#!/bin/bash

rm -f content
rm  *.enc
rm *.pem
rm keyfile
rm  *.b64
rm  *.dec

echo "generate: data-key for this content transfer"
openssl rand 32 -out keyfile

echo "generate: private key of the Recipient (Not normally known)"
openssl genrsa -out recipient-key.pem 2048

echo "generate: public key (Provided by recipient)"
openssl rsa -in recipient-key.pem -out recipient-key.pub.pem -outform PEM -pubout

echo "generate: sample 2Mb 'content' file"
dd if=/dev/urandom bs=2097152 count=1 2>/dev/null | uuencode - | grep -v begin | cut -b 2-2097154 > content

echo -n "content fingerprint:"
md5 content

echo "encrypt content: content with keyfile: NOTE: check the keyfile size"
openssl enc -aes-256-cbc -a -kfile keyfile -in content -out content.enc

echo "generate: mail friendly attachment. base64 encode content, if needed to mail the file"
openssl base64 -e -in content.enc -out content.enc.b64

echo "encrypt: keyfile with public key of recipient"
openssl rsautl -encrypt -pubin -inkey recipient-key.pub.pem -in keyfile -out keyfile.enc

echo "generate: mail friendly recipient only key"
openssl base64 -in keyfile.enc -out keyfile.enc.b64

echo "info: =================  Encrypted Content Summary ================="
echo "info: content encrypted: content --> (Encrypted with keyfile) --> content.enc --> (base64) --> content.enc.b64"
echo "info: content data-key encrypted: keyfile --> (encrypted with Recipients Public Key) --> keyfile.enc --> (base64) --> keyfile.enc.b64"

echo "info: =================  Decrypt Content Process ================="
echo "info: keyfile.enc --> (decrypt using Recipient Private Key) --> keyfile.dec"
echo "info: content.enc --> (decrypt using keyfile.dec data key) --> content.dec"


echo "decrypt: keyfile"
openssl rsautl -decrypt -inkey recipient-key.pem -in keyfile.enc -out keyfile.dec
#openssl rsautl -decrypt -inkey recipient-key.pem -in keyfile.enc.b64 -out keyfile.dec.b64

echo "fingerprint of plaintext and decrypted cipher keyfile"
md5 keyfile keyfile.dec

echo "decrypt: encrypted content"
openssl enc -d -aes-256-cbc -a -kfile keyfile.dec -in content.enc -out content.dec

echo "fingerprint: check all content files"
md5 content content.dec