Encrypt and Decrypt a File with Password

eskay · February 27, 2017, 12:04pm

Hello,

I have few files on unix which are payroll related and I need them to encrypt with password so others wouldn't see the data. I use ETL tool and would like to know the unix command that does encryption/decryption to use in the ETL.

Thank you,
Sri

Corona688 · February 27, 2017, 5:45pm

You'll have to be more specific than "ETL". You may not be able to do it inside ETL itself in any case, just externally.

rbatte1 · February 28, 2017, 4:59am

Beware that any process to encrypt/decrypt is open to abuse if someone can read the script and work out where the password/key is stored and can read that. There are various ways to encrypt data, but the tough part is having a decryption process that is not decipherable.

For example, you could make a file difficult to read by compressing it and using a non-obvious file name, however anyone reading your decryption process would spot it is a simple decompression and be able to read your data.

If ETL stands for Extract, Transform, Load as three database functions, you need to say what tools you are using in each of the stages and where the data will be stored at each point. Are you transferring data from one server to another perhaps?

Robin

bakunin · February 28, 2017, 5:34am

Unix offers a lot of utilities doing exactly that: uuencode , openssl and several others.

The problem you will be facing is not so much the encyption/decryption itself but to make sure nobody can intercept it. Suppose you use a password to encrypt your file you might have a script with the line

encrypt_utility "password" /path/to/file > path/to/file.encrypted

and then move/send/... the encrypted version of the file. But if someone can read your scvript he could take the password from there and use it himself to decrypt the file.

This means you have to plan carefully so that nobody without the proper rights have even read-access to such a script. As in most security-related problems the solution is very simple once you got the planning of who is allowed to do what under which circumstance correct.

For the tools to use i suggest you read the man-pages/descriptions of the two utilities i mentioned above. They are standard-UNIX tools and freely available open-source respectively. If what they can do suffices for your purpose we can help you put one or the other to work. If not, i suggest doing a Google-search for other such tools. There are reams and reams of software out there, for all kind of purposes. Once you have decided for one or the other we can (hopefully) help you put that o work too.

I hope this helps.

bakunin