Hi, I want to encrypt and decrypt a string(database password) which will be used in my scripts.
encrypt the string while storing in a file and while using it in other scripts
it should decrypt.
i tried below method. As it can decrypt easily, it is not recommended.
encrypt=`perl -e 'print unpack "H*","yourpassword"'`
descrpt=`perl -e 'print pack "H*","encrypted password"'`
Could you please suggest any other methods for this.
My Unix environment details are SunOS 5.10 Generic_118833-36
Thanks in advance.
Encrypting a password is useless when you can't keep it encrypted. The instant you decrypt it, it's vulnerable again.
No matter how cryptographically hard they are, the encryption and decryption methods are right there for anyone to see and copy-paste anyway. That just makes it sillier.
chmod will be a much better defense against snooping than a rube goldberg machine, but with some work you might be able to avoid using stored passwords at all, which would be a very good thing. Because:
Retrievably stored passwords are security hot potatoes and to be avoided. They're such a bad idea that sudo, su, ssh, scp, and sftp don't just avoid them, they're all specifically designed to stop you from using them too. You have to use third-party brute-forcing tools like expect to shoehorn stored passwords into them at all. A stored password is an absolute last resort.
I agree with Corona - the problem here is storing the password if you plan on making this script run without intervention.
If you plan on having it prompt you for a password, which has limited use, but I'll entertain the possibility for operations automation or something, you can use a utility like openssl.
$ echo Hi | openssl enc -aes-128-cbc -a -salt -pass pass:wtf
U2FsdGVkX18qAdhqop1SffsewHue6EOPNKv9dXc/0rI=
$ echo U2FsdGVkX18qAdhqop1SffsewHue6EOPNKv9dXc/0rI= | openssl enc -aes-128-cbc -a -d -salt -pass pass:wtf
Hi
$
You can also use openssl for ad-hoc file encryption/decryption with the "-in" and "-out" options. You can also use GPG for file encryption/decryption.
For remote logins -- or even for local ones, if you can login through loopback -- you can use ssh keys.
Thanks Corona and LivinFree for your suggestions.
openssl is also the same like what you said "limited use"
because we provide hardcoded password to openssl (or storing somewhere in a file).
if i am wrong could you please explain me the usage of openssl. I am new to openssl
Thanks.
We've made a number of suggestions but it's difficult to be specific at all when we don't know what you're trying to accomplish. If you tell us what your actual goal, is we can help find better ways to do it.