• lithium.io7.org
• ~shanq
• Bits & Bytes
• #!/bin/sh
• crt_sfx_enc.sh

Created: 2007-04-21 / Last Modified: 2011-07-06 HU|EN  

crt_sfx_enc.sh - create self-extracting encoded file

Motivation: I need to transfer confidential data over a non-secure channel and make the recipients job as easy as possible.

The script creates a self-extracting file that contains the file or folder provided as first argument in a password protected 256 bit AES encrypted form. When providing a folder, the full content is stored compressed and encrypted, for single regular files compression is not employed. The resulting file with the extension 'enc' is a script itself, which - when executed - decrypts the stored files into the current directory given that the correct password is provided. As the full content of the stored files is encrypted, an attacker would have to either break AES or guess the password. This also holds for a user who forgot the password used for creating the encrypted file...

Implementation details: The script employs openss and GNU tar. Although they are installed by default on most linux based system, on some unices they are not. Keep this in mind. One aspect worth to mention is that the created script only includes ASCII characters, which, for the price of a few extra bytes, enables copy-paste based transfer like IRC, putty, telnet etc.

#!/bin/sh

if [ -z $1 ]; then
	cat <<-EOF
	[ create self extracting encrypted file :: http://lithium.io7.org/ ]
	echo "Usage: $0 file
	
	The script creates a self-extracting AES256 encrypted file, holding the
	contents of a regular file or a directory provided as the first argument.
	Running the resulting file will restore the encrypted files to the current
	working directory.
	EOF
elif [ -f $1 ]; then
	cat > $(basename $1.enc) <<-EOF
	#!/bin/sh
	
	# self extracting encrypted file (http://lithium.io7.org/)
	tail -n +7 \$0 | openssl enc -d -aes-256-cbc -a -out \$(basename \${0%.enc}) || echo "bad password?"
	exit 0
	
	EOF
	openssl enc -a -aes-256-cbc -salt -in $1 >> $(basename $1.enc)
elif [ -d $1 ]; then
	cat > $(basename $1.enc) <<-EOF
	#!/bin/sh
	
	# self extracting encrypted archive (http://lithium.io7.org/)
	tail -n +7 \$0 | openssl enc -d -aes-256-cbc -a | tar xz || echo "bad password?"
	exit 0
	
	EOF
	tar cz $1 | openssl enc -a -aes-256-cbc -salt >> $(basename $1.enc)
else
	echo "aborting: $1 is not a regular file of directory." && exit 1
fi

© 2003-2020 lithium.io7.org
Content on this site is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.