LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   openssl: using a protected password in a script (http://www.linuxquestions.org/questions/linux-security-4/openssl-using-a-protected-password-in-a-script-783110/)

robertmarkbram 01-18-2010 09:32 PM

openssl: using a protected password in a script
 
Hi All,

I have a bash script that will unencrypt a file, use the unencrypted file for a very short time and then delete the unencrypted file.

The problem is that my password is in clear text

Code:

  openssl des3 -d -salt \
      -out tempFile \
      -in encryptedFile.des3 \
      -pass pass:clearTextPassword

Obviously this isn't so secure, but I need the script to be non-interactive. How do I hash, encrypt or otherwise make secure the password for the openssl command?

I know that the openssl can protect passwords, e.g.:
openssl passwd -crypt "password"
But can I use this protected password in my script?

Any advice would be most appreciated!

rweaver 01-19-2010 02:27 PM

Worse than it being in the script it is also going to show up in a ps aux... using file: pathtofile is better, but still the same base problem of storing an unencrypted password. There is no way around that as far as I know and still having it completely automated... make minimum necessary permissions, put it as a .file in the home directory of the user calling it, etc.

unSpawn 01-19-2010 02:38 PM

...and besides the unencrypted file will be available for reading from file or memory anyway as a result of all of this "protecting".

robertmarkbram 01-20-2010 06:38 PM

OK, all good points - thank rweaver and unSpawn.

I changed the process (painful but I am the main user anyway) so that we read the password each time.


All times are GMT -5. The time now is 07:27 PM.