| ENC(1) | General Commands Manual | ENC(1) |
enc — encrypt and
decrypt files
enc |
[-acdef] [file ...] |
enc encrypts and decrypts files using
ChaCha20 via openssl(1). When encrypting files, the
.enc extension is added. When decrypting files, the
.enc extension is removed, if possible. Otherwise
output is written to standard output. Input files are not removed. If no
files are provided, standard input is encrypted or decrypted.
The arguments are as follows:
$ enc secret.txt $ rm secret.txt $ enc -d secret.txt.enc
| January 30, 2022 | OpenBSD 7.1 |
#!/bin/sh set -eu readonly Command='openssl enc -ChaCha20 -pbkdf2' base64= stdout=false mode=encrypt force=false while getopts 'acdef' opt; do case $opt in (a) base64=-a;; (c) stdout=true;; (d) mode=decrypt;; (e) mode=encrypt;; (f) force=true;; (?) exit 1;; esac done shift $((OPTIND - 1)) confirm() { $force && return 0 while :; do printf '%s: overwrite %s? [y/N] ' "$0" "$1" >&2 read -r confirm case "$confirm" in (Y*|y*) return 0;; (N*|n*|'') return 1;; esac done } encrypt() { if test -z "${1:-}"; then $Command -e $base64 elif $stdout; then $Command -e $base64 -in "$1" else input=$1 output="${1}.enc" if test -e "$output" && ! confirm "$output"; then return fi $Command -e $base64 -in "$input" -out "$output" fi } decrypt() { if test -z "${1:-}"; then $Command -d $base64 elif $stdout || [ "${1%.enc}" = "$1" ]; then $Command -d $base64 -in "$1" else input=$1 output=${1%.enc} if test -e "$output" && ! confirm "$output"; then return fi $Command -d $base64 -in "$input" -out "$output" fi } for input; do $mode "$input" done if [ $# -eq 0 ]; then $mode fi