2.1.0 - See CHANGELOG.md

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+## 2.1.0 - *10/4/2017*
+
+- You may now define the password to use when encrypting and decrypting using the `CRYPTR_PASSWORD` environment variable. This change enables non-interactive/batch operations.
+
+- Added a test script `tests/test.bash`.
+
 ## 2.0.1 - *10/2/2017*
 
 - Small optimization, removed unneeded function `cryptr_info()`.

README.md

@@ -27,6 +27,11 @@ Verifying - enter aes-256-cbc encryption password:
 -rw-r--r--  1 user  group   1.0G Oct  1 13:34 secrets-file.aes
 ```
 
+You may optionally define the password to use when encrypting using the `CRYPTR_PASSWORD` environment variable. This enables non-interactive/batch operations.
+
+```
+➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr encrypt ./secrets-file
+```
 
 ### decrypt
 
@@ -48,6 +53,12 @@ enter aes-256-cbc decryption password:
 -rw-r--r--  1 user  group   1.0G Oct  1 13:34 secrets-file.aes
 ```
 
+You may optionally define the password to use when decrypting using the `CRYPTR_PASSWORD` environment variable. This enables non-interactive/batch operations.
+
+```
+➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr decrypt ./secrets-file.aes
+```
+
 ### help
 
 > help - Displays help
@@ -69,7 +80,7 @@ Usage: cryptr command <command-specific-options>
 
 ```
 ➜ cryptr version
-cryptr 2.0.1
+cryptr 2.1.0
 ```
 
 ### default
@@ -78,7 +89,7 @@ cryptr 2.0.1
 
 ```
 ➜ cryptr
-cryptr 2.0.1
+cryptr 2.1.0
 
 Usage: cryptr command <command-specific-options>
 

cryptr.bash

@@ -18,8 +18,8 @@
 
 set -eo pipefail; [[ $TRACE ]] && set -x
 
-readonly VERSION="2.0.1"
-readonly OPENSSL_CIPHER="aes-256-cbc"
+readonly VERSION="2.1.0"
+readonly OPENSSL_CIPHER_TYPE="aes-256-cbc"
 
 cryptr_version() {
   echo "cryptr $VERSION"
@@ -44,7 +44,12 @@ cryptr_encrypt() {
     exit 4
   fi
 
-  openssl $OPENSSL_CIPHER -salt -in "$_file" -out "$_file".aes
+  if [[ ! -z "${CRYPTR_PASSWORD}" ]]; then
+    echo "Using environment variable CRYPTR_PASSWORD for the password" 1>&2
+    openssl $OPENSSL_CIPHER_TYPE -salt -in "$_file" -out "$_file".aes -pass env:CRYPTR_PASSWORD
+  else
+    openssl $OPENSSL_CIPHER_TYPE -salt -in "$_file" -out "$_file".aes
+  fi
 }
 
 cryptr_decrypt() {
@@ -54,7 +59,12 @@ local _file="$1"
     exit 5
   fi
 
-  openssl $OPENSSL_CIPHER -d -salt -in "$_file" -out "${_file%\.aes}"
+  if [[ ! -z "${CRYPTR_PASSWORD}" ]]; then
+    echo "Using environment variable CRYPTR_PASSWORD for the password" 1>&2
+    openssl $OPENSSL_CIPHER_TYPE -d -salt -in "$_file" -out "${_file%\.aes}" -pass env:CRYPTR_PASSWORD
+  else
+    openssl $OPENSSL_CIPHER_TYPE -d -salt -in "$_file" -out "${_file%\.aes}"
+  fi
 }
 
 cryptr_main() {

tests/test.bash

@@ -2,14 +2,28 @@
 set -eo pipefail; [[ $TRACE ]] && set -x
 
 plaintext=$(mktemp /tmp/cryptr.XXXXXXXX)
-dd if=/dev/urandom bs=1024 count=1 2> /dev/null | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c200 > "$plaintext"
-plaintext_sha=$(shasum -a 256 "$plaintext")
+dd if=/dev/urandom bs=4096 count=1 2> /dev/null | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c512 > "$plaintext"
+plaintext_sha=($(openssl dgst -sha256 "$plaintext"))
+
+export CRYPTR_PASSWORD
+CRYPTR_PASSWORD=$(dd if=/dev/urandom bs=200 count=1 2> /dev/null | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c32)
 
 cryptr encrypt "$plaintext"
 rm -f "$plaintext"
+
+if [[ ! -f "$plaintext".aes ]]; then
+    printf "Encrypted out file %s was not created" "$plaintext".aes 1>&2
+    exit 3
+fi
+
 cryptr decrypt "$plaintext".aes
 
-decrypted_sha=$(shasum -a 256 "$plaintext")
+decrypted_sha=($(openssl dgst -sha256 "$plaintext"))
 
-echo "$plaintext_sha"
-echo "$decrypted_sha"
+rm -f "$plaintext".aes
+rm -f "$plaintext"
+
+if [ "${plaintext_sha[1]}" != "${decrypted_sha[1]}" ]; then
+    printf "Hash mismatch\n\t%s != %s" "${plaintext_sha[1]}" "${decrypted_sha[1]}" 1>&2
+    exit 4
+fi