enc

enc encrypts and decrypts files using ChaCha20 via openssl(1). When encrypting files, the .enc extension is added. When decrypting files, the .enc extension is removed, if possible. Otherwise output is written to standard output. Input files are not removed. If no files are provided, standard input is encrypted or decrypted.

The arguments are as follows:

-a: Encrypted data is Base64-encoded.
-c: Always write to standard output.
-d: Decrypt.
-e: Encrypt. This is the default.
-f: Do not ask to confirm overwriting files.

EXAMPLES

$ enc secret.txt
$ rm secret.txt
$ enc -d secret.txt.enc

#!/bin/sh set -eu readonly Command='openssl enc -ChaCha20 -pbkdf2' base64= stdout=false mode=encrypt force=false while getopts 'acdef' opt; do case $opt in (a) base64=-a;; (c) stdout=true;; (d) mode=decrypt;; (e) mode=encrypt;; (f) force=true;; (?) exit 1;; esac done shift $((OPTIND - 1)) confirm() { $force && return 0 while :; do printf '%s: overwrite %s? [y/N] ' "$0" "$1" >&2 read -r confirm case "$confirm" in (Y*|y*) return 0;; (N*|n*|'') return 1;; esac done } encrypt() { if test -z "${1:-}"; then $Command -e $base64 elif $stdout; then $Command -e $base64 -in "$1" else input=$1 output="${1}.enc" if test -e "$output" && ! confirm "$output"; then return fi $Command -e $base64 -in "$input" -out "$output" fi } decrypt() { if test -z "${1:-}"; then $Command -d $base64 elif $stdout || [ "${1%.enc}" = "$1" ]; then $Command -d $base64 -in "$1" else input=$1 output=${1%.enc} if test -e "$output" && ! confirm "$output"; then return fi $Command -d $base64 -in "$input" -out "$output" fi } for input; do $mode "$input" done if [ $# -eq 0 ]; then $mode fi

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES