From 0a671b1a0a087e072d4da74e47e8d0165ce0e5b1 Mon Sep 17 00:00:00 2001
From: Kai Vogelgesang <s8kavoge@stud.uni-saarland.de>
Date: Wed, 5 Feb 2020 21:44:58 +0100
Subject: [PATCH] Add crypto

---
 backup.sh  | 22 +++++++++++++++++++++-
 decrypt.sh |  7 +++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100755 decrypt.sh

diff --git a/backup.sh b/backup.sh
index 7e6b1d0..be57028 100755
--- a/backup.sh
+++ b/backup.sh
@@ -2,6 +2,26 @@
 
 echo "backupinator :D"
 
+if [ ! -d /in ] || [ ! -d /out ] || [ ! -d /keys ]; then
+    echo "Please start this container with /in, /out and /keys mounted"
+    exit 1
+fi
+
 tar czf /tmp/backup.tar.gz -C /in .
 
-cp /tmp/backup.tar.gz /out
+# encryption
+
+openssl rand -out /tmp/secret.key 32
+openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass file:/tmp/secret.key \
+    -in /tmp/backup.tar.gz \
+    -out /out/backup.tar.gz.enc
+
+for keyfile in $(ls /keys); do
+    tmpkey=$(mktemp)
+    ssh-keygen -e -f "/keys/$keyfile" -m PKCS8 > "$tmpkey"
+    openssl rsautl -encrypt -oaep -pubin -inkey "$tmpkey" \
+        -in /tmp/secret.key \
+        -out "/out/key-${keyfile%.*}.enc"
+    rm $tmpkey
+done
+
diff --git a/decrypt.sh b/decrypt.sh
new file mode 100755
index 0000000..e350ae3
--- /dev/null
+++ b/decrypt.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+tmpkey=$(mktemp)
+openssl rsautl -decrypt -oaep -inkey $1 -in $2 -out $tmpkey
+openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass "file:$tmpkey" \
+    -in "$3" -out "${3%.*}" -d
+rm $tmpkey