Encrypt the password ,source it in a expect script...!!


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Encrypt the password ,source it in a expect script...!!
# 1  
Old 04-08-2010
Bug Encrypt the password ,decrypt it,source it in an expect script...!!

Hello folks

I have a conf file ,say 'pass.conf' ,which is storing ascii password : PASS1111.

I need to encrypt this password once and store it in a file.

I ,then need to write a script which would read this encrypted password and decrypts it.The o/p o this script shud be this decrypted password ,which i would get it set in an expect script.

I need some guidance on it as i am not exactly clear how to do it.

I know how to set password in expect script using 'exec'.

For other stuff,i need advice/help.

Regards
Abhi

Last edited by ak835; 04-08-2010 at 10:13 AM..
# 2  
Old 04-08-2010
I found myself via Google answering to the same question ~ 3 years ago - I don't have any bright idea on this one, HTH somehow.
# 3  
Old 04-08-2010
A password that's encrypted in a recoverable way, and decrypted right in the program there, is not much better than a plaintext password anyway. Try sudo instead of passwords, so you don't need to build gaping security holes into your software.
# 4  
Old 04-09-2010
Bug

@Corona688

You are right in general but here i have a simple design.Encrypted password stored in a file,decrypted by my script and directly passed to expect script.Its not a robust design but satisfies what i must do now.

@sysgate

Link helps me understand the concept but does not help my situation.I wish to write a simple-to-moderate (complex) script to decrypt the encrypted password.

Requesting everyone to advise on how can this be done.

Regards
Abhi
# 5  
Old 04-09-2010
Quote:
Originally Posted by ak835
@Corona688

You are right in general but here i have a simple design.Encrypted password stored in a file,decrypted by my script and directly passed to expect script.Its not a robust design but satisfies what i must do now.
It's not that it's simple -- it's just wrong and can't be fixed by making it more complicated. No matter how many layers of encryption you paste on, anyone who sees your program can get the password at will. Just 'chmod -r' would be a lot more secure than this rube goldberg machine.

If you just want to hide the password from grepping, you could put it through base64...

Code:
# hackers don't read this file pretty please with sugar on top
MYPASSWORD=`echo "YWxqYWYK" | openssl base64 -d`

openssl has lots of ciphers, so I could make this more complicated, but the problem remains: anyone who views the file is handed the code to crack your password library on a silver platter. This scheme is not and cannot be secure. If I knew your actual goal in this, I could help you find ways with security beyond the illusory...
# 6  
Old 04-12-2010
I was going to suggest that second approach, as Corona688 stated - better avoid encrypt/decrypt process, but rather cut down the rights on that machine, in terms of root access, make the file exclusively locked, and keep the password in plain text. Then, whenever a password has to be read by the expect script, chmod the file, temporarily, the script will parse the password, and then lock the file again. Unfortunately, expect/TCL doesn't bring much into security, its first purpose was to be convenient for automation, both local and remote, thus avoiding user interactions. I have a few very handy expect scripts available, but only on test machines with limited access - both virtual and physical.
# 7  
Old 04-12-2010
Bug

well...i am no expert on this subject though i understand what you guys are trying to tell .....

what i am trying to do here is simple....i'll have ,say,pass.conf file which will have encrypted password (i'll create it once for all ).

in my expect script,i'll have

Code:
set password "[exec myScript.sh]"

now this myScript.sh should read pass.conf and decrypt the password.This decrypted password will be taken by expect to start its work.

Currently this pass.conf has ASCII text password in it and myScipt.sh is simply reading from it.

'pass.conf' is protected by 600 permissions ,owned by my app id.As such no one would be able to get to this file.


I know i am sounding very novice but thats what i am as far as security and stuff is concerned.I am a developer ,not a sys admin. Smilie

Kindly suggest other ways ,if you wish to.

Regards
Abhi
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Encrypt and decrypt the password in a Shell Script

Hello, I have the following UNIX shell script which connects to the teradata database and executes the SQL Queries. For this, I am passing database name, username and password. I don't want to reveal my password to anyone. So, is there any way that I can encrypt my password and read the... (2 Replies)
Discussion started by: ronitreddy
2 Replies

2. Shell Programming and Scripting

SFTP or scp with password in a batch script without using SSH keys and expect script

Dear All, I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Discussion started by: ss112233
5 Replies

3. Shell Programming and Scripting

Encrypt and decrypt a password in shell script

Hi All, very good morning all. I am trying to connect to informatica repository by using shell script. I have written pmrep connect command in the script file. But i need to provide repository, domain ,username and password to connect. Username and password are hard coded in the script... (8 Replies)
Discussion started by: SekhaReddy
8 Replies

4. Shell Programming and Scripting

Encrypt Password file and decrypt in a shell script

Hi All, I have stored Oracle database passwords in a hidden file - .pass_file. My shell script reads the hidden file, gets the password and then logs in to the Oracle database and runs some SQL script. My requirement is: I need to provide the shell script to be executed by someone else. So,... (1 Reply)
Discussion started by: sunpraveen
1 Replies

5. Shell Programming and Scripting

Encrypt DB password in Script

Hi, I have a SQL which i want to run through a shell script. query_result=`/home/oracle/product/11.2.0/bin/sqlplus -S uname/pwd@DBNAME <<! set heading off feedback off trimspool on set pagesize 0 set linesize 9999 spool $PARAM_PATH/param_name.txt; Select sysdate from dual; spool off;... (6 Replies)
Discussion started by: chetan.c
6 Replies

6. Shell Programming and Scripting

how to encrypt a password in shell script

Hi, I have run the below script which is connected to db2 v9.5. There is no issue. The only problem is how to encrypt the dbpwd? #!/bin/ksh #---- Set Environment dbalias="dev1db" dbuser="user1" dbpwd="password" #---- Connect to the Database cd /opt/ibm/db2/V9.5/bin db2 "connect to... (1 Reply)
Discussion started by: lookinginfo
1 Replies

7. Shell Programming and Scripting

How to hide/encrypt password in script?

Hi I have following problem Im writing a script (in bash ) , where need to be written login & passwd for databas client . Its need to in following form login passwd@dbhostname . The problem is so anybody can read it so the passwd & login are visible and thats not very safety . Can... (8 Replies)
Discussion started by: kvok
8 Replies

8. Shell Programming and Scripting

how to set password/encrypt a shell script

Hi, I have written a shell script in unix for my customer. Now I want to make it only execute and not to read/write. Can anybody help me how to set password protect/encript my script. Thanks Suresh (3 Replies)
Discussion started by: suresh3566
3 Replies

9. Shell Programming and Scripting

Encrypt source code or Provide execute only permission

To perform a black box testing and get users' feedback, we are planning to deploy a script in a common location and ask users to execute the script. However we do not want them to have a look at the script until the testing is done. I know this is against the open source concept, but it will be for... (7 Replies)
Discussion started by: krishmaths
7 Replies

10. Shell Programming and Scripting

Expect Script....encrypt password and use

Could someone please help me...I have an expect script. There's a need for a log in during the script and a password is required...right now the password is just a variable in the expect script...what would be the best way to put that in an encrypted flat file and have the expect script pull the... (2 Replies)
Discussion started by: cubs0729
2 Replies
Login or Register to Ask a Question