Encrypt a file: Difference between revisions
mNo edit summary |
mNo edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
How to quickly encrypt a file. | How to quickly encrypt a file on Solaris 10 using [http://docs.sun.com/app/docs/doc/819-2239/encrypt-1?a=view encypt]. | ||
<geshi lang="bash"> | <geshi lang="bash"> | ||
echo "Hello world" > message.txt | echo "Hello world" > message.txt | ||
encrypt -a 3des -i message.txt -o message.txt.encrypted | /usr/bin/encrypt -a 3des -i message.txt -o message.txt.encrypted | ||
Enter key: | Enter key: | ||
decrypt -a 3des -i message.txt.encrypted | /usr/bin/decrypt -a 3des -i message.txt.encrypted | ||
Enter key: | Enter key: | ||
Hello world | Hello world | ||
</geshi> | </geshi> | ||
== | == Encrypt a password for a script using [http://en.wikipedia.org/wiki/Triple_DES des3] == | ||
First, create a 192-bit key: | First, create a 192-bit key: | ||
| Line 47: | Line 47: | ||
</geshi> | </geshi> | ||
== Encrypt a password for a script using [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] == | |||
This is much the same as the above. You'll want to create a 256-bit key. | |||
<geshi lang="bash"> | |||
openssl rand 32 > ~/.ssh/aes256 && chmod 400 ~/.ssh/aes256 | |||
# or | |||
dd if=/dev/random of=~/.ssh/aes256 bs=32 count=1 && chmod 400 ~/.ssh/aes256 | |||
</geshi> | |||
You can test the encrypt/decrypt with the following command. | |||
<geshi lang="bash"> | |||
echo test | /usr/bin/encrypt -a aes -k ~/.ssh/aes256 | /usr/bin/decrypt -a aes -k ~/.ssh/aes256 | |||
</geshi> | |||
== [http://www.madboa.com/geek/openssl/#encrypt-simple Encrypting a file] using openssl and a password. == | == [http://www.madboa.com/geek/openssl/#encrypt-simple Encrypting a file] using openssl and a password. == | ||
Latest revision as of 04:04, 15 September 2009
How to quickly encrypt a file on Solaris 10 using encypt.
<geshi lang="bash"> echo "Hello world" > message.txt /usr/bin/encrypt -a 3des -i message.txt -o message.txt.encrypted Enter key: /usr/bin/decrypt -a 3des -i message.txt.encrypted Enter key: Hello world </geshi>
Encrypt a password for a script using des3
First, create a 192-bit key:
<geshi lang="bash"> openssl rand 24 > ~/.ssh/des3
- Alternatively, this command does about the same:
dd if=/dev/random of=~/.ssh/des3 bs=24 count=1 </geshi>
We'll put this in our .ssh directory, because that directory will have proper permissions, and many programs will complain if they are wrong. The key thing is to keep this key separate from the script.
Next, change the permissions on the file itself:
<geshi lang="bash"> chmod 400 ~/.ssh/des3 </geshi>
Now take your unencrypted password, and pipe it into encrypt. In bash, you can do this
<geshi lang="bash"> read -s PASSWD echo $PASSWD | /usr/bin/encrypt -a 3des -k ~/.ssh/des3 | base64 AAAAAQAAA+iXGpYztX7Eidzu44k5wEgjSkkUBpSnj13faKbrJpoDPN2+sgIhPeSz </geshi>
"read -s" won't echo it to your terminal, nor leave it in the history.
Now, take the base64 encoded, encrypted password, and use that in your script:
<geshi lang="bash">
- !/bin/bash
PASSWD="AAAAAQAAA+iXGpYztX7Eidzu44k5wEgjSkkUBpSnj13faKbrJpoDPN2+sgIhPeSz" echo "$PASSWD" | base64 -d | /usr/bin/decrypt -a 3des -k ~/.ssh/des3 | isql -X ... </geshi>
Encrypt a password for a script using AES
This is much the same as the above. You'll want to create a 256-bit key.
<geshi lang="bash"> openssl rand 32 > ~/.ssh/aes256 && chmod 400 ~/.ssh/aes256
- or
dd if=/dev/random of=~/.ssh/aes256 bs=32 count=1 && chmod 400 ~/.ssh/aes256 </geshi>
You can test the encrypt/decrypt with the following command. <geshi lang="bash"> echo test | /usr/bin/encrypt -a aes -k ~/.ssh/aes256 | /usr/bin/decrypt -a aes -k ~/.ssh/aes256 </geshi>
Encrypting a file using openssl and a password.
<geshi lang="bash">
- encrypt file.txt to file.enc using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc </geshi>
<geshi lang="bash">
- decrypt binary file.enc
openssl enc -d -aes-256-cbc -in file.enc </geshi>