13 lines
793 B
Bash
Executable File
13 lines
793 B
Bash
Executable File
#!/usr/bin/env bash
|
|
# Encrypt a plaintext string with AES-256-CBC and output base64-encoded ciphertext.
|
|
# Usage: encrypt.sh <plaintext> <passphrase>
|
|
# The result can be decrypted with decrypt.sh using the same passphrase.
|
|
|
|
# -a : base64-encode the binary ciphertext so the result is printable/copy-pasteable
|
|
# -salt : prepend a random 8-byte salt to prevent identical plaintexts from
|
|
# producing identical outputs (thwarts rainbow-table attacks)
|
|
# -pbkdf2 : derive the key via PBKDF2 (Password-Based Key Derivation Function 2);
|
|
# more resistant to brute-force than the deprecated EVP_BytesToKey default
|
|
# -pass pass : read the passphrase from CLI argument $2 (avoids an interactive prompt)
|
|
echo $1 | openssl aes-256-cbc -a -salt -pbkdf2 -pass pass:$2
|