CyberKeeda In Social Media

How to use encrypted password in Bash Shell script.



If you too feel awful  while keeping your password into plain string within, here is the way it might can help you.

Encrypt your password from OpenSSL using the below command

Assumption : Here i will be encrypting my plain text password as  " mysecretpassword  "

       


[root@cyberkeeda]# echo 'mysecretpassword' | openssl enc -base64 -e -aes-256-cbc -nosalt  -pass pass:garbageKey



You will find a encrypted password output as

O7LX4VmomxrBgNHS+R1FcoNneSrqWFY0oTn3ammEF7w=


Copy the above encrypted string and confirm it by decryption.

       


[root@cyberkeeda]# echo 'O7LX4VmomxrBgNHS+R1FcoNneSrqWFY0oTn3ammEF7w=' | openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:garbageKey


 

So it must provide a decrypted password as.

"mysecretpassword"

If it works fine, then you can simply save it into a file and use it within your script.

Encrypt it and save it into a hidden file.

       


[root@cyberkeeda]# echo 'mysecretpassword' | openssl enc -base64 -e -aes-256-cbc -nosalt  -pass pass:garbageKey  > .secret.lck




Then further you can call it within your script as.


       

#!/bin/bash

#Myscript.sh

#

#

PASS=`cat .secret.lck | openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:garbageKey
`
#
#You can use the secret password anywhere within your script.

2 comments:

  1. Great Article
    Cyber Security Projects

    projects for cse

    Networking Security Projects

    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete
  2. We ended up needing to solve the same problem and created an opensource (MIT License) tool to do this called encpass.sh. (https://github.com/plyint/encpass.sh) It creates a key for the script and stores the key and encrypted secrets in a hidden directory on disk. (Typically in your user's home directory, but you can define another location if you prefer)

    It uses OpenSSL under the covers similar to the recommendation here and uses industry recommended best practices (e.g. salts, named pipes, 10k iterations) to everything as secure as possible. It also provides a simple command line interface, so the user can easily manage secrets without having to know anything about how OpenSSL works.

    ReplyDelete

Designed By Jackuna