Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

encrypting/decrypting password stored in config file

I have a simple Bash script automating tasks which require password-based authentication. Currently I store the credentials in plain text:

$ cat ~/.myconfig
username=foo
password=bar

Obviously that's bad - so I wonder whether there's a simple way to encrypt/decrypt the password using my public/private key pair. Using Yet Another Password for the encryption wouldn't gain much, so I want it to happen pretty much automatically.

I've done some research (around here and elsewhere), but am way out of my depth on this one...

like image 706
AnC Avatar asked Aug 17 '10 09:08

AnC


People also ask

Is it safe to store passwords in config file?

Failure frequently compromises all data that should have been protected.

How do I decrypt an encrypted config file?

To decrypt encrypted configuration file contents, you use the Aspnet_regiis.exe tool with the -pd switch and the name of the configuration element to be decrypted. Use the –app and -site switches to identify the application for which the Web. config file will be decrypted.

Where are encrypted passwords stored?

Each user's password is stored in an encrypted form within the /etc/passwd file. These credentials are hashed using a one-way hash function so they cannot be decrypted.


3 Answers

You can store password into md5 sum, add some salt before.

create:

\#!/bin/bash

salt=12345_

protocol=sha1sum

read -p "Enter login: " username
read -p -s "Password: " pass1
read -p -s "Repeat: pass2

if [ "pass1 != pass2" ]; then echo "Pass missmatch"; exit 1; else password=pass1; fi

echo -en "$username " >> ./mypasswd
echo -e "${salt}${password} | $protocol | awk '{print $1}'" >> ./mypqsswd

read:

\#!/bin/bash
salt=12345_ #(samesalt)
protocol=sha1sum

read -p "Enter username: " username
read -p -s "Enter password: " password

if [ `grep $username ./mypasswd | awk '{print $2}' != `echo -e "`echo ${salt}${password} | $protocol | awk '{print $2}'`" ]; then echo -e "wrong username or password"; exit 127; else echo -e "login successfull"; fi

There's your code.

like image 170
Sky Avatar answered Nov 08 '22 19:11

Sky


To automate your task means providing the password; it won't make a difference is you encrypt/obfuscate the password, you'll need to provide the decrypting too.
The only way around this dilemma is an agent-like program, as for example ssh-agent, which stores your passwords for you.

(edit: corrected link)

like image 38
pavel Avatar answered Nov 08 '22 19:11

pavel


If you simply want to hide the password then store its SHA1 hash. The compare the hash of the entered password with your stored hash.

like image 39
PaulJWilliams Avatar answered Nov 08 '22 18:11

PaulJWilliams