-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcrypto.sh
75 lines (65 loc) · 2.51 KB
/
crypto.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/env bash
#
# Copyright (c) Sebastian Kucharczyk <kuchen@kekse.biz>
# https://kekse.biz/ https://github.com/kekse1/scripts/
# v0.0.4
#
# Manage LUKS encryption via `cryptsetup` (dependency).
#
# My aim is to transparently `cmount` or `cumount`, plus
# the initial format/preparation of crypto devices/mounts.
#
# STILL only **TODO**!!111
#
#
__crypto_cryptsetup="cryptsetup"
__crypto_error_cryptsetup_not_found="The \`cryptsetup\` utility doesn't seem to be installed on your system!"
__crypto_error_invalid_device="Invalid \`device\` parameter, maybe it doesn't exist (a file path, probably a block device)!"
__crypto_error_invalid_mount="Invalid \`mount point\` parameter; maybe there's no such *directory*!"
#
cformat()
{
local CRYPTSETUP="$(which "${__crypto_cryptsetup}" 2>/dev/null)"; if [[ -z "$CRYPTSETUP" ]]; then
echo "[ERROR] ${__crypto_error_cryptsetup_not_found}" >&2; return 1; fi
local DEVICE="$1"; if [[ -z "$DEVICE" || ! -e "$DEVICE" ]]; then
echo "[ERROR] ${__crypto_error_invalid_device}" >&2; return 2; fi
local CMD="${CRYPTSETUP} luksFormat"
CMD="${CMD} --type luks2 --cipher aes-xts-plain64 --hash sha512 --key-size 512 --iter-time 2560 --use-urandom --verify-passphrase --pbkdf argon2id"
CMD="${CMD} ${DEVICE}"
# todo # 'mkfs....'!
}
clist()
{
local CMD="cat /proc/crypto"
}
cinfo()
{
false
# `cryptsetup -v status $NAME`
}
cmount()
{
local CRYPTSETUP="$(which "${__crypto_cryptsetup}" 2>/dev/null)"; if [[ -z "$CRYPTSETUP" ]]; then
echo "[ERROR] ${__crypto_error_cryptsetup_not_found}" >&2; return 1; fi
local DEVICE="$1"; if [[ -z "$DEVICE" || ! -e "$DEVICE" ]]; then
echo "[ERROR] ${__crypto_error_invalid_device}" >&2; return 2; fi
local MOUNT="$2"; if [[ -z "$MOUNT" || ! -d "$MOUNT" ]]; then
echo "[ERROR] ${__crypto_error_invalid_mount}" >&2; return 3; fi
local NAME="$(basename "$MOUNT")"
local MAPPER="/dev/mapper/${NAME}"
local CMD1="${CRYPTSETUP} luksOpen '$DEVICE' '${NAME}'"
local CMD2="mount '${MAPPER}' '${MOUNT}'"
}
cumount()
{
local CRYPTSETUP="$(which "${__crypto_cryptsetup}" 2>/dev/null)"; if [[ -z "$CRYPTSETUP" ]]; then
echo "[ERROR] ${__crypto_error_cryptsetup_not_found}" >&2; return 1; fi
local DEVICE="$1"; if [[ -z "$DEVICE" || ! -e "$DEVICE" ]]; then
echo "[ERROR] ${__crypto_error_invalid_device}" >&2; return 2; fi
local MOUNT="$2"; if [[ -z "$MOUNT" || ! -d "$MOUNT" ]]; then
echo "[ERROR] ${__crypto_error_invalid_mount}" >&2; return 3; fi
local NAME="$(basename "$MOUNT")"
local CMD2="${CRYPTSETUP} luksClose '${NAME}'"
local CMD1="umount '${MOUNT}'"
}
#