-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvolacrypt.sh
executable file
·173 lines (152 loc) · 5.31 KB
/
volacrypt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#!/usr/bin/env bash
# shellcheck disable=SC1117
#shamelessly adapted from https://github.com/AdrianKoshka/1339secure
# shellcheck disable=SC2034
__VOLACRYPTSH_VERSION__=1.3
if ! OPTS=$(getopt --alternative --options hr:n:p:u: \
--longoptions help,room:,nick:,pass:,pp:,room-pass:,passphrase:,sp,skip-passphrase \
-n 'volacrypt.sh' -- "$@"); then
echo -e "\nFailed while parsing options.\n" ; exit 1
fi
IFS=$'\r'
if [[ ! $(type gpg 2>/dev/null) ]]; then echo "Please install GPG"; exit; fi
if [[ ! $(type curl 2>/dev/null) ]]; then echo "Please install curl"; exit; fi
if [[ $(type curlbar 2>/dev/null) ]]; then
cURL="curlbar"
else
cURL="curl"
fi
if [[ -f "$HOME/.volascriptsrc" ]]; then
#shellcheck disable=SC1090
source "$HOME/.volascriptsrc"
fi
cleanup() {
trap - SIGHUP SIGTERM SIGINT EXIT
local failure
local exit_code="$1"
local file_to_remove="$2"
if [[ "$exit_code" == "" ]]; then
echo -e "\n\033[0mProgram interrupted by user."
exit_code=10
fi
if [[ $file_to_remove != "none" ]] && [[ $file_to_remove != "" ]]; then
rm -f "$file_to_remove"
fi
for failure in "${@:3}"; do
echo -e "\033[31m$failure\033[0m" >&2
done; exit "$exit_code"
}
print_help() {
cat >&2 << EOF
volacrypt.sh help page
If run on a file, will encrypt the file and upload it to volafile.
If run on a special volafile URL, it will download and decrypt.
-h, --help
Show this help message.
-r, --room <room_name>
Specifiy upload room. (This plus at least one upload target is the only
required option to upload something).
-n, --nick <name>
Specify name, under which your file(s) will be uploaded.
-p, --password <password>
Set your account password. If you upload as logged user, file
uploads will count towards your file stats on Volafile.
See https://volafile.org/user/<your_username>
-pp, --pasphrase <passphrase>
Specify the passphrase for data decryption. This option only works with
downloading the file.
-sp, --skip-passphrse
By specifying this option script won't append the passphrase to the filename
of uploaded file.
EOF
exit 0
}
eval set -- "$OPTS"
while true; do
case "$1" in
-h | -help | --help) print_help ; shift ;;
-r | -room | --room ) ROOM="$2"; shift 2;;
-n | -nick | --nick) NICK="$2" ; shift 2 ;;
-p | -password | --password) PASSWORD="$2" ; shift 2 ;;
-u | -room-pass | --room-pass) ROOMPASS="$2" ; shift 2 ;;
-pp | --pp | --passphrase ) PASSPHRASE="$2"; shift 2;;
-sp | --sp | --skip-passphrase ) SKIP="true"; shift ;;
--) shift
input_URI="$(echo "$1" | sed -r "s/%23/#/g")"
in_file="$(basename "$input_URI" | cut -d'#' -f1)"
break ;;
* ) shift ;;
esac
done
encrypt_upload() {
trap 'cleanup "" "$out_file"' SIGINT SIGTERM SIGHUP
local pass; pass="$(< /dev/urandom tr -dc '[:alnum:]' | head -c22)" # ~131bits entropy
if [[ "$SKIP" == "true" ]]; then
local out_file="/tmp/$in_file"
else
local out_file="/tmp/$in_file#$pass"
fi
if [[ ! -f "$input_URI" ]]; then
cleanup "2" "none" "You need to specify a file in order for this to work!"
fi
printf "%s" "$pass" | gpg --output "$out_file" --batch --passphrase-fd 0 \
--symmetric --cipher-algo AES256 "$input_URI" || \
cleanup "3" "$out_file" "Error on the gpg side."
if [[ -n "$NICK" ]]; then
ARG_PREP="${ARG_PREP}-n$IFS$NICK$IFS"
fi
if [[ -n "$PASSWORD" ]]; then
ARG_PREP="${ARG_PREP}-p$IFS$PASSWORD$IFS"
fi
if [[ -n "$ROOM" ]]; then
ARG_PREP="${ARG_PREP}-r$IFS$ROOM$IFS"
fi
if [[ -n "$ROOMPASS" ]]; then
ARG_PREP="${ARG_PREP}-u$IFS$ROOMPASS$IFS"
fi
ARG_PREP="$ARG_PREP$out_file"
printf "%s" "$ARG_PREP" | xargs -d "$IFS" volaupload.sh || \
cleanup "4" "$out_file" "Error on the volaupload side."
if [[ "$SKIP" == "true" ]]; then
echo "Send this passphrase to your peer so he can decrypt your file:" >&2
echo "$pass"
fi
cleanup "0" "$out_file"
}
download_decrypt() {
trap 'cleanup "" "$encrypted_file"' SIGINT SIGTERM SIGHUP
local encrypted_file
local pass
local error
encrypted_file="$(mktemp)"
$cURL -fLH "Cookie: allow-download=1" "$input_URI" --output "$encrypted_file"
error="$?"
if [[ ! "$error" -eq 0 ]] && [[ ! "$error" -eq 102 ]]; then
cleanup "5" "$encrypted_file" "Couldn't download your stuff."
else
echo -e "\nDownload complete. Decrypting...\n" >&2
fi
if [[ -n "$PASSPHRASE" ]]; then
pass="$PASSPHRASE"
else
pass="$(echo "$input_URI" | cut -d'#' -f2)"
fi
printf "%s" "$pass" | gpg --output "$in_file" --batch --passphrase-fd 0 \
--decrypt "$encrypted_file" || \
cleanup "3" "$encrypted_file" "Error on the gpg side."
echo -e "\nAll done!" >&2
cleanup "0" "$encrypted_file"
}
trap cleanup SIGINT
trap 'cleanup "1"' SIGHUP SIGTERM
trap 'cleanup "0"' EXIT
if [[ -n "$PASSPHRASE" ]] && [[ -n "$SKIP" ]]; then
cleanup "6" "none" "Can't encrypt and decrypt at the same time.\n"
elif [[ "$input_URI" == "https://volafile.org"* ]]; then
download_decrypt
else
if [[ ! -f "$input_URI" ]]; then
cleanup "7" "none" "Can't encrypt something that doesn't exist!\n"
fi
encrypt_upload
fi