You can use encryption in a script but what are you using to write this in? If you are looking to do something with the password and/or shadow file, using Perl may be the way to go (at least for the call to the password/shadow file).

Unsure what you mean by "shadow the scripting file".

Question 2: What are you using - is this a web interface? Or just a script that normal users can run to change something (what?).

To prevent password from being seen:
from a web page: set input type to password
<input type="password" name="newpass" size=15>
For a terminal: stty -echo turns off echo, stty echo turns it back on. Check the man page for stty.

Q3: Yes, if you encrypt a file you can still retrieve data but you have to unencrypt it in the case of pgp. If you are talking about retrieve what a password is - not exactly. You can find out if a unencrypted password matches with the following - but you don't really unencrypt the password - you compare by encrypting.

Perl script to check a password - supply userid and password

#!/u/bin/perl
#
# Grab the user's old password from /etc/shadow and compare to sent
# old password from web page - send back error if not the same
#

$user = "$ARGV[0]";
$oldpass = "$ARGV[1]";
$datenow = "`date '+%h %d %T'`";
#
$userinfo = `/usr/bin/grep $user /etc/shadow`;
($user1, $passwd1, $passextra) = split(/:/, $userinfo, 3);
$salt = substr($passwd1,0,2);
#
if (crypt($oldpass, $salt) ne $passwd1) {
die "Not correct password";
}