Encrypt and decrypt a password in shell script

Shell Programming and Scripting
1

Hi All,

very good morning all.

I am trying to connect to informatica repository by using shell script.
I have written pmrep connect command in the script file. But i need to provide repository, domain ,username and password to connect. Username and password are hard coded in the script file which is not recommanded. So i tried to encrypt the password and save it in a file. After that i dont know how to use that encrypted password during script file execution.

Can anyone suggest me how to decrypt the password from the file and it needs to be connected to the repository as well. And also provide me the sample script file to understand better.

Thanks in advance....

2

The method used to encrypt the password, should also be providing way to decrypt it too!?

3

If i decrypt that password it can be saved in a file. but how can it be used in the script file. I mean, i want to store it in variable insdie script file and it can be used.

my Question is: how to store that decrypted password in a variable . How to assign it to a variable.

For encryption i used below command:

openssl das3 -salt -in file.txt -out file.des3

For decryption i used below command:

openssl das3 -salt -in file.des3 -out file1.txt

if i do with above command the decrypted password will be saved in file1.txt
i want to assign it to variable. and it can be used in my connect command.
is this the way to assign it to variable?

dec_pwd=openssl das3 -salt -in file.des3 -out file1.txt

or any other command to redirect to a variable.
or how can i read the decrypted password from file1.txt

please let me know.
thanks in advance...

4

Have you checked openssl man pages? there must be some options to to deal with STDIN and STDOUT.

regarding your issue, you can same file content to a variable

var=$(cat file1.txt)

Please note, there must be nothing else in the file except the password

5

Thanks for your reply clx.
But if i check in file1.txt it contains the normal password i.e not recommonded. So everyone can see my password in the file1.txt .
Actually file.des3 is having encrypted password.
So i am looking for the command which will decrypt the encrypted password from file.des3 and store it in a variable .
So that i can use that variable and can connect to repository.

is it possible?
Please let me know.
All the suggestions are accepted.

6

Well you can control the file permissions.

Just by chance, can you try removing -out file1.txt part and see if the password is being displaying on the screen.

If yes,

var=$(openssl das3 -salt -in file.des3)
7

thanks for quick reply.

The command var=$(openssl das3 -salt -in file.des3) is not working because it is prompting for the user credentials in the unix system.
While script file is running in informatica it shouldnot prompt.So it is keep on running and it shouldnot complete.

Any other way to do it.

thanks in advance.

8

We get threads asking for this again, and again.

Encryption does not work that way. Period. No ifs, ands, or buts. It just doesn't. You are asking for a logical contradiction -- if the script must output the unencrypted password without user intervention, it by definition contains complete instructions for retrieving the password. This is one big reason why embedding passwords in scripts is a bad habit.

If you want to conceal the password from the user, chmod is the protection you need. Prevent them from reading the script, or put it in another file which they cannot read themselves. Or, arrange a way that doesn't require a password.

9

And OpenSSH tries really hard to prompt for a password to the actual terminal.

Probably to prevent insecure implementations like scripted password access...