tags:

views:

607

answers:

1
Q: 

OpenSSL in bash script

Hi!

I'm trying to make a bash script in linux where some encrypted data is embedded and then retrieved and decrypted with openssl, like this:

cat | openssl des3 -d -a -salt -pass pass:asdf > output.txt <<EOF
U2FsdGVkX1/zN55FdyL5j1nbDVt5vK4V3WLQrnHPoycCJPwWO0ei3PCrrMqPaxUH.....blablablah data
EOF

The only problem with this, that would otherwise work, is that I have to hit enter when the script reaches this position. I have tried changing the way \n are placed, but no luck.

I can't afford to press manually enter for all the files that are going to be embedded like this one!!

Thanks for your help!

+4  A: 

A couple of things wrong here:

  1. You shouldn't use both cat | ... and also a here document (<<EOF). Use one or the other.

  2. Your example isn't testable because the example text is not the DES3 encryption of any input.

This example works as expected:

cat ~/.profile | openssl des3 -e -a -salt -pass pass:asdf -out /tmp/output.txt

That is, it writes an encrypted version of ~/.profile, base64 encoded, to file /tmp/output.txt.

Here's a working decryption example with a here document:

openssl des3 -d -a -salt -pass pass:asdf <<EOF                                              
U2FsdGVkX1/03DBd+MpEKId2hUY82cLWpYltYy2zSsg=
EOF

Try this in the safety and comfort of your own home...

Norman Ramsey  2009-08-09 01:27:12
Actually, the original poster wants to `decode`, not encode. But simply getting rid of the unnecessary `cat |` will fix the problem in both cases.
earl  2009-08-09 01:39:44
Thanks a lot Norman! I couldn't figure it out. Do you know also how could I do the same with tar?? I can apply the same method, I don't get tar to receive the right input: tar xf - <<EOF doesn't work, I have to make an ugly hack with tail -n+(the number of the current line) and pipe it with tar xf -. :S Thanks a lot for your help!!!
alvatar  2009-08-09 02:28:32
tar archives tend to contain weird characters like nulls that you don't want in your shell scripts. Instead, include the base64-encoding of the tar archive, and extract with `openssl base64 -d <<B64_EOF | tar -xf -` (note: I included an underscore in the here-doc delimiter to make sure it can't occur inside the here-doc).
Gordon Davisson  2009-08-09 05:11:08
@Alvaro: You might be better off avoiding shell here documents entirely. If not, be sure there are no $ signs or ` signs in the encoding. Gordon's idea is a good one; I would also quote <<'B64_EOF'.
Norman Ramsey  2009-08-09 16:18:35
@Norman: Quoting the delimiter (which prevents interpretation of $, \, and ' in the here-doc) shouldn't be necessary with base64 (which only uses upper- and lowercase letters, digits, +, /, =, and in some weird circumstances *) -- OTOH, it won't hurt and is safer with other encodings.
Gordon Davisson  2009-08-10 05:24:45
I want to keep entire tree structures with different encriptions in one single file :) I managed to do everything with your help guys! :) thank you very much!
alvatar  2009-08-10 11:36:52

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?