09-09-2016
This is an extremely common question but always has the same inescapable conclusion.
If your database can decrypt it at will without secrets -- so can anyone else.
Yes, but --
Encryption does not work that way.
But what if --
Encryption does not work that way.
Maybe if it --
Encryption does not work that way.
To prevent people from reading your passwords, chmod.
To prevent people getting access to something which reads the passwords, sudo.
To prevent root from getting at it... You're out of luck.
This question fools everyone eventually... I spent a long while earlier this year down a rabbithole trying to find a way to make arbitrary apache suexec secure, until I realized I was fighting what amounts to the same problem -- how to prove identity to the computer without using secrets.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
We currently take files (via FTP) off of a mainframe and save them as a text file on our server. This is done via a script. The next thing that is done to that text file is it gets zipped (using ZIP). This all works fine, but it doesn't appear that ZIP (the free version) has any way to password... (2 Replies)
Discussion started by: dsimpg1
2 Replies
2. AIX
Can it be done? Ive read in a few places that the crypt program no longer exists on AIX...if its do-able please tell me how. (2 Replies)
Discussion started by: rdudejr
2 Replies
3. Solaris
Hi all,
I have a server in the office that we connect to via telnet. Can anyone explain please how i can encrypt the password so it cannot be picked up in plain text by sniffing software like WireShark, etc.?
I'm not very experienced in Unix, so any ideas or even links would be great.
... (5 Replies)
Discussion started by: de049
5 Replies
4. UNIX for Dummies Questions & Answers
In unix, i know the password encrypt by using salt
But how does it work? And how windows protect its password?
Thank you for helping in advance (5 Replies)
Discussion started by: cryogen
5 Replies
5. Shell Programming and Scripting
Hi, I have a Java app that looks for some parameters in a .properties file such as username and password. However I don't want to leave the password in a text file and I can't modify the app...
Does anyone have some idea about how to encrypt/hide/etc the password so it's not freely accessible... (1 Reply)
Discussion started by: Tr0cken
1 Replies
6. UNIX for Dummies Questions & Answers
if I change my password on two different servers, using the same string but the encrypted password in /etc/passwd look different.
If I copy an entry from one /etc/password to the other server. I can still log in to both servers using the same password. Only now both /etc/passwd entries are... (2 Replies)
Discussion started by: C0ppert0p
2 Replies
7. Cybersecurity
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies
8. Shell Programming and Scripting
I am working on a script where we are using sqlplus command to connect to Oracle DB. But the schemaname and password used for sqlplus authentication, have to be hardcoded in the script.
DBconnection=scott/tiger@SID
sqlplus $DBconnection
Here any user who reads the script can read the... (1 Reply)
Discussion started by: max29583
1 Replies
9. Post Here to Contact Site Administrators and Moderators
All,
I have requirement to send password protected excel file in an email from unix/linux box without zipping it. Any help would be appreciated.
Thanks.. (1 Reply)
Discussion started by: Durgesh Gupta
1 Replies
10. Shell Programming and Scripting
All,
I have requirement to send password protected excel file in an email from unix/linux box without zipping it. Any help would be appreciated.
Thanks.. (8 Replies)
Discussion started by: Durgesh Gupta
8 Replies
LEARN ABOUT CENTOS
gnome-keyring-daemon
GNOME-KEYRING-DAEM(1) User Commands GNOME-KEYRING-DAEM(1)
NAME
gnome-keyring-daemon - The gnome-keyring daemon
SYNOPSIS
gnome-keyring-daemon [OPTION...]
DESCRIPTION
The gnome-keyring-daemon is a service that stores your passwords and secrets. It is normally started automatically when a user logs into a
desktop session.
The gnome-keyring-daemon implements the DBus Secret Service API, and you can use tools like seahorse or secret-tool to interact with it.
The daemon also implements a GnuPG and SSH agent both of which automatically load the user's keys, and prompt for passwords when necessary.
The daemon will print out various environment variables which should be set in the user's environment, in order to interact with the
daemon.
OPTIONS
The various startup arguments below can be used:
-c, --components=ssh,secrets,gpg,pkcs11
Ask the daemon to only initialize certain components. Valid components are ssh, gpg, secrets, pkcs11.
By default all components are initialized.
-C, --control-directory=/path/to/directory
Use this directory for creating communication sockets. By default a temporary directory is automatically created.
-d, --daemonize
Run as a real daemon, disconnected from the terminal.
-f, --foreground
Run in the foreground, and do not fork or become a daemon.
-l, --login
This argument tells the daemon it is being run by PAM. It reads all of stdin (including any newlines) as a login password and does not
complete actual initialization.
The daemon should later be initialized with a gnome-keyring-daemon --start invocation.
This option may not be used together with either the --replace or --start arguments.
-r, --replace
Try to replace a running keyring daemon, and assume its environment avriables. A successful replacement depends on the
GNOMKE_KEYRING_CONTROL environment variable being set by an earlier daemon.
This option may not be used together with either the --login or --start arguments.
-s, --start
Connect to an already running daemon and initialize it. This is often used to complete initialization of a daemon that was started by
PAM using the --login argument.
This option may not be used together with either the --login or --replace arguments.
-V, --version
Print out the gnome-keyring version and then exit.
-h, --help
Show help options and exit.
BUGS
Please send bug reports to either the distribution bug tracker or the upstream bug tracker at
https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-keyring
SEE ALSO
secret-tool(1), seahorse(1)
Further details available in the gnome-keyring online documentation at https://wiki.gnome.org/GnomeKeyring and in the secret-service online
documentation at http://standards.freedesktop.org/secret-service/
gnome-keyring GNOME-KEYRING-DAEM(1)