#!/bin/ksh

function getpass {
    local _PROMPT="$1"
    local _PASS

    stty -f /dev/tty -echo
    trap 'stty -f /dev/tty echo; exit 1' INT TERM
    printf "%s" "$_PROMPT" > /dev/tty
    read _PASS < /dev/tty
    trap '' INT TERM
    stty -f /dev/tty echo
    echo > /dev/tty
    echo "$_PASS"
}
	
# main()

if [ $# -lt 2 ]; then
    echo "Usage: `basename $0` tarflags file ..." >&2 && exit 1
fi

TARFLAGS=$1
shift

case $TARFLAGS in
    *c*)
	FILE=$1
	shift
	PROMPT="Password for $(basename $FILE)"
	PASS=`getpass "$PROMPT:"`
	PASS2=`getpass "$PROMPT (again):"`
	if [ "$PASS" != "$PASS2" ]; then
	    echo "Passwords mismatched" >&2 && exit 1
	fi
	PASSFILE=`mktemp`
	echo "$PASS" > $PASSFILE
	trap 'rm -f $PASSFILE; exit 1' INT TERM
	tar $TARFLAGS - $* | openssl aes-256-cbc -e -kfile $PASSFILE -out $FILE
	rm $PASSFILE
	;;
    *t*|*x*)
	FILE=$1
	shift
	if [ -r $FILE ]; then
	getpass "Password for `basename $FILE`:" | \
	    openssl aes-256-cbc -d -pass stdin -in $FILE | tar $TARFLAGS - $*
    else
	echo "Can't open $1" >&2 && exit 1
    fi
	;;
    *)
	echo "Unrecognized tar flags '$TARFLAGS'" >&2 && exit 1
	;;
esac

exit 0