPNOoJlHk5qmGvpJGoQd89J05jYfGzrzVZSQH6SG
+Gu/pwLzO/CI+evaCmUY5AZdW6sEivhrkeN+JLmNyV2episrg6RmE2JM5RuiAEPlo
-9mzYJ51RAuhAnKzOK6oH4fkyBYDCeU0apS+dEKwVfeZRwXU+PXF4n31g39X1IPj8
+ZItujMYmDi5FIMx5B+BZQhOOUzeMYCOsquju5QPZGCBtwAEX+NXy+NeN9re+pyrH
-EBxfTx4IuLeot1A2Jfxdmxjei2MgDPsi+65t1jMCgYBXYD2g7ZbKjWnGTtRhzBqU
+0DAaaYtUbldSjo+XcFa/+JYaSFxO9hBQNEBS71RVy2bi1ESo/rF7BZxM41DB9k+R
-kxdM1AK55+7Bmcmf8dwo7uIuhxlKhEd+q22hKgmxEa4hO5A4c3QmIc+Od3be6eD3
+0ta+QcUCEO5pS1xY54mn6lvFm9P+ILbP4RKmjreo9hhtZtBROylPxlPh0bf2TLEf
-s+xr2ACGbgK99dnR4W9aYHAu2cdDucZ4ZDSL5IPt/c3iQ6c0y/Vyp03nsgrPQe/p
+2FDb4LLrGm9eppaXuvE6KvLcHJoouhCg2B4nT8+LH+zM3GPneezmtSYpG7Fnq6Cx
-U2aJQwypLtVRWkeIJJ2gRQKBgQCt8xZP3PWBh71QQ1S6RBBb0p5ED8GQ138p9Lxl
+QsmTVh7fw7ZTmyX/LgoMFEkKiHlcvkN6VoFdoodrT+OX4QGDJ7/LyXOJo1A5DAkx
-rbgqmtyrbruOx7Tx4D5m0rEpPAPqXhDrQM5kFWtJvXpfsCs0NWrW+3ukAfwYjRbW
+/NxeW2SESAcaf1ncjbAZKAMXvfTdPLOZQnYlK/VJ8h27XpDCnBOKjz0sS51Y5EA3
-eRAXhWIbvof55Bum+LxNm9dlY+2EMWF7Wp2yYpHsscBCsVQazqbrDqdbLIK7axNk
+7HPCoZm/P0LoUXvjQ4EQH/u3IWSnZD7TPb7KxxJ49dKoqCsUAQKCAQEA7NJTMq5I
-HCm9zwKBgQDLuCZgEUDyftmrtoejpo4To/AHTpak1iFCJlq57D60bUoBD+eV0EFr
+T1VNh67oWHFty1WfHq2eMqqJr2L70w0oPzjHf4utVsZVSR10upckwbGmBV0zyA+l
-S1AIJVHHnMp28V8X0zbpSg/ozV7gyQj9KI5AHkQ6S2RgxHQBGSXMSrtKLmV+toyf
+SQ/ul5jGrUq75eoofm2QogkAMqYleVUvR3HjjM7mBEwm3+/DQdqE8TUc/1pJ/ThT
-OnC8uZiPto1/0Nr6/Wzg1ykWHA21OE6XERbgm8kvKU0s/wlwuXcrcQ==
+cc6tMoFDwkXzlkn2OeNqPdkKbvJX+FRyM2zlZ1se0y+tZgn/tqZYBhG5kXSGTXE5
+CvLsYo5Q3bYlxp+yeLX+WAiOhkzy5XHUHihtd6hdrojuMZTzqL8bF4B3MXKM5dc2
+ost88ZFy81iCvADs8e8qd8QvDChWi1ZQAJ4XucVjpyyF6Jxqw4meS5t+bMnUF8Ks
+WsAq2OBCZnom8QKCAQEA3oRR2ZesHUtjavFMcdBGcoFlz7BXrrhGpcuOoJYqheDq
+MNLbnmIyUlkm3la9M8Lj0+AQBMWGDpgjdAVwhJbt/WhFROYlx9f6CXQpQMPdHLkh
+SFOC9hY46QRsKio1BMxBPiQx3K0pwhYFxxDy5oP1t7mgEDn6K8eXeyp/i7QnPbdF
+in66wNyAd0dt/ru6q3d81gejxlrVupOB6BROBEl1XH9tfcCLCamlax9VfP8igb16
+DLAwgplR6qsbdEccOCEzTKzWA3VRrqdY+olUjdVeWX7qqSQ61vBiZuZdSepGtsRR
+Pp69dMAPZY/FjKS+7k8rnSHGSlqf2RjWcYOtPN+DtQKCAQEAnIvkB2qBzj97Qqfy
+WxSQGYt95c+q9Z8Z6OAryzW1VyV3au6wJN5yXiSklvt2hruiHYWgxyzge82WUIvj
+OYZfcvo4zmoq45HDmbeOqggPetDkNJ5IGqskP3/EuPF0U+ZiRsIuir8DGgYfI3Wj
+jvaisMQvidC02DFy3ihA0p0v6KKhepMXa07m9r7BVMHdChYJbwdyCBtCM+SlMfkV
+p5nSmtvSJE1Z1mPBozGWlumJ6G2c/y5Czy8hFZF7CB9cD0sSf5NTZFPBgBe3fhBB
+xm7J7PFHsB4DGqyK1SSNIQprVB0tXdYHq+iYlE1hneSIyT3+cndwRkyfllXVfQux
+mQBCYQKCAQBWRxIBf5jBxxBmT+dnHe2iyl9ylxp4aYUjFflYdMFKJbpIcgmrsMF4
+Qo8amKFF56Q06+TqJLhlAkKE4vMMxgTDQ+HP5Djz8t9FOSAht5ANag7on1DhIB6y
+4v8ZnkHueVA2ywv2V8IgOi/FTuIP1Uy6DyRsBj7lKL+ohwLrZU/t0xkIqTi6PQUm
+urCAm8O2Zl8mEdJDv8atUDKHjQ/vA5iY4+PNZZHDjl7QWVbpX3e+vHwNXWeBy/cC
+OZQsksHzVZQxf7Z/osaoJMUQZ508XWX254oPSTfzTUOqSFoVpdwDU714vU4SbcHK
+jGN5tAtAFbyAca8T922RXNsRKpBKURQdAoIBAHSZpK6NceBpAkDfnO6z+wemWiF7
+R3PT/A2gDKyQqoWR8Skvtxu1d6MyzaBABRIW2Lfxg4UF0FG7ju1DPg0h8FkEeiD3
+nWmc3b8wXXw7WkuDHyJhWxGxhoSETu3BA508eIHGmz3Fr1lUjwoPwIfI5IP6jGJ+
+IJ2dgYP5dq/g8JMyYZ1zO2mXb/pN3ZffUN5T74zk4tQdN6mH903SAO/6ZzTWHD6F
+PncbEWvQKzXuYwcciHA+5jAau3CKucbVaLNOaEHvgq4qX44682chztZQBKXExd4d
+1+iuOV1bjOOG6xcTea+bafmqx30wAa9JSI3n4l1QBxWjCU1VErGnG0ZMf9U=
 -----END RSA PRIVATE KEY-----

tests/id_rsa-2.pub

@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFIrQbW7GEbhA0mF+KtyX0biPZoRFmP2ZJUVJ25rSwTUi2OKqWHPWP1bLpjTcZ8l5fcH7MOmhwPXnRVE1a4cTEauv4GesKzzsEr3mdxfevG/JsQqYMNhruQhldGuUv8sgNBqCtID+9j9DHtKkS/13n4tXNFCgCW2Jra1FlzCAK4oVWVK7RD0GEu7QZxPgzokHzz6/Tmx1dMhScf7NjFbjYigtHI1jDcKIiiHbKu4hkfaoQ7JXtt3L5baVczn7xmvAtr3RjH1bgQszImSLQ4oh6q3IUs95KUBu/e+MAjRNaHfv2NODhbq/NKAh5yWOTkHVYjjd8coZBfNpaJcduozRX ssantoro@SSANTORO-PC1
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN2MxQsC9oq9l6Ae31gNJBgX91UdioMcfkZiCdp8MhCjIfKF5fP99Rr+Wsf4BTfI9DYVQgHC1fQvqSyN2ODdGRMQVIadE+al2IQs6MWqpnTYu+jLSrlBjle5tu9rkV5O+H4PBfKPpCOmuvL5H97EptyxTVfiXEFtFBCucRhEqHNc7qtDlykfoVNYaRjR5rOXDsCppUQ+g7uFoBr8qgb+9Vj4Y/PdiqiP9sWKpw01QFgCJT85omJFW7u3/kvl5vtAOhJuojRHbuzU+FUIl9qaliFCPzEUU5B3h6NUWLHvVZA7XP6UJKYKrSeSRQhg2U2b2guadMEBTEC4MWWN65yiWprykOFsEtABBfOK82CQ9GmgBq9q+WLub8KCPF9UWdsA1/jn7bVdM6N/IfLWMdJ1nzls0o9xw9KgIdyYDncalCl/X1CVHovwzsw6pn8Q00VV/XaS0R8RvuDqLY5YkktgWZD7Grh3da2FLK1h8rqqgtvewTVfdtga+O6sFuplbCaxqMSaxiYOTnz6Xnd9YD62xhEXRtUoOtPitgm4lqLfhrH+Il959ODxyyk7lWDKFbnT3L5q8wDtKXekpafnAJc1jBFsAzdRxkPox9f+SgmDOXmiSA5UoUOqKsPKQJfcrEvWlmtR43155E+ThSjBr5b6uhX0yEH2wsdqaYzxLIXjnbZQ== s2@silver

tests/sometext

@@ -0,0 +1 @@
+hello!

tests/test.sh

@@ -0,0 +1,51 @@
+sshenc=../sshenc.sh
+#to test the pre OpenSSL 1.1.1 script, uncomment the line below:
+#sshenc=../sshenc-pre1.1.1.sh
+
+cleanup() {
+    rm -rf "$temp_dir"
+}
+
+trap cleanup EXIT
+
+temp_dir="$(mktemp -d -t "sshenc.sh.XXXXXX")"
+tempfile="$(mktemp "$temp_dir/sshenc.sh.XXXXXX.cypher")"
+plaintext=$(cat sometext)
+
+echo -n 'testing multiple pubkeys: '
+$sshenc -p id_rsa-1.pub -p id_rsa-2.pub -p id_rsa-3.pub < sometext > $tempfile
+
+for i in {1..3}; do
+    cyph=$($sshenc -s id_rsa-$i < $tempfile)
+    if [ "$cyph" == "$plaintext" ]; then
+        echo -n "key$i: ✓ "
+    else
+        echo -n "key$i: ⛝ "
+    fi
+done
+echo
+
+echo -n 'testing encryption with a single key: '
+$sshenc -p id_rsa-1.pub < sometext > $tempfile
+cyph=$($sshenc -s id_rsa-1 < $tempfile)
+if [ "$cyph" == "$plaintext" ]; then
+    echo -n "✓"
+else
+    echo -n "⛝"
+fi
+echo
+
+echo -n 'testing encryption of a binary file: '
+$sshenc -p id_rsa-1.pub < ../logo.png > $tempfile
+$sshenc -s id_rsa-1 < $tempfile > $temp_dir/binary
+diff ../logo.png $temp_dir/binary
+retval=$?
+if [ $retval -eq 0 ]; then
+    echo -n "✓"
+else
+    echo -n "⛝"
+fi
+echo
+
+echo
+echo done.