LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-18-2010, 09:32 PM   #1
robertmarkbram
Member
 
Registered: May 2003
Location: Melbourne, Australia
Distribution: Cygwin, Windows XP
Posts: 69

Rep: Reputation: 15
openssl: using a protected password in a script


Hi All,

I have a bash script that will unencrypt a file, use the unencrypted file for a very short time and then delete the unencrypted file.

The problem is that my password is in clear text

Code:
   openssl des3 -d -salt \
      -out tempFile \
      -in encryptedFile.des3 \
      -pass pass:clearTextPassword
Obviously this isn't so secure, but I need the script to be non-interactive. How do I hash, encrypt or otherwise make secure the password for the openssl command?

I know that the openssl can protect passwords, e.g.:
openssl passwd -crypt "password"
But can I use this protected password in my script?

Any advice would be most appreciated!

Last edited by robertmarkbram; 01-18-2010 at 09:34 PM. Reason: Didn't proof read properly first time.
 
Old 01-19-2010, 02:27 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Worse than it being in the script it is also going to show up in a ps aux... using file: pathtofile is better, but still the same base problem of storing an unencrypted password. There is no way around that as far as I know and still having it completely automated... make minimum necessary permissions, put it as a .file in the home directory of the user calling it, etc.

Last edited by rweaver; 01-19-2010 at 02:39 PM.
 
Old 01-19-2010, 02:38 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
...and besides the unencrypted file will be available for reading from file or memory anyway as a result of all of this "protecting".
 
Old 01-20-2010, 06:38 PM   #4
robertmarkbram
Member
 
Registered: May 2003
Location: Melbourne, Australia
Distribution: Cygwin, Windows XP
Posts: 69

Original Poster
Rep: Reputation: 15
OK, all good points - thank rweaver and unSpawn.

I changed the process (painful but I am the main user anyway) so that we read the password each time.
 
  


Reply

Tags
bash, decryption, encryption, openssl, password, script, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Protected compressed files script jedilost1 Linux - Newbie 15 11-25-2008 02:49 PM
Password protected network... spaceballs Linux - Wireless Networking 3 01-11-2008 06:36 PM
Password protected network... spaceballs Slackware 2 01-09-2008 01:43 AM
Password Protected Folder? crab_2004 Linux - Software 2 02-22-2004 10:50 PM
Password Protected Directories TheSockMonster Linux - Security 2 05-31-2002 04:07 PM


All times are GMT -5. The time now is 06:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration