As most in the know have switched away from rsa to ecdsa or ed25519 keys how hard would it be to support other key types.
openssh supports:

• dsa
• ecdsa
• ed25519
• rsa

this would make sshenc.sh more versatile in secure environments.

Can we retain (re-add) tests.sh with different name like tests-pre1.1.1.sh for sshenc-pre1.1.1.sh. It would be helpful for people who are not able to get openssl1.1.1 on their machine. Glad to see the changes, but somehow I'm not able to run the new version on my machine openssl version -a returns this
LibreSSL 2.8.3
built on: date not available
platform: information not available
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: information not available
OPENSSLDIR: "/private/etc/ssl"

could you advise what steps are needed to be able to run the 1.1.1 compatible changes.
Thanks.

I'd prefer
temp_dir="$(mktemp --tmpdir=~/.sshenc/tmp -d -t "$me.XXXXXX")"

~λ openssl rsautl -decrypt -ssl -inkey .ssh/id_rsa
unable to load Private Key
139994616321280:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

jeroen/openssl#66

I loved the addition of the github key, could the same be done for gitlab.com

using 2048 key pair.

First of all thanks for building this tool! ❤️

But it seems to fail if the ssh key is protected with a password. At least on my system I get prompted for a password in this line

That conflicts with the encrypted data I am already shoving down stdin. So it reads it as password and fails because the password is wrong. It would be nice to allow reading from a file instead of reading from stdin. To keep stdin free for password prompts.

Something along the lines of changing this

to stdin="$(cat "$encrypted_file")"

And the decrypt command from this

sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt

to this

sshenc.sh -s ~/.ssh/id_rsa -f encrypted.txt