# shellcheck shell=dash

___x_cmd_hub_file___encrypt_file(){
    local filekey="$1"
    if [ -z "$filekey" ]; then
        printf "%s\n\n" "compress: xz"
        ___x_cmd_hub_file___xz
    else
        printf "%s\n%s\n\n" "compress: xz" "keyname: $___X_CMD_HUB_KEYPAIR_NAME"
        ___x_cmd_hub_file___xz | ___x_cmd openssl enc -aes-256-cbc -salt -in - -out - -pbkdf2 -pass pass:"$filekey"
    fi
}

___x_cmd_hub_file___gen_filekey(){
    ___x_cmd openssl rand -hex 32
}

___x_cmd_hub_file___decrypt_file(){
    local filekey="$1"
    [ -n "$filekey" ] || M='filekey is required' N=hub log:ret:64
    hub:debug "decrypt file => filekey=$filekey"
    ___x_cmd openssl enc -d -aes-256-cbc -in -  -pbkdf2 -out - -pass pass:"$filekey"
}

___x_cmd_hub_file___encrypt_filekey(){
    local keypath="$1"; [ -n "$keypath" ] || M='keypath is required' N=hub log:ret:64
    # TODO: oneline output use openssl
    ___x_cmd openssl pkeyutl -encrypt -pubin -inkey "$keypath" -in - -out - | ___x_cmd openssl enc -A -base64
}

___x_cmd_hub_file___decrypt_filekey(){
    local keypath="$1"; [ -n "$keypath" ] || M='keypath is required' N=hub log:ret:64
    ___x_cmd openssl enc -d -A -base64 | ___x_cmd openssl pkeyutl -decrypt -inkey "$keypath" -in - -out -
}
