3 # amcrypt-ossl.sh - crypto helper using OpenSSL
4 # Usage: amcrypt-ossl.sh [-d]
8 exec_prefix="@exec_prefix@"
10 amlibexecdir="@amlibexecdir@"
11 . "${amlibexecdir}/amanda-sh-lib.sh"
13 # change these as needed
14 OPENSSL= # whatever's in $PATH
15 CIPHER=aes-256-cbc # see `openssl help` for more ciphers
16 AMANDA_HOME=~@CLIENT_LOGIN@
17 RANDFILE=$AMANDA_HOME/.rnd
19 PASSPHRASE=$AMANDA_HOME/.am_passphrase # required
21 # where might openssl be?
22 PATH=/bin:/usr/bin:/usr/local/bin:/usr/ssl/bin:/usr/local/ssl/bin:/opt/csw/bin
26 if [ -z "${OPENSSL:=`which openssl`}" ]; then
27 echo `_ '%s: openssl not found' "${ME}"` >&2
29 elif [ ! -x "${OPENSSL}" ]; then
30 echo `_ "%s: can't execute %s (%s)" "${ME}" "openssl" "${OPENSSL}"` >&2
34 # we'll need to pad the datastream to a multiple of the cipher block size prior
35 # to encryption. 96 bytes (= 768 bits) should be good for any cipher.
37 perl -pe 'BEGIN { $bs = 96; $/ = \8192 } $nbytes = ($nbytes + length) % $bs; END { print "\0" x ($bs - $nbytes) }'
40 if [ "$1" = -d ]; then
42 "${OPENSSL}" enc -d "-${CIPHER}" -nopad -salt -pass fd:3 3< "${PASSPHRASE}"
45 pad | "${OPENSSL}" enc -e "-${CIPHER}" -nopad -salt -pass fd:3 3< "${PASSPHRASE}"