encrypt/decrypt in shell script

encrypt/decrypt in shell script

am 15.02.2005 20:01:37 von sfgroups

I want to store password in text file for my application, how will I
encrypt/decrypt using shell script?


-SR

Re: encrypt/decrypt in shell script

am 16.02.2005 05:30:59 von cfajohnson

On Tue, 15 Feb 2005 at 19:01 GMT, sfgroups@gmail.com wrote:
> I want to store password in text file for my application, how will I
> encrypt/decrypt using shell script?

Unix passwords are not normally decryptable. To verify a password,
the supplied password is encrypted with the same seed that was
used to encrypt it and compared with the encrypted version.

There's probably a Perl module that will do the job, but I use a
small program I wrote in C, called encrypt. I compile it with:

gcc -ansi -o encrypt encrypt.c -lcrypt

It reads the password to be encrypted from stdin, and a
2-character seed may be supplied on the command line.

#include
#include
#include
#include
#include

char *
encrypt( char *passwd, char *pepper )
{
char salt[3];
char SaltChars[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456 789./";

time_t ticks;
static char *pwd;

if ( pepper )
{
salt[0] = pepper[0];
salt[1] = pepper[1];
}
else
{
time(&ticks);
salt[0] = SaltChars[ticks & 0x3F];
salt[1] = SaltChars[(ticks >> 6) & 0x3F];
}
salt[2] = '\0';
pwd = (char *)crypt(passwd, salt);
return pwd;
}

int
main(int argc, char *argv[])
{
char *passwd;
char buf[1024];
char *salt;

if (argc > 1)
{
salt = argv[1];
}
else
{
/* salt = "$1$!@#$%^&*"; */
salt = NULL;
}

fgets(buf,sizeof(buf),stdin);
if ( buf[strlen(buf)-1] == '\n' )
{
buf[strlen(buf) - 1] = '\0';
}
printf( "%s\n", encrypt(buf, salt));

return 0;
}


--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
============================================================ =======
My code (if any) in this post is copyright 2005, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License

Re: encrypt/decrypt in shell script

am 16.02.2005 20:19:15 von Jeremiah DeWitt Weiner

Chris F.A. Johnson wrote:
> On Tue, 15 Feb 2005 at 19:01 GMT, sfgroups@gmail.com wrote:
>> I want to store password in text file for my application, how will I
>> encrypt/decrypt using shell script?
> Unix passwords are not normally decryptable. To verify a password,
> the supplied password is encrypted with the same seed that was
> used to encrypt it and compared with the encrypted version.

The OP did say "for [his] application"; we have no way of knowing
whether he's using a standard Unix password-hashing scheme for it.
Probably not, would be my guess; he probably just wants to be able to
pass a password (in plain text) to some other application that's asking
for it.

My answer would be "you can probably encrypt it, but it's probably
not worth it." See the fetchmail design notes
(http://www.catb.org/~esr/fetchmail/design-notes.html) for an
explanation of why it's not really worth it to encrypt a password that's
just going to sit in a text file on a system anyway. A better approach
would be to redesign the system so you don't have to put the password in
a file. If that's not possible, locking down the ownership and
permissions is probably the best way to go.

JDW