release 2.2.0

Append extension during encryption

AUTHORS.md

@@ -1 +1,4 @@
 - Justin Keller ([nodesocket](https://github.com/nodesocket))
+- Manuel Wildauer ([int9h](https://github.com/int9h))
+- Adam Daniels ([adam12](https://github.com/adam12))
+- Nicolas Le Gall ([Darkitty](https://github.com/Darkitty))

CHANGELOG.md

@@ -1,6 +1,23 @@
 CHANGELOG
 =========
 
+## 2.2.0 - *7/10/2020*
+
+- Append `.aes` file extension instead of substituting when encrypting.
+- Use derivation function _(-pbkdf2)_ when encrypting. See [pull request](https://github.com/nodesocket/cryptr/pull/3).
+
+## 2.1.1 - *3/25/2019*
+
+- Updated the notice text when using environment variable `CRYPTR_PASSWORD` for the password.
+- Updated `tests/test.bash`.
+- Bump copyright year to 2019.
+
+## 2.1.0 - *10/4/2017*
+
+- You may now define the password to use when encrypting and decrypting using the `CRYPTR_PASSWORD` environment variable. This change enables non-interactive/batch operations.
+
+- Added a test script `tests/test.bash`.
+
 ## 2.0.1 - *10/2/2017*
 
 - Small optimization, removed unneeded function `cryptr_info()`.

LICENSE.txt

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017 Justin Keller
+   Copyright 2019 Justin Keller
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,6 +1,6 @@
 # cryptr
 
-##### A simple shell utility for encrypting and decrypting files.
+#### A simple shell utility for encrypting and decrypting files using OpenSSL.
 
 ## Installation
 
@@ -9,6 +9,10 @@ git clone https://github.com/nodesocket/cryptr.git
 ln -s "$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptr
 ```
 
+### Bash tab completion
+
+Add `tools/cryptr-bash-completion.bash` to your tab completion file directory.
+
 ## API/Commands
 
 ### encrypt
@@ -16,17 +20,22 @@ ln -s "$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptr
 > encrypt \<file\> - Encryptes file with OpenSSL AES-256 cipher block chaining. Writes an encrypted file out *(ciphertext)* appending `.aes` extension.
 
 ```
-➜ cryptr encrypt ./secrets-file
+➜ cryptr encrypt ./secret-file
 enter aes-256-cbc encryption password:
 Verifying - enter aes-256-cbc encryption password:
 ```
 
 ```
 ➜ ls -alh
--rw-r--r--  1 user  group   1.0G Oct  1 13:33 secrets-file
--rw-r--r--  1 user  group   1.0G Oct  1 13:34 secrets-file.aes
+-rw-r--r--  1 user  group   1.0G Oct  1 13:33 secret-file
+-rw-r--r--  1 user  group   1.0G Oct  1 13:34 secret-file.aes
 ```
 
+You may optionally define the password to use when encrypting using the `CRYPTR_PASSWORD` environment variable. This enables non-interactive/batch operations.
+
+```
+➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr encrypt ./secret-file
+```
 
 ### decrypt
 
@@ -34,18 +43,24 @@ Verifying - enter aes-256-cbc encryption password:
 
 ```
 ➜ ls -alh
--rw-r--r--  1 user  group   1.0G Oct  1 13:34 secrets-file.aes
+-rw-r--r--  1 user  group   1.0G Oct  1 13:34 secret-file.aes
 ```
 
 ```
-➜ cryptr decrypt ./secrets-file.aes
+➜ cryptr decrypt ./secret-file.aes
 enter aes-256-cbc decryption password:
 ```
 
 ```
 ➜ ls -alh
--rw-r--r--  1 user  group   1.0G Oct  1 13:35 secrets-file
--rw-r--r--  1 user  group   1.0G Oct  1 13:34 secrets-file.aes
+-rw-r--r--  1 user  group   1.0G Oct  1 13:35 secret-file
+-rw-r--r--  1 user  group   1.0G Oct  1 13:34 secret-file.aes
+```
+
+You may optionally define the password to use when decrypting using the `CRYPTR_PASSWORD` environment variable. This enables non-interactive/batch operations.
+
+```
+➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr decrypt ./secret-file.aes
 ```
 
 ### help
@@ -69,7 +84,7 @@ Usage: cryptr command <command-specific-options>
 
 ```
 ➜ cryptr version
-cryptr 2.0.1
+cryptr 2.2.0
 ```
 
 ### default
@@ -78,7 +93,7 @@ cryptr 2.0.1
 
 ```
 ➜ cryptr
-cryptr 2.0.1
+cryptr 2.2.0
 
 Usage: cryptr command <command-specific-options>
 
@@ -115,7 +130,7 @@ For more information on semantic versioning, visit http://semver.org/.
 
 ## License & Legal
 
-Copyright 2017 Justin Keller
+Copyright 2019 Justin Keller
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

cryptr.bash

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 ###############################################################################
-# Copyright 2017 Justin Keller
+# Copyright 2019 Justin Keller
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,8 +18,8 @@
 
 set -eo pipefail; [[ $TRACE ]] && set -x
 
-readonly VERSION="2.0.1"
-readonly OPENSSL_CIPHER="aes-256-cbc"
+readonly VERSION="2.2.0"
+readonly OPENSSL_CIPHER_TYPE="aes-256-cbc"
 
 cryptr_version() {
   echo "cryptr $VERSION"
@@ -44,7 +44,12 @@ cryptr_encrypt() {
     exit 4
   fi
 
-  openssl $OPENSSL_CIPHER -salt -in "$_file" -out "$_file".aes
+  if [[ ! -z "${CRYPTR_PASSWORD}" ]]; then
+    echo "[notice] using environment variable CRYPTR_PASSWORD for the password"
+    openssl $OPENSSL_CIPHER_TYPE -salt -pbkdf2 -in "$_file" -out "${_file}.aes" -pass env:CRYPTR_PASSWORD
+  else
+    openssl $OPENSSL_CIPHER_TYPE -salt -pbkdf2 -in "$_file" -out "${_file}.aes"
+  fi
 }
 
 cryptr_decrypt() {
@@ -54,7 +59,12 @@ local _file="$1"
     exit 5
   fi
 
-  openssl $OPENSSL_CIPHER -d -salt -in "$_file" -out "${_file%\.aes}"
+  if [[ ! -z "${CRYPTR_PASSWORD}" ]]; then
+    echo "[notice] using environment variable CRYPTR_PASSWORD for the password"
+    openssl $OPENSSL_CIPHER_TYPE -d -salt -pbkdf2 -in "$_file" -out "${_file%\.aes}" -pass env:CRYPTR_PASSWORD
+  else
+    openssl $OPENSSL_CIPHER_TYPE -d -salt -pbkdf2 -in "$_file" -out "${_file%\.aes}"
+  fi
 }
 
 cryptr_main() {

tests/test.bash

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -eo pipefail; [[ $TRACE ]] && set -x
+
+plaintext=$(mktemp /tmp/cryptr.XXXXXXXX)
+dd if=/dev/urandom bs=4096 count=256 2> /dev/null | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c262144 > "$plaintext"
+plaintext_sha=($(openssl dgst -sha256 "$plaintext"))
+
+export CRYPTR_PASSWORD
+CRYPTR_PASSWORD=$(dd if=/dev/urandom bs=200 count=1 2> /dev/null | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c32)
+
+cryptr encrypt "$plaintext"
+rm -f "$plaintext"
+
+if [[ ! -f "$plaintext".aes ]]; then
+    printf "Encrypted out file %s was not created" "$plaintext".aes 1>&2
+    exit 3
+fi
+
+cryptr decrypt "$plaintext".aes
+
+decrypted_sha=($(openssl dgst -sha256 "$plaintext"))
+
+rm -f "$plaintext".aes
+rm -f "$plaintext"
+
+if [ "${plaintext_sha[1]}" != "${decrypted_sha[1]}" ]; then
+    printf "Hash mismatch\n\t%s != %s" "${plaintext_sha[1]}" "${decrypted_sha[1]}" 1>&2
+    exit 4
+fi

tools/cryptr-bash-completion.bash

@@ -0,0 +1,14 @@
+_cryptr_complete()
+{
+     local cur_word prev_word type_list
+     COMPREPLY=()
+     cur_word="${COMP_WORDS[COMP_CWORD]}"
+     prev_word="${COMP_WORDS[COMP_CWORD-1]}"
+ 
+     opts='encrypt decrypt'
+ 
+     COMPREPLY=( $(compgen -W "${opts}" -- ${cur_word}) )
+     return 0
+}
+ 
+complete -F _cryptr_complete cryptr.bash cryptr