X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Famcrypt-ossl.sh;fp=common-src%2Famcrypt-ossl.sh;h=edab1319676a943c92cfc6c8ce00cd69f543d846;hb=94a044f90357edefa6f4ae9f0b1d5885b0e34aee;hp=0000000000000000000000000000000000000000;hpb=d3b2175e084f88c8736ad7073eacbf4670147aec;p=debian%2Famanda

diff --git a/common-src/amcrypt-ossl.sh b/common-src/amcrypt-ossl.sh
new file mode 100644
index 0000000..edab131
--- /dev/null
+++ b/common-src/amcrypt-ossl.sh
@@ -0,0 +1,47 @@
+#!@SHELL@
+#
+# amcrypt-ossl.sh - crypto helper using OpenSSL
+# Usage: amcrypt-ossl.sh [-d]
+#
+
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+sbindir="@sbindir@"
+amlibexecdir="@amlibexecdir@"
+. "${amlibexecdir}/amanda-sh-lib.sh"
+
+# change these as needed
+OPENSSL=			# whatever's in $PATH
+CIPHER=aes-256-cbc		# see `openssl help` for more ciphers
+AMANDA_HOME=~@CLIENT_LOGIN@
+RANDFILE=$AMANDA_HOME/.rnd
+export RANDFILE
+PASSPHRASE=$AMANDA_HOME/.am_passphrase	# required
+
+# where might openssl be?
+PATH=/bin:/usr/bin:/usr/local/bin:/usr/ssl/bin:/usr/local/ssl/bin:/opt/csw/bin
+export PATH
+ME=`basename "$0"`
+
+if [ -z "${OPENSSL:=`which openssl`}" ]; then
+	echo `_ '%s: openssl not found' "${ME}"` >&2
+	exit 1
+elif [ ! -x "${OPENSSL}" ]; then
+	echo `_ "%s: can't execute %s (%s)" "${ME}" "openssl" "${OPENSSL}"` >&2
+	exit 1
+fi
+
+# we'll need to pad the datastream to a multiple of the cipher block size prior
+# to encryption. 96 bytes (= 768 bits) should be good for any cipher.
+pad() {
+	perl -pe 'BEGIN { $bs = 96; $/ = \8192 } $nbytes = ($nbytes + length) % $bs; END { print "\0" x ($bs - $nbytes) }'
+}
+
+if [ "$1" = -d ]; then
+	# decrypt
+	"${OPENSSL}" enc -d "-${CIPHER}" -nopad -salt -pass fd:3 3< "${PASSPHRASE}"
+else
+	# encrypt
+	pad | "${OPENSSL}" enc -e "-${CIPHER}" -nopad -salt -pass fd:3 3< "${PASSPHRASE}"
+fi
+