nix, shell, perl, php, mysql and mac os x tips and tricks

Monday, April 16, 2007

Shell script to ecrypt/decrypt files with GPG

#!/bin/bash

# encrypts or decrypts files or directories with GPG
ACTION="";
FILEORDIR="";
FILE="";
OUTPUTFILE="${HOME}/gpgout";
MYOUTFILE="";
RECIPIENT="";
PASSWORD="";
FILEBASE="";
TEMPFILE="";
OUTFILE="";
GPGOUT="";

# ask if this is an encrypt or a decrypt
echo "encrypt or decrypt? (encrypt) : ";
read ACTION;
if [ -z $ACTION ]; then
    ACTION=encrypt;
fi

# ask if this is a file or a directory
echo "is this a file or directory? (file) : ";
read FILEORDIR;
if [ -z $FILEORDIR ]; then
    FILEORDIR=file;
fi

# ask for full path to the file
echo "enter full path to the $FILEORDIR (no trailing slash) : ";
read FILE;
if [ -z $FILE ]; then
    echo "no $FILEORDIR entered, exiting.";
    exit;
fi

# if directory, check it exists
if [ $FILEORDIR = 'directory' ]; then
    if [ -d $FILE ]; then
            echo "directory $FILE exists..."
        else
            echo "$FILE does not exist, exiting."
            exit;
    fi
fi

# if file, check it exists
if [ $FILEORDIR = 'file' ]; then
    if [ -f $FILE ]; then
            echo "file $FILE exists...";
            FILEBASE=`basename $FILE`;
        else
            echo "$FILE does not exist, exiting.";
            exit;
    fi
fi

# ask for output location
echo "Enter output directory with no trailing slash ($OUTPUTFILE) :";
read MYOUTFILE;
if [ -z $MYOUTFILE ]; then
    MYOUTFILE=$OUTPUTFILE;
fi

# check that the output dir exists, if not, create it
if [ -d $MYOUTFILE ];
    then
        echo "";
    else
        mkdir $MYOUTFILE;
fi

# ask for the gpg recipient
echo "Enter the GPG recipient :";
read RECIPIENT;
if [ -z $RECIPIENT ]; then
    echo "no GPG recipient entered, exiting.";
    exit;
fi

if [ $ACTION = 'decrypt' ]
    then
   
    # Ask for their GPG passphrase silently
    echo "Enter GPG passphrase : ";
    stty -echo
    read PASSWORD;
    stty echo

fi

############# BEGIN MEAT ###############

# if it's an encrypt job
if [ $ACTION = 'encrypt' ]; then
   
    if [ $FILEORDIR = 'file' ];
   
        then # if it's a file
            gpg --encrypt --recipient "$RECIPIENT" --output "${MYOUTFILE}/${FILEBASE}.gpg" $FILE;
        else # it's a directory - loop thru it and encrypt each file
            for file in `ls $FILE | tr : " "`
            do
                gpg --encrypt --recipient "$RECIPIENT" --output "${MYOUTFILE}/${file}.gpg" ${FILE}/${file};
            done
       
    fi # end if for file or directory

fi # end action=encrypt

# if it's an decrypt job
if [ $ACTION = 'decrypt' ]; then
   
    if [ $FILEORDIR = 'file' ];
   
        then # if it's a file
            OUTFILE=`echo $FILEBASE | sed 's/\.gpg//g'`;
            GPGOUT=`gpg --decrypt --recipient "$RECIPIENT" --output ${MYOUTFILE}/${OUTFILE} --passphrase "$PASSWORD" $FILE &> /dev/null`;
        else # it's a directory - loop thru it and encrypt each file
            for file in `ls $FILE | tr : " "`
            do
                OUTFILE=`echo $file | sed 's/\.gpg//g'`;
                GPGOUT=`gpg --decrypt --recipient "$RECIPIENT" --output ${MYOUTFILE}/${OUTFILE} --passphrase "$PASSWORD" ${FILE}/${file} &> /dev/null`;
            done
       
    fi # end if for file or directory
   
    echo "";
    echo "BE SURE TO DELETE THE DECRYPTED FILES!";

fi # end action=decrypt

No comments:

Post a Comment