Encrypt a file: Difference between revisions
m (New page: How to quickly encrypt a file. <geshi lang="bash"> echo "Hello world" > message.txt encrypt -a 3des -i message.txt -o message.txt.encrypted Enter key: decrypt -a 3des -i message.txt.encry...) |
mNo edit summary |
||
| Line 8: | Line 8: | ||
Enter key: | Enter key: | ||
Hello world | Hello world | ||
</geshi> | |||
=== One way to encrypt a password for a script === | |||
First, create a 192-bit key: | |||
<geshi lang="bash"> | |||
openssl rand 24 > ~/.ssh/des3 | |||
# Alternatively, this command does about the same: | |||
dd if=/dev/random of=~/.ssh/des3 bs=24 count=1 | |||
</geshi> | |||
We'll put this in our .ssh directory, because that directory will have proper permissions, and many programs will complain if they are wrong. The key thing is to keep this key separate from the script. | |||
Next, change the permissions on the file itself: | |||
<geshi lang="bash"> | |||
chmod 400 ~/.ssh/des3 | |||
</geshi> | |||
Now take your unencrypted password, and pipe it into encrypt. In bash, you can do this | |||
<geshi lang="bash"> | |||
read -s PASSWD | |||
echo $PASSWD | /usr/bin/encrypt -a 3des -k ~/.ssh/des3 | base64 | |||
AAAAAQAAA+iXGpYztX7Eidzu44k5wEgjSkkUBpSnj13faKbrJpoDPN2+sgIhPeSz | |||
</geshi> | |||
"read -s" won't echo it to your terminal, nor leave it in the history. | |||
Now, take the base64 encoded, encrypted password, and use that in your script: | |||
<geshi lang="bash"> | |||
#!/bin/bash | |||
PASSWD="AAAAAQAAA+iXGpYztX7Eidzu44k5wEgjSkkUBpSnj13faKbrJpoDPN2+sgIhPeSz" | |||
echo "$PASSWD" | base64 -d | /usr/bin/decrypt -a 3des -k ~/.ssh/des3 | isql -X ... | |||
</geshi> | </geshi> | ||
[[Category:Solaris]] | [[Category:Solaris]] | ||
Revision as of 04:49, 2 March 2009
How to quickly encrypt a file.
<geshi lang="bash"> echo "Hello world" > message.txt encrypt -a 3des -i message.txt -o message.txt.encrypted Enter key: decrypt -a 3des -i message.txt.encrypted Enter key: Hello world </geshi>
One way to encrypt a password for a script
First, create a 192-bit key:
<geshi lang="bash"> openssl rand 24 > ~/.ssh/des3
- Alternatively, this command does about the same:
dd if=/dev/random of=~/.ssh/des3 bs=24 count=1 </geshi>
We'll put this in our .ssh directory, because that directory will have proper permissions, and many programs will complain if they are wrong. The key thing is to keep this key separate from the script.
Next, change the permissions on the file itself:
<geshi lang="bash"> chmod 400 ~/.ssh/des3 </geshi>
Now take your unencrypted password, and pipe it into encrypt. In bash, you can do this
<geshi lang="bash"> read -s PASSWD echo $PASSWD | /usr/bin/encrypt -a 3des -k ~/.ssh/des3 | base64 AAAAAQAAA+iXGpYztX7Eidzu44k5wEgjSkkUBpSnj13faKbrJpoDPN2+sgIhPeSz </geshi>
"read -s" won't echo it to your terminal, nor leave it in the history.
Now, take the base64 encoded, encrypted password, and use that in your script:
<geshi lang="bash">
- !/bin/bash
PASSWD="AAAAAQAAA+iXGpYztX7Eidzu44k5wEgjSkkUBpSnj13faKbrJpoDPN2+sgIhPeSz" echo "$PASSWD" | base64 -d | /usr/bin/decrypt -a 3des -k ~/.ssh/des3 | isql -X ... </geshi>