encrypting/decrypting password stored in config file

Question

I have a simple Bash script automating tasks which require password-based authentication. Currently I store the credentials in plain text:

$ cat ~/.myconfig
username=foo
password=bar

Obviously that's bad - so I wonder whether there's a simple way to encrypt/decrypt the password using my public/private key pair. Using Yet Another Password for the encryption wouldn't gain much, so I want it to happen pretty much automatically.

I've done some research (around here and elsewhere), but am way out of my depth on this one...

Answer 1

You can store password into md5 sum, add some salt before.

create:

\#!/bin/bash

salt=12345_

protocol=sha1sum

read -p "Enter login: " username
read -p -s "Password: " pass1
read -p -s "Repeat: pass2

if [ "pass1 != pass2" ]; then echo "Pass missmatch"; exit 1; else password=pass1; fi

echo -en "$username " >> ./mypasswd
echo -e "${salt}${password} | $protocol | awk '{print $1}'" >> ./mypqsswd

read:

\#!/bin/bash
salt=12345_ #(samesalt)
protocol=sha1sum

read -p "Enter username: " username
read -p -s "Enter password: " password

if [ `grep $username ./mypasswd | awk '{print $2}' != `echo -e "`echo ${salt}${password} | $protocol | awk '{print $2}'`" ]; then echo -e "wrong username or password"; exit 127; else echo -e "login successfull"; fi

There's your code.

Answer 2

To automate your task means providing the password; it won't make a difference is you encrypt/obfuscate the password, you'll need to provide the decrypting too.
The only way around this dilemma is an agent-like program, as for example ssh-agent, which stores your passwords for you.

(edit: corrected link)

Answer 3

If you simply want to hide the password then store its SHA1 hash. The compare the hash of the entered password with your stored hash.