rsaCrypt allows you to crypt a file before sending it via an unsecure channel. RSA public key can be either manually provided or automatically downloaded from gitlab user's keys (in this case, all RSA keys will be used, producing N output files)
This project is loosely based on Catacomb for the key retrieval and general structure but does a bit more.
openssl, shred and ssh-keygen are needed.
If it's your default RSA pubkey (~/.ssh/id_rsa.pub) that was used for encryption :
bash file.enc.sh
If it's another RSA key, you will need to specify the correct private key
bash file.enc.sh -i ~/.ssh/mykey_rsa
To encrypt (-e) a file for gitlab (-g) user alice
./rsaCrypt.sh -e -g alice file
./rsaCrypt.sh -e -i ~/.ssh/alice.pub file
RSA allows for encryption of short messages with public key, but only up to the key modulus size. So it mostly can't be used to encrypt a file.
rsaCrypt first copies itself at the beginning of the output file so it can be auto-executed by recipient.
rsaCrypt then creates a random secret key (secret) aes256 and encrypt the file with this secret. Then it encrypts the secret with the provided RSA public key, smash it all together in a single string with a separator and BAM, you're done.
Decryption consists in separating the message from the secret, decrypting the secret with your private RSA key, and then decrypting the message with the secret
ssh-keygen stores RSA private keys using it's own format by default (file beginning with --- BEGIN OPENSSH PRIVATE KEY ---) which can't be used by openssl rsautl.
That will not prevent your from encrypting, as public keys are standard, but it's a pein in the ass for the decryption process.
rsaCrypt handles that by copying your private key in a temp directory, re-encoding it to PEM (and dropping the passphrase protection), decrypting all that's needed and shredding + deleting the copied private key.
That's why you might see the following in STDERR
ecryption failed , reencoding key
Your identification has been saved with the new passphrase.
Don't worry, the unprotected key is securely shredded and removed afterwards, even in the case of SIGINT (however, not in case of SIGKILL or any other hard-wired temination, such as a sledgehammer)