#!/bin/sh ################################################################# # # @(#) ager (c) Sep 2021 by hoz HZNET.DE # # Actually Good Encryption with Recipient key management # # A script to extend age(1) and simplify recipient key # management. # # Keys generated by age-keygen(1) are stored within # the "keys" directory in the users home directory. # The public part of the age(1) key is stored in a # file "age.public.$LOGNAME", while the private part # is stored in "age.secret.$LOGNAME". # # The recipient public keys are usually stored in files # called "age.public." or # "age.public." in case of a # recipent list. # # Run "ager -l" or "ager -L" to get a list of recipients # or private id's # # ager --create-key generates a asymmetric key pair # ager --print-pub prints the public part of the id to stdout # # Encrypted files are usually stored in an output file with # the extension ".age" added to the name of the input file. # Decrypted files are stored in an output file named like the # input file with extension ".age" removed. # ################################################################# PATH=/bin:/usr/bin:/usr/local/bin keys=$HOME/keys whoami="${LOGNAME:-$USER}" prog="`basename $0`" usage() { while test $# -gt 0 do echo "$prog: $1" 1>&2 shift done echo "usage: $prog -h|--help" 1>&2 echo "usage: $prog -l|--list-recipients" 1>&2 echo "usage: $prog -L|--list-ids" 1>&2 echo "usage: $prog -e recipient[,recipent2[,...]] [-a] [-o outfile] [file]" 1>&2 echo "usage: $prog -d [-i id] [-o outfile] [file]" 1>&2 echo "" 1>&2 echo "usage: $prog --create-key [-i id]" 1>&2 echo "usage: $prog --print-pub [-i id]" 1>&2 exit 1 } while test $# -gt 0 do case "$1" in -h|--help) usage ;; -a|--armor) options="$options $1" ;; -l|--list-r*) echo "list of recipients" cd $keys ; ls age.public.* | cut -d. -f3- exit ;; -L|--list-i*) echo "list of identities" cd $keys ; ls age.secret.* | cut -d. -f3- exit ;; -o|--out*) shift test $# -lt 1 && usage "option -o needs an output file parameter" outfile="$1" ;; -e|--enc*) shift test $# -lt 1 && usage "option -e requires a recipent list" recipients=$1 mode="encrypt" ;; -d|--dec*) mode="decrypt" ;; -i|--id*) shift test $# -lt 1 && usage "option -i requires a parameter" id="$keys/age.secret.$1" ;; --print-p*) mode="print" ;; --create-key) mode="create" ;; -*) usage "Illegal option $1" ;; *) break ;; esac shift done file="$1" # which mode? case "$mode" in print) test -z "$id" && id="$keys/age.secret.$whoami" age-keygen -y $id exit ;; create) test -z "$id" && id="$keys/age.secret.$whoami" if test -f $id then echo "$prog: key with id \"$id\" already exist" exit fi age-keygen -o $id pubfile=`echo $id | sed "s|/age\.secret\.|/age.public.|"` age-keygen -o $pubfile -y $id exit ;; decrypt) test -z "$id" && id="$keys/age.secret.$whoami" ;; encrypt) for recipient in `echo $recipients | tr "," " "` do test -f $keys/age.public.$recipient || usage "recipient \"$recipient\" not found" "option -e requires recipient arg" done ;; *) usage "use option -e or -d to en/decrypt a file" ;; esac # set the default output file with extension ".age" if test -n "$file" -a -z "$outfile" then if test $mode = encrypt then outfile="${file}.age" else outfile="`basename ${file} .age`" fi fi # prevent the overwriting of the outputfile if test -n "$outfile" then if test -f $outfile then usage "outputfile $outfile already exist!" fi outfile="-o $outfile" fi # which mode? if test "$mode" = "encrypt" then rlist=`echo $recipients | sed -e "s|^|-R $keys/age.public.|" -e "s|,| -R $keys/age.public.|"` # echo age -e $rlist $options $outfile $file age -e $rlist $options $outfile "$file" else # echo age -d $options -i $id $outfile $file age -d $options -i $id $outfile $file fi