Add crypto

2020-02-05 21:44:58 +01:00 · 2020-02-05 21:44:58 +01:00 · 0a671b1a0a
commit 0a671b1a0a
parent b56a64ffd5
2 changed files with 28 additions and 1 deletions
--- a/backup.sh
+++ b/backup.sh
@ -2,6 +2,26 @@

 echo "backupinator :D"

+if [ ! -d /in ] || [ ! -d /out ] || [ ! -d /keys ]; then
+    echo "Please start this container with /in, /out and /keys mounted"
+    exit 1
+fi
+
 tar czf /tmp/backup.tar.gz -C /in .

-cp /tmp/backup.tar.gz /out
+# encryption
+
+openssl rand -out /tmp/secret.key 32
+openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass file:/tmp/secret.key \
+    -in /tmp/backup.tar.gz \
+    -out /out/backup.tar.gz.enc
+
+for keyfile in $(ls /keys); do
+    tmpkey=$(mktemp)
+    ssh-keygen -e -f "/keys/$keyfile" -m PKCS8 > "$tmpkey"
+    openssl rsautl -encrypt -oaep -pubin -inkey "$tmpkey" \
+        -in /tmp/secret.key \
+        -out "/out/key-${keyfile%.*}.enc"
+    rm $tmpkey
+done
+
--- a/decrypt.sh
+++ b/decrypt.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+tmpkey=$(mktemp)
+openssl rsautl -decrypt -oaep -inkey $1 -in $2 -out $tmpkey
+openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass "file:$tmpkey" \
+    -in "$3" -out "${3%.*}" -d
+rm $tmpkey