I have a simple Bash script automating tasks which require password-based authentication. Currently I store the credentials in plain text:
$ cat ~/.myconfig
username=foo
password=bar
Obviously that's bad - so I wonder whether there's a simple way to encrypt/decrypt the password using my public/private key pair. Using Yet Another Password for the encryption wouldn't gain much, so I want it to happen pretty much automatically.
I've done some research (around here and elsewhere), but am way out of my depth on this one...
Failure frequently compromises all data that should have been protected.
To decrypt encrypted configuration file contents, you use the Aspnet_regiis.exe tool with the -pd switch and the name of the configuration element to be decrypted. Use the –app and -site switches to identify the application for which the Web. config file will be decrypted.
Each user's password is stored in an encrypted form within the /etc/passwd file. These credentials are hashed using a one-way hash function so they cannot be decrypted.
You can store password into md5 sum, add some salt before.
\#!/bin/bash
salt=12345_
protocol=sha1sum
read -p "Enter login: " username
read -p -s "Password: " pass1
read -p -s "Repeat: pass2
if [ "pass1 != pass2" ]; then echo "Pass missmatch"; exit 1; else password=pass1; fi
echo -en "$username " >> ./mypasswd
echo -e "${salt}${password} | $protocol | awk '{print $1}'" >> ./mypqsswd
\#!/bin/bash
salt=12345_ #(samesalt)
protocol=sha1sum
read -p "Enter username: " username
read -p -s "Enter password: " password
if [ `grep $username ./mypasswd | awk '{print $2}' != `echo -e "`echo ${salt}${password} | $protocol | awk '{print $2}'`" ]; then echo -e "wrong username or password"; exit 127; else echo -e "login successfull"; fi
There's your code.
To automate your task means providing the password; it won't make a difference is you encrypt/obfuscate the password, you'll need to provide the decrypting too.
The only way around this dilemma is an agent-like program, as for example ssh-agent, which stores your passwords for you.
(edit: corrected link)
If you simply want to hide the password then store its SHA1 hash. The compare the hash of the entered password with your stored hash.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With