-
Notifications
You must be signed in to change notification settings - Fork 0
/
vim02enc
executable file
·177 lines (151 loc) · 5.46 KB
/
vim02enc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/usr/bin/env bash
# set a default for the armoring if none is given
if [[ -z "${V02ENC_ARMOR}" ]]
then
V02ENC_ARMOR="1"
fi
# set a default for the key file if none is given
if [[ -z "${V02ENC_KEY}" ]]
then
V02ENC_KEY="-"
fi
# set a de fault for the passphrase if non is given
if [[ -z "${V02ENC_PASSPHRASE}" ]]
then
# set to empty string by default
V02ENC_PASSPHRASE=""
if [[ "${V02ENC_KEY}" == "-" ]]
then
# check if there is a key file
if [[ -f ~/.v02enc ]]
then
# read the key file
V02ENC_PASSPHRASE="$(/usr/bin/env cat ~/.v02enc | /usr/bin/env xxd -p | /usr/bin/env tr -d "\n")"
else
# check if we are running macOS
OS="$(/usr/bin/env uname -s | /usr/bin/env tr "[:upper:]" "[:lower:]")"
if [[ "$OS" == "darwin" ]]
then
# try to read the default keychain value
TMP="$(/usr/bin/env security find-generic-password -a "$(/usr/bin/env whoami)" -s "v02enc" -w)"
if [[ "$?" -eq "0" ]]
then
V02ENC_PASSPHRASE="${TMP}"
fi
fi
fi
fi
fi
SCRIPT_DIR="$(/usr/bin/env dirname "$(/usr/bin/env realpath "$0")")"
# prepare the exit code
EXITCODE="0"
if [[ ${V02ENC_KEY} == "-" || -f "${V02ENC_KEY}" ]]
then
# Do we update an existing file?
UPDATE="0"
# generate the temporary file name
TEMPFILE="$(/usr/bin/env mktemp)"
if [[ -f "${1}" ]]
then
UPDATE="1"
# decrypt the file
echo -n "${V02ENC_PASSPHRASE}" | /usr/bin/env xxd -p -r | "${SCRIPT_DIR}/v02enc" --decrypt --key "${V02ENC_KEY}" --input "${1}" --output "${TEMPFILE}"
else
# create the temporary file
/usr/bin/env touch "${TEMPFILE}"
fi
if [[ "$?" -eq "0" ]]
then
# set restrictive temporary file access
/usr/bin/env chmod 600 "${TEMPFILE}"
# only proceed if the temporary file is somewhat protected
if [[ "$?" -eq "0" ]]
then
# get the last-modified date of the temporary file
LASTMODIFIED="$(/usr/bin/env date -r "${TEMPFILE}" "+%s")"
# open vim as the editor but disable the swap file
/usr/bin/env vim -n "${TEMPFILE}"
# only proceed if we closed vim properly
if [[ "$?" -eq "0" ]]
then
# prepare encryption result
SUCCESS="0"
# get the new last-modified date of the temporary file
NEWMODIFIED="$(/usr/bin/env date -r "${TEMPFILE}" "+%s")"
# only change the original file if the temporary file has changed
if [[ "${NEWMODIFIED}" -gt "${LASTMODIFIED}" ]]
then
# we update the file
if [[ "${UPDATE}" -eq "1" ]]
then
# generate the temporary output file name
OUTPUTFILE="$(/usr/bin/env mktemp)"
# use armored output
if [[ "${V02ENC_ARMOR}" -eq "1" ]]
then
echo -n "${V02ENC_PASSPHRASE}" | /usr/bin/env xxd -p -r | "${SCRIPT_DIR}/v02enc" --armor --input "${1}" --key "${V02ENC_KEY}" --output "${OUTPUTFILE}" --update "${TEMPFILE}"
else
echo -n "${V02ENC_PASSPHRASE}" | /usr/bin/env xxd -p -r | "${SCRIPT_DIR}/v02enc" --input "${1}" --key "${V02ENC_KEY}" --output "${OUTPUTFILE}" --update "${TEMPFILE}"
fi
# keep exit code
SUCCESS="$?"
# only replace the previous file if encryption succeeded
if [[ "${SUCCESS}" -eq "0" ]]
then
# use cat to keep file owner and file mode
/usr/bin/env cat "${OUTPUTFILE}" >"${1}"
# clean up the temporary output file
if [[ "$?" -eq "0" ]]
then
# try to delete the temporary output file
/usr/bin/env rm -f "${OUTPUTFILE}"
else
# throw a tantrum if cat failed, we are about to lose the original file!
echo "ERROR: Writing the encrypted data back to the original file failed!" >&2
echo "ERROR: You are about to lose the content of the original file!" >&2
echo "ERROR: Please move the encrypted data to the original file yourself!" >&2
echo "ERROR: The encrypted data are located here:" >&2
echo "ERROR: ${OUTPUTFILE}"
EXITCODE="6"
fi
fi
else
# use armored output
if [[ "${V02ENC_ARMOR}" -eq "1" ]]
then
echo -n "${V02ENC_PASSPHRASE}" | /usr/bin/env xxd -p -r | "${SCRIPT_DIR}/v02enc" --armor --encrypt --input "${TEMPFILE}" --key "${V02ENC_KEY}" --output "${1}"
else
echo -n "${V02ENC_PASSPHRASE}" | /usr/bin/env xxd -p -r | "${SCRIPT_DIR}/v02enc" --encrypt --input "${TEMPFILE}" --key "${V02ENC_KEY}" --output "${1}"
fi
# keep exit code
SUCCESS="$?"
fi
else
echo "INFO: Skipping unmodified file." >&2
fi
# print a message if an error occured
if [[ "${SUCCESS}" -ne "0" ]]
then
echo "ERROR: File could not be encrypted." >&2
EXITCODE="5"
fi
else
echo "ERROR: Vim closed unexpectedly." >&2
EXITCODE="4"
fi
else
echo "ERROR: Temporary file access could not be restricted." >&2
EXITCODE="3"
fi
else
echo "ERROR: Temporary file could not be prepared." >&2
EXITCODE="2"
fi
# try to delete the temporary file either way
/usr/bin/env rm -f "${TEMPFILE}"
else
echo "ERROR: v02enc key file does not exist: ${V02ENC_KEY}" >&2
EXITCODE="1"
fi
# set the exit code
exit "${EXITCODE}"