Return to Answer

function kruptos
{
    local file=~/.kruptos.tar.gz.aes
    
    case "${1:-d}" in
        d)
            # Decrypt
            openssl aes-256-cbc -d  -in  \
                | tar -C ~ -xz -f - --strip-components=2 \
                && rm "$file"
            ;;
        e)
            # Encrypt
            tar -zcf - ~/.kruptos \
                | openssl aes-256-cbc -out "$file" -kfile ~/.kruptos/.phrazein \
                && rm -r ~/.kruptos
            ;;
        i)
            # Initialize
            mkdir ~/.kruptos
            echo pswd > ~/.kruptos/.phrazein
            ;;
        *)
            # invalid
            exec >&2
            echo "Usage: $0 [option]"
            echo "Options:"
            echo "  d - decrypt [default]"
            echo "  e - encrypt"
            echo "  i - initialize"
            return 1
            ;;
    esac
}

function kruptos
{
    local dir=~/.kruptos
    local file=~/.kruptos.tar.gz.aes
    local keyfile="$dir/.phrazein"
    
    case "${1:-d}" in
        d)
            # Decrypt
            openssl aes-256-cbc -d  -in  \
                | tar -C "$dir" xfz - \
                && rm "$file"
            ;;
        e)
            # Encrypt
            tar -C "$dir" cfz - . \
                | openssl aes-256-cbc -out "$file" -kfile "$keyfile" \
                && rm -r "$dir"
            ;;
        i)
            # Initialize
            mkdir "$dir"
            echo pswd >"$keyfile"
            ;;
        *)
            # invalid
            exec >&2
            echo "Usage: $0 [option]"
            echo "Options:"
            echo "  d - decrypt [default]"
            echo "  e - encrypt"
            echo "  i - initialize"
            return 1
            ;;
    esac
}

(cd ~; commands... )

(cd ~; commands... )

Instead of a chain of if/elif all testing the same variable, the natural approach is a switch. I'll also take advantage of ${:-} to default the argument:

In the decrypt code, you use pushd and popd. These are suited to interactive use, but are best left alone in scripts or functions. Instead, you can use a sub-shell:

or use full paths. In this case, we want tar to output to ~, and we can tell it to do so, using -C:

I'll not address the security analysis; I'll assume you've done threat modelling and are happy with the overall approach.

Instead of a chain of if/elif all testing the same variable, the natural approach is a switch. I'll also take advantage of ${:-} to default the argument:

In the decrypt code, you use pushd and popd. These are suited to interactive use, but are best left alone in scripts or functions (that's why you discovered that you need to redirect their output). Instead, you can use a sub-shell:

or use full paths. In this case, we want tar to output to ~, and we can tell it to do so, using its -C option:

Finally, you can avoid duplication by putting paths that are used more than once into variables. This protects you against mis-typing any of them, and makes it easier if you should ever want to change them.