tags:

views:

159

answers:

3
+3  Q: 

Hide/encrypt password in bash file to stop accidentally seeing it

Sorry if this has been asked before, I did check but couldn't find anything...

Is there a function in Unix to encrypt and decrypt a password in a batch file so that I can pipe it into some other commands in a bash file?

I realise that doing this provides no real security, it is more to stop someone accidentally seeing the password if they are looking at the script over my shoulder :)

I'm running on Red Hat 5.3.

I have a script which does something similar to this:

serverControl.sh -u admin -p myPassword -c shutdown

and I would like to do something like this:

password = decrypt("fgsfkageaivgea", "aDecryptionKey")
serverControl.sh -u admin -p $password -c shutdown

This doesn't protect the password in any way, but does stop someone from accidentally seeing it over my shoulder.

A: 

You should be able to use crypt, mcrypt, or gpg to meet your needs. They all support a number of algorithms. crypt is a bit outdated though.

More info:

Lèse majesté  2010-07-23 14:08:52
Sadly neither is available on my system (Red Hat 5.3 - sorry, I should've said)
Rich  2010-07-23 14:21:32
Rich: do you have root access? If so, you should be able to install those packages, which ought to be available for all Linux distros.
Lèse majesté  2010-07-23 14:42:45
+1  A: 

OpenSSL provides a passwd command that can encrypt but doesn't decrypt as it only does hashes. Many systems have a provide a base64 encoder and decoder. Yet another common option is to use a uuencoder or uudecoder. You could also download something like aesutil so you can use a capable and well-known symmetric encryption routine.

For example:

# use base64 encoding
MYENCPASS="cGFzc3dkCg==" # echo "passwd" | base64
MYPASS=`echo "$MYENCPASS" | base64 --decode`

# using aesutil
SALT=`mkrand 15` # mkrand generates a 15-character random passwd
MYENCPASS="i/b9pkcpQAPy7BzH2JlqHVoJc2mNTBM=" # `echo "passwd" | aes -e -b -B -p $SALT` 
MYPASS=`echo "$MYENCPASS" | aes -d -b -p $SALT`

# and usage
serverControl.sh -u admin -p $MYPASS -c shutdown
Kaleb Pederson  2010-07-23 14:23:24
Thanks - base64 will do the trick for me
Rich  2010-07-23 14:37:22
+1  A: 
  • indent it off the edge of your screen (assuming you don't use line wrapping and you have a consistant editor width)

or

  • store it in a separate file and read it in.
Ashton  2010-07-23 14:38:23

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi