#!/bin/sh

# This file is in the public domain.
# Author: Joost van Baal-Ilić, march 2014
# Inspired upon an idea by Casper Gielen, Wessel Dankers e.a.
# ( https://svn.uvt.nl/its-id/trunk/doc/unix/groupenc ).

# Usage: vi /run/shm/a && a1-groupenc /run/shm/a
#
# To select a different set of PGP keys, run e.g.:
#  A1_GROUPENC_KEYS=B8FAC2E250475B8CE940A91957930DAB0B86B067 a1-groupenc /run/shm/a
#
# Set A1_GROUPENC_HEADER to the header text you like better than the default
# one.
#
# If you're asked:
#  [...] It is NOT certain that the key belongs to the person named in the user
#  ID. [...] Use this key anyway? (y/N)
# , then choose "N" and exchange PGP key fingerprint in a real life meeting with
# the other person

joostvb=B8FAC2E250475B8CE940A91957930DAB0B86B067
mhorden=46226C253A75686066B582DE2089C20CAD95031D

groupmembers=$A1_GROUPENC_KEYS
: ${groupmembers:="$joostvb $mhorden"}

header="$( cat <<EOT
# ssh://git.mdcc.cx/git/ad1810-stuff.git
# Decrypt this file by running
#
#   umask 077 && gpg --decrypt README >/run/shm/a && cat /run/shm/a
#
# .  For editing it afterwards, run
#
#  sensible-editor /run/shm/a
#  a1-groupenc /run/shm/a
#
# .
EOT
)"
header=${A1_GROUPENC_HEADER:-$header}

echo "WARNING: This script will shred(1) your file $@ to pieces.   Press ^C to avoid and abort."
test -f README && echo "WARNING: This script will overwrite your file README.  Press ^C to avoid and abort."

gpg --no-auto-check-trustdb --recv $groupmembers

gpg --sign --encrypt --armor --no-auto-check-trustdb --no-encrypt-to \
        $(for i in $groupmembers; do echo -r 0x$i; done) \
        "$@"

( echo "$header"; cat "$@.asc" ) >README
echo 'Encrypted data saved in file README.'
rm "$@.asc"
shred --remove "$@"