#! /usr/bin/env bash

set -e
set -u

PRIVATE_KEY='private-key.pem'
PUBLIC_KEY='public-key.pem'
KEY_FILE="key.bin"
KEY_FILE_ENCRYPTED="key.bin.enc"
CSV_FILE='fixture-secret.txt'
CSV_FILE_ENCRYPTED='secret.txt.enc'
PASSWORD_FILE='password.txt'

echo "!!! ALL PASSWORDS ARE $(cat $PASSWORD_FILE) !!!"

echo 'Generating RSA key'
openssl genrsa -aes256 -out $PRIVATE_KEY -passout file:$PASSWORD_FILE 4096

echo 'Generating 256 bit random key'
openssl rand 256 > $KEY_FILE

echo 'Generating public key'
openssl rsa -in $PRIVATE_KEY -passin file:$PASSWORD_FILE -pubout -outform pem > $PUBLIC_KEY

echo 'Encrypting the random key'
openssl rsautl -encrypt -inkey $PUBLIC_KEY -pubin -in $KEY_FILE -out $KEY_FILE_ENCRYPTED

echo 'Encrypting CSV file'
openssl enc -aes-256-cbc -salt -in $CSV_FILE -out $CSV_FILE_ENCRYPTED -pass file:$KEY_FILE

# Send encrypted file and key across network

echo 'Decrypting key'
openssl rsautl -decrypt -inkey $PRIVATE_KEY -in KEY_FILE_ENCRYPTED -out $KEY_FILE

echo 'Decrypting file'
openssl enc -d -aes-256-cbc -in $CSV_FILE_ENCRYPTED -out output.txt -pass file:$KEY_FILE