#!/bin/bash
# Desc: Decrypts files encrypted with age
# Usage: bkagedecrypt -i key.txt file1 file2 ...
# Version: 0.0.1
#==BEGIN Define script parameters==
#===BEGIN Define variables===
declare -g runFlag # If "false", indicates exit required
declare -ag inputFilePaths # Array to store input file paths
declare -Ag appRollCall # Associative array for storing app status
declare -Ag fileRollCall # Associative array for storing file status
declare -Ag dirRollCall # Associative array for storing dir status
timeScriptStartNs="$(date +%Y%m%dT%H%M%S.%N%z)";
dirTemp="/tmp/$timeScriptStartNs"..bkagedecrypt; # will be automatically deleted
#===END Define variables===
#===BEGIN Declare local script functions===
yell() { echo "$0: $*" >&2; } # Yell, Die, Try Three-Fingered Claw technique; # Ref/Attrib: https://stackoverflow.com/a/25515370
die() { yell "$*"; exit 111; }
try() { "$@" || die "cannot $*"; }
vbm() {
# Description: Prints verbose message ("vbm") to stderr if opVerbose is set to "true".
# Usage: vbm "DEBUG :verbose message here"
# Version 0.2.0
# Input: arg1: string
# vars: opVerbose
# Output: stderr
# Depends: bash 5.0.3, GNU-coreutils 8.30 (echo, date)
if [ "$opVerbose" = "true" ]; then
functionTime="$(date --iso-8601=ns)"; # Save current time in nano seconds.
echo "[$functionTime]:$0:""$*" 1>&2; # Display argument text.
fi
# End function
return 0; # Function finished.
} # Displays message if opVerbose true
checkapp() {
# Desc: If arg is a command, save result in assoc array 'appRollCall'
# Usage: checkapp arg1 arg2 arg3 ...
# Version: 0.1.1
# Input: global assoc. array 'appRollCall'
# Output: adds/updates key(value) to global assoc array 'appRollCall'
# Depends: bash 5.0.3
local returnState
#===Process Args===
for arg in "$@"; do
if command -v "$arg" 1>/dev/null 2>&1; then # Check if arg is a valid command
appRollCall[$arg]="true";
if ! [ "$returnState" = "false" ]; then returnState="true"; fi;
else
appRollCall[$arg]="false"; returnState="false";
fi;
done;
#===Determine function return code===
if [ "$returnState" = "true" ]; then
return 0;
else
return 1;
fi;
} # Check that app exists
checkfile() {
# Desc: If arg is a file path, save result in assoc array 'fileRollCall'
# Usage: checkfile arg1 arg2 arg3 ...
# Version: 0.1.1
# Input: global assoc. array 'fileRollCall'
# Output: adds/updates key(value) to global assoc array 'fileRollCall';
# Output: returns 0 if app found, 1 otherwise
# Depends: bash 5.0.3
local returnState
#===Process Args===
for arg in "$@"; do
if [ -f "$arg" ]; then
fileRollCall["$arg"]="true";
if ! [ "$returnState" = "false" ]; then returnState="true"; fi;
else
fileRollCall["$arg"]="false"; returnState="false";
fi;
done;
#===Determine function return code===
if [ "$returnState" = "true" ]; then
return 0;
else
return 1;
fi;
} # Check that file exists
checkdir() {
# Desc: If arg is a dir path, save result in assoc array 'dirRollCall'
# Usage: checkdir arg1 arg2 arg3 ...
# Version 0.1.1
# Input: global assoc. array 'dirRollCall'
# Output: adds/updates key(value) to global assoc array 'dirRollCall';
# Output: returns 0 if app found, 1 otherwise
# Depends: Bash 5.0.3
local returnState
#===Process Args===
for arg in "$@"; do
if [ -d "$arg" ]; then
dirRollCall["$arg"]="true";
if ! [ "$returnState" = "false" ]; then returnState="true"; fi
else
dirRollCall["$arg"]="false"; returnState="false";
fi
done
#===Determine function return code===
if [ "$returnState" = "true" ]; then
return 0;
else
return 1;
fi
} # Check that dir exists
displayMissing() {
# Desc: Displays missing apps, files, and dirs
# Usage: displayMissing
# Version 0.1.1
# Input: associative arrays: appRollCall, fileRollCall, dirRollCall
# Output: stderr: messages indicating missing apps, file, or dirs
# Depends: bash 5, checkAppFileDir()
local missingApps value appMissing missingFiles fileMissing
local missingDirs dirMissing
#==BEGIN Display errors==
#===BEGIN Display Missing Apps===
missingApps="Missing apps :";
#for key in "${!appRollCall[@]}"; do echo "DEBUG:$key => ${appRollCall[$key]}"; done
for key in "${!appRollCall[@]}"; do
value="${appRollCall[$key]}";
if [ "$value" = "false" ]; then
#echo "DEBUG:Missing apps: $key => $value";
missingApps="$missingApps""$key ";
appMissing="true";
fi;
done;
if [ "$appMissing" = "true" ]; then # Only indicate if an app is missing.
echo "$missingApps" 1>&2;
fi;
unset value;
#===END Display Missing Apps===
#===BEGIN Display Missing Files===
missingFiles="Missing files:";
#for key in "${!fileRollCall[@]}"; do echo "DEBUG:$key => ${fileRollCall[$key]}"; done
for key in "${!fileRollCall[@]}"; do
value="${fileRollCall[$key]}";
if [ "$value" = "false" ]; then
#echo "DEBUG:Missing files: $key => $value";
missingFiles="$missingFiles""$key ";
fileMissing="true";
fi;
done;
if [ "$fileMissing" = "true" ]; then # Only indicate if an app is missing.
echo "$missingFiles" 1>&2;
fi;
unset value;
#===END Display Missing Files===
#===BEGIN Display Missing Directories===
missingDirs="Missing dirs:";
#for key in "${!dirRollCall[@]}"; do echo "DEBUG:$key => ${dirRollCall[$key]}"; done
for key in "${!dirRollCall[@]}"; do
value="${dirRollCall[$key]}";
if [ "$value" = "false" ]; then
#echo "DEBUG:Missing dirs: $key => $value";
missingDirs="$missingDirs""$key ";
dirMissing="true";
fi;
done;
if [ "$dirMissing" = "true" ]; then # Only indicate if an dir is missing.
echo "$missingDirs" 1>&2;
fi;
unset value;
#===END Display Missing Directories===
#==END Display errors==
} # Display missing apps, files, dirs
showVersion() {
# Desc: Displays script version and license information.
# Usage: showVersion
# Version: 0.0.1 (modified)
# Input: scriptVersion var containing version string
# Output: stdout
# Depends: vbm(), yell, GNU-coreutils 8.30
# Initialize function
vbm "DEBUG:showVersion function called."
cat <<'EOF'
bkagedecrypt 0.0.1
Copyright (C) 2021 Steven Baltakatei Sandoval
License GPLv3: GNU GPL version 3
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
EOF
# End function
vbm "DEBUG:showVersion function ended."
return 0; # Function finished.
} # Display script version.
processArgs() {
# Desc: Processes arguments provided to script.
# Usage: processArgs "$@"
# Version: 0.0.1 (modified)
# Input: "$@" (list of arguments provided to the function)
# Output: Sets following variables used by other functions:
# opVerbose Indicates verbose mode enable status. (ex: "true", "false")
# pathDirOut1 Path to output directory.
# inputFilePaths Array containing paths of files to decrypt
# Depends:
# yell() Displays messages to stderr.
# vbm() Displays messsages to stderr if opVerbose set to "true".
# showUsage() Displays usage information about parent script
# showVersion() Displays version about parent script
# checkfile() Checks if file exists
# checkdir() Checks if dir exists
# dirRollCall Assoc. array used by checkfile(), checkdir(), checkapp()
# fileRollCall Assoc. array used by checkfile(), checkdir(), checkapp()
# appRollCall Assoc. array used by checkfile(), checkdir(), checkapp()
# External dependencies: bash (5.0.3), echo
# Ref./Attrib.:
# [1]: Marco Aurelio (2014-05-08). "echo that outputs to stderr". https://stackoverflow.com/a/23550347
vbm "STATUS:start processArgs()";
# Perform work
while [ ! $# -eq 0 ]; do # While number of arguments ($#) is not (!) equal to (-eq) zero (0).
#vbm "DEBUG:Starting processArgs while loop." # Debug stderr message. See [1].
#vbm "DEBUG:Provided arguments are:""$*" # Debug stderr message. See [1].
case "$1" in
-h | --help) showUsage; exit 1;; # Display usage.
--version) showVersion; exit 1;; # Show version
-v | --verbose) # Enable verbose mode. See [1].
opVerbose="true";
vbm "DEBUG:Verbose mode enabled.";;
-i | --identity) # Define identity file
pathFileIdentity="$2";
shift;;
-O | --output-dir) # Define output directory path
pathDirOut1="$2";
vbm "DEBUG:Setting pathDirOut1 to:$pathDirOut1";
shift;;
*) inputFilePaths+=("$1"); # Add to inputArgs array
vbm "DEBUG:Added to inputFilePaths array:$1";
esac;
shift;
done;
# If pathDirOut1 not set, set as default
if [[ -z $pathDirOut1 ]]; then
pathDirOut1="$(pwd)"; # Fall back to using current working directory
vbm "DEBUG:pathDirOut1 not set. Setting to default:$pathDirOut1";
fi;
# Exit if pathFileIdentity not set
if [[ -z $pathFileIdentity ]]; then
showUsage;
die "ERROR:not set:pathFileIdentity:$pathFileIdentity";
fi;
# Check apps, dirs
if ! checkapp age tar gunzip; then runFlag="false"; fi;
if ! checkdir "$pathDirOut1"; then runFlag="false"; fi;
# Check files
## Check identity file (required)
if ! checkfile "$pathFileIdentity"; then runFlag="false"; fi;
## Check inputFilePaths
if [[ ${#inputFilePaths[@]} -eq 0 ]]; then
vbm "DEBUG:ERROR:inputFilePaths array empty:'${inputFilePaths[*]}'";
runFlag="false"; fi;
for path in "${inputFilePaths[@]}"; do
vbm "DEBUG:Checking if file path $path exists.";
if ! checkfile "$path"; then
runFlag="false";
vbm "DEBUG:ERROR:File does not exist:$path"; fi;
done;
# On error, display missing elements, exit.
if [[ $runFlag == "false" ]]; then
displayMissing;
showUsage;
die "ERROR:Input argument requirements unsatisfied. Exiting.";
else
vbm "STATUS:Input argument requirements satisfied.";
fi;
# End function
vbm "STATUS:end processArgs()";
return 0; # Function finished.
} # Evaluate script options from positional arguments (ex: $1, $2, $3, etc.).
showUsage() {
# Desc: Display script usage information
# Usage: showUsage
# Version 0.0.1 (modified)
# Input: none
# Output: stdout
# Depends: GNU-coreutils 8.30 (cat)
cat <<'EOF'
NAME:
bkagedecrypt - decrypt age-encrypted files
USAGE:
bkagedecrypt [ options ] [FILE...]
DESCRIPTION:
Decrypt FILE(s) using `age` v1.0.0-rc.3. See:
https://github.com/FiloSottile/age
FILE(s) must have the following file name extensions and properties:
.gz.age.tar, File is a tar archive containing one or more
subfiles within. Each subfile contains an
age-encrypted, gzip-compressed plaintext file.
.gz.age, File is an age-encrypted gzip-compressed plaintext
file.
.age, File is an age-encrypted plaintext file.
Decryption via password is not supported.
OPTIONS:
-i, --identity KEY
Path of private key file passed to `age`.
-O, --output-dir
Define output directory path. (Default: current working dir)
-h, --help
Display help information.
--version
Display script version.
-v, --verbose
Display debugging info.
EXAMPLE:
$ bkagedecrypt -i key.txt foo.gz.age.tar
$ bkagedecrypt -i key.txt foo.gz.age.tar bar.gz.age baz.age
$ bkagedecrypt -i ky.txt -O ../ foo.gz.age.tar bar.gz.age baz.age
EOF
} # Display information on how to use this script.
extractGzAgeTar() {
# Desc: Extracts contents from .gz.age.tar
# Usage: extractGzAgeTar arg1
# Input: - arg1: path to file
# - pathFileIdentity: path to age identity file (for decryption)
# - pathDirOut1: path to output dir
# Output: file writes $pathDirOut1
# Depends: age v1.0.0-rpc3, GNU tar v1.30
vbm "STATUS:start extractGzAgeTar()";
vbm "args:$*";
vbm "pathFileIdentity:$pathFileIdentity";
vbm "pathDirOut1:$pathDirOut1";
local file
local -a fileNameList
# Get filename from path
file="$(basename "$1")";
# Get list of files from tar
while read -r line; do
fileNameList+=("$line");
vbm "Adding to fileNameList:$line";
done < <(try tar --list -f "$1");
vbm "STATUS:fileNameList:${fileNameList[*]}";
# Extract .gz.age files from tar to temporary dir
vbm "Extracting files from '$1' to '$dirTemp'";
try tar -xf "$1" -C "$dirTemp";
# Decrypt and decompress each .gz.age file to $pathDirOut1
for fileName in "${fileNameList[@]}"; do
if [[ $fileName =~ .gz.age$ ]]; then
## Decrypt and decompress files ending in .gz.age
vbm "DEBUG:Decrypting file:$dirTemp/$fileName";
try age -i "$pathFileIdentity" -d "$dirTemp"/"$fileName" | try gunzip > "$pathDirOut1"/"${fileName%.gz.age}";
else
## Copy other files as-is
try cp "$dirTemp"/"$fileName" "$pathDirOut1"/"$fileName";
fi;
done;
vbm "STATUS:end extractGzAgeTar()";
} # Extracts contents from .gz.age.tar
extractGzAge() {
# Desc: Extracts contents from .gz.age
# Usage: extractGzAge arg1
# Input: - arg1: path to file
# - pathFileIdentity: path to age identity file (for decryption)
# - pathDirOut1: path to output dir
# Output: file writes $pathDirOut1
# Depends: age v1.0.0-rpc3
vbm "STATUS:start extractGzAge()";
vbm "args:$*";
vbm "pathFileIdentity:$pathFileIdentity";
vbm "pathDirOut1:$pathDirOut1";
local file
# Get filename from path
file="$(basename "$1")";
# Decrypt and decompress to $pathDirOut1
try age -i "$pathFileIdentity" -d "$1" | try gunzip > "$pathDirOut1"/"${file%.gz.age}";
:
vbm "STATUS:end extractGzAge()";
} # Extracts contents from .gz.age
extractAge() {
# Desc: Extracts contents from .age
# Usage: extractAge arg1
# Input: - arg1: path to file
# - pathFileIdentity: path to age identity file (for decryption)
# - pathDirOut1: path to output dir
# Output: file writes $pathDirOut1
# Depends: age v1.0.0-rpc3
vbm "STATUS:start extractAge()";
vbm "args:$*";
vbm "pathFileIdentity:$pathFileIdentity";
vbm "pathDirOut1:$pathDirOut1";
local file
# Get filename from path
file="$(basename "$1")";
# Decrypt to $pathDirOut1
try age -i "$pathFileIdentity" -d "$1" > "$pathDirOut1"/"${file%.age}";
vbm "STATUS:end extractAge()";
} # Extracts contents from .age
main() {
vbm "STATUS:start main()";
# Process options
## Sets vars: - pathDirOut1 (from -O, --output-dir option)
## - opVerbose (from -v, --verbose option)
## - pathFileIdentity (from -i, --identity option)
processArgs "$@";
# Create temporary working dir
try mkdir "$dirTemp";
# Verify input args
for arg in "${inputFilePaths[@]}"; do
vbm "DEBUG:input file path is:$arg";
## Ends in .gz.age.tar?
if [[ $arg =~ .gz.age.tar$ ]]; then
vbm "DEBUG:$arg ends in .gz.age.tar";
vbm "DEBUG:$arg is a valid file extension";
: # do nothing
## Ends in .gz.age?
elif [[ $arg =~ .gz.age$ ]]; then
vbm "DEBUG:$arg ends in .gz.age";
vbm "DEBUG:$arg is a valid file extension";
## Ends in .age?
elif [[ $arg =~ .age$ ]]; then
vbm "DEBUG:$arg ends in .age";
vbm "DEBUG:$arg is a valid file extension";
else
showUsage;
die "ERROR:Invalid file extension detected.";
fi;
done;
# Work on each file
for file in "${inputFilePaths[@]}"; do
vbm "DEBUG:input file path is:$arg";
vbm "DEBUG:file is:$file";
## Ends in .gz.age.tar?
if [[ $file =~ .gz.age.tar$ ]]; then
vbm "DEBUG:Beginning extraction of file(s) from $file";
extractGzAgeTar "$file";
## Ends in .gz.age?
elif [[ $file =~ .gz.age$ ]]; then
vbm "DEBUG:Beginning extraction of file from $file";
extractGzAge "$file";
## Ends in .age?
elif [[ $file =~ .age$ ]]; then
vbm "DEBUG:Beginning extraction of file from $file";
extractAge "$file";
else
vbm "DEBUG:Invalid file extension detected:$file"
showUsage;
die "Exiting.";
fi;
done;
# Remove temporary directory
try rm -rf "$dirTemp";
vbm "STATUS:end main()";
}
#===END Declare local script functions===
#==END Define script parameters==
# Run program
main "$@";
# Author: Steven Baltakatei Sandoval
# License: GPLv3+