1
0
Fork 0
mirror of synced 2025-01-07 05:32:17 -05:00

Refactor encryption option generation

This commit is contained in:
Tim Byrne 2020-10-07 01:20:44 -05:00
parent c2a4d9cb27
commit 2e035d9e05
No known key found for this signature in database
GPG key ID: 14DB4FC2465A4B12

40
yadm
View file

@ -55,6 +55,7 @@ OPERATING_SYSTEM="Unknown"
ENCRYPT_INCLUDE_FILES="unparsed" ENCRYPT_INCLUDE_FILES="unparsed"
GPG_OPTS=()
OPENSSL_OPTS=() OPENSSL_OPTS=()
LEGACY_WARNING_ISSUED=0 LEGACY_WARNING_ISSUED=0
@ -915,20 +916,32 @@ EOF
} }
function _set_gpg_options() {
gpg_key="$(config yadm.gpg-recipient)"
if [ "$gpg_key" = "ASK" ]; then
GPG_OPTS=("--no-default-recipient" "-e")
elif [ "$gpg_key" != "" ]; then
GPG_OPTS=("-e" "-r $gpg_key")
else
GPG_OPTS=("-c")
fi
}
function _get_openssl_ciphername() { function _get_openssl_ciphername() {
OPENSSL_CIPHERNAME="$(config yadm.openssl-ciphername)" OPENSSL_CIPHERNAME="$(config yadm.openssl-ciphername)"
if [ -z "$OPENSSL_CIPHERNAME" ]; then if [ -z "$OPENSSL_CIPHERNAME" ]; then
OPENSSL_CIPHERNAME="aes-256-cbc" OPENSSL_CIPHERNAME="aes-256-cbc"
fi fi
echo "$OPENSSL_CIPHERNAME" echo "$OPENSSL_CIPHERNAME"
} }
function _set_openssl_options() { function _set_openssl_options() {
cipher_name="$(_get_openssl_ciphername)"
OPENSSL_OPTS=("-${cipher_name}" -salt)
if [ "$(config --bool yadm.openssl-old)" == "true" ]; then if [ "$(config --bool yadm.openssl-old)" == "true" ]; then
OPENSSL_OPTS=(-md md5) OPENSSL_OPTS+=(-md md5)
else else
OPENSSL_OPTS=(-pbkdf2 -iter 100000 -md sha512) OPENSSL_OPTS+=(-pbkdf2 -iter 100000 -md sha512)
fi fi
} }
@ -949,16 +962,13 @@ function _decrypt_from() {
case "$yadm_cipher" in case "$yadm_cipher" in
gpg) gpg)
require_gpg require_gpg
$GPG_PROGRAM -d "$output_archive" $GPG_PROGRAM -d "$output_archive"
;; ;;
openssl) openssl)
require_openssl require_openssl
OPENSSL_CIPHERNAME="$(_get_openssl_ciphername)"
_set_openssl_options _set_openssl_options
$OPENSSL_PROGRAM enc -d "${OPENSSL_OPTS[@]}" "-${OPENSSL_CIPHERNAME}" -salt -in "$output_archive" $OPENSSL_PROGRAM enc -d "${OPENSSL_OPTS[@]}" -in "$output_archive"
;; ;;
*) *)
@ -978,26 +988,14 @@ function _encrypt_to() {
case "$yadm_cipher" in case "$yadm_cipher" in
gpg) gpg)
require_gpg require_gpg
_set_gpg_options
# Build gpg options for gpg
GPG_KEY="$(config yadm.gpg-recipient)"
if [ "$GPG_KEY" = "ASK" ]; then
GPG_OPTS=("--no-default-recipient" "-e")
elif [ "$GPG_KEY" != "" ]; then
GPG_OPTS=("-e" "-r $GPG_KEY")
else
GPG_OPTS=("-c")
fi
$GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$output_archive" $GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$output_archive"
;; ;;
openssl) openssl)
require_openssl require_openssl
OPENSSL_CIPHERNAME="$(_get_openssl_ciphername)"
_set_openssl_options _set_openssl_options
$OPENSSL_PROGRAM enc -e "${OPENSSL_OPTS[@]}" "-${OPENSSL_CIPHERNAME}" -salt -out "$output_archive" $OPENSSL_PROGRAM enc -e "${OPENSSL_OPTS[@]}" -out "$output_archive"
;; ;;
*) *)