LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-18-2010, 10:32 PM   #1
robertmarkbram
Member
 
Registered: May 2003
Location: Melbourne, Australia
Distribution: Cygwin, Windows XP
Posts: 69

Rep: Reputation: 15
openssl: using a protected password in a script


Hi All,

I have a bash script that will unencrypt a file, use the unencrypted file for a very short time and then delete the unencrypted file.

The problem is that my password is in clear text

Code:
   openssl des3 -d -salt \
      -out tempFile \
      -in encryptedFile.des3 \
      -pass pass:clearTextPassword
Obviously this isn't so secure, but I need the script to be non-interactive. How do I hash, encrypt or otherwise make secure the password for the openssl command?

I know that the openssl can protect passwords, e.g.:
openssl passwd -crypt "password"
But can I use this protected password in my script?

Any advice would be most appreciated!

Last edited by robertmarkbram; 01-18-2010 at 10:34 PM. Reason: Didn't proof read properly first time.
 
Old 01-19-2010, 03:27 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Worse than it being in the script it is also going to show up in a ps aux... using file: pathtofile is better, but still the same base problem of storing an unencrypted password. There is no way around that as far as I know and still having it completely automated... make minimum necessary permissions, put it as a .file in the home directory of the user calling it, etc.

Last edited by rweaver; 01-19-2010 at 03:39 PM.
 
Old 01-19-2010, 03:38 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,769
Blog Entries: 54

Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
...and besides the unencrypted file will be available for reading from file or memory anyway as a result of all of this "protecting".
 
Old 01-20-2010, 07:38 PM   #4
robertmarkbram
Member
 
Registered: May 2003
Location: Melbourne, Australia
Distribution: Cygwin, Windows XP
Posts: 69

Original Poster
Rep: Reputation: 15
OK, all good points - thank rweaver and unSpawn.

I changed the process (painful but I am the main user anyway) so that we read the password each time.
 
  


Reply

Tags
bash, decryption, encryption, openssl, password, script, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Protected compressed files script jedilost1 Linux - Newbie 15 11-25-2008 03:49 PM
Password protected network... spaceballs Linux - Wireless Networking 3 01-11-2008 07:36 PM
Password protected network... spaceballs Slackware 2 01-09-2008 02:43 AM
Password Protected Folder? crab_2004 Linux - Software 2 02-22-2004 11:50 PM
Password Protected Directories TheSockMonster Linux - Security 2 05-31-2002 05:07 PM


All times are GMT -5. The time now is 06:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration