-   Linux - Security (
-   -   openssl: using a protected password in a script (

robertmarkbram 01-18-2010 09:32 PM

openssl: using a protected password in a script
Hi All,

I have a bash script that will unencrypt a file, use the unencrypted file for a very short time and then delete the unencrypted file.

The problem is that my password is in clear text


  openssl des3 -d -salt \
      -out tempFile \
      -in encryptedFile.des3 \
      -pass pass:clearTextPassword

Obviously this isn't so secure, but I need the script to be non-interactive. How do I hash, encrypt or otherwise make secure the password for the openssl command?

I know that the openssl can protect passwords, e.g.:
openssl passwd -crypt "password"
But can I use this protected password in my script?

Any advice would be most appreciated!

rweaver 01-19-2010 02:27 PM

Worse than it being in the script it is also going to show up in a ps aux... using file: pathtofile is better, but still the same base problem of storing an unencrypted password. There is no way around that as far as I know and still having it completely automated... make minimum necessary permissions, put it as a .file in the home directory of the user calling it, etc.

unSpawn 01-19-2010 02:38 PM

...and besides the unencrypted file will be available for reading from file or memory anyway as a result of all of this "protecting".

robertmarkbram 01-20-2010 06:38 PM

OK, all good points - thank rweaver and unSpawn.

I changed the process (painful but I am the main user anyway) so that we read the password each time.

All times are GMT -5. The time now is 11:25 PM.