#!/bin/sh

# This uses a passphrase supplied by the user
# If OpenSSL is installed, you can generate a passphrase by running:
# 	openssl rand -hex 32
# To get a true random passphrase, run:
#	wget -q -O - 'https://www.random.org/cgi-bin/randbyte?nbytes=32&format=h' | tr -d ' \n'; echo

[ "$#" -ne 2 ] && echo "cluster_passphrase_command usage: $0 %R \"%P\"" 1>&2 && exit 1

FD="$1"
[ ! -t "$FD" ] && echo "file descriptor $FD does not refer to a terminal" 1>&2 && exit 1

MSG="$2"


# ----------------------------------------------------------------------


stty -echo <&"$FD"

echo 1>&"$FD"
echo -n "$MSG" 1>&"$FD"
read PASS <&"$FD"

stty echo <&"$FD"

if [ ! "$PASS" ]
then	echo 'invalid:  empty passphrase' 1>&2
	exit 1
fi

echo -n "$PASS" |
	sha256sum |
	cut -d' ' -f1

exit 0