Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

www.webdp.net, Event 9 IIS log failed to write entry, wwwxxx jeffs, Catastrophic failure Unexpected method call sequence. 0x8000ffff (-2147418113)., ksh lock a file, [unixODBC][Driver Manager]Driver's SQLAllocHandle on SQL_HANDLE_DBC failed, sed: -e expression #1, char 1: unterminated address regex, procmail + change subject, w2ksp4.exe download, /proc/kallsyms format

Links

XODOX
Impressum

#1: encrypt/decrypt in shell script

Posted on 2005-02-15 20:01:37 by sfgroups

I want to store password in text file for my application, how will I
encrypt/decrypt using shell script?


-SR

Report this message

#2: Re: encrypt/decrypt in shell script

Posted on 2005-02-16 05:30:59 by cfajohnson

On Tue, 15 Feb 2005 at 19:01 GMT, sfgroups@gmail.com wrote:
> I want to store password in text file for my application, how will I
> encrypt/decrypt using shell script?

Unix passwords are not normally decryptable. To verify a password,
the supplied password is encrypted with the same seed that was
used to encrypt it and compared with the encrypted version.

There's probably a Perl module that will do the job, but I use a
small program I wrote in C, called encrypt. I compile it with:

gcc -ansi -o encrypt encrypt.c -lcrypt

It reads the password to be encrypted from stdin, and a
2-character seed may be supplied on the command line.

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>

char *
encrypt( char *passwd, char *pepper )
{
char salt[3];
char SaltChars[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456 789./";

time_t ticks;
static char *pwd;

if ( pepper )
{
salt[0] = pepper[0];
salt[1] = pepper[1];
}
else
{
time(&ticks);
salt[0] = SaltChars[ticks & 0x3F];
salt[1] = SaltChars[(ticks >> 6) & 0x3F];
}
salt[2] = '\0';
pwd = (char *)crypt(passwd, salt);
return pwd;
}

int
main(int argc, char *argv[])
{
char *passwd;
char buf[1024];
char *salt;

if (argc > 1)
{
salt = argv[1];
}
else
{
/* salt = "$1$!@#$%^&*"; */
salt = NULL;
}

fgets(buf,sizeof(buf),stdin);
if ( buf[strlen(buf)-1] == '\n' )
{
buf[strlen(buf) - 1] = '\0';
}
printf( "%s\n", encrypt(buf, salt));

return 0;
}


--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
============================================================ =======
My code (if any) in this post is copyright 2005, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License

Report this message

#3: Re: encrypt/decrypt in shell script

Posted on 2005-02-16 20:19:15 by Jeremiah DeWitt Weiner

Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
> On Tue, 15 Feb 2005 at 19:01 GMT, sfgroups@gmail.com wrote:
>> I want to store password in text file for my application, how will I
>> encrypt/decrypt using shell script?
> Unix passwords are not normally decryptable. To verify a password,
> the supplied password is encrypted with the same seed that was
> used to encrypt it and compared with the encrypted version.

The OP did say "for [his] application"; we have no way of knowing
whether he's using a standard Unix password-hashing scheme for it.
Probably not, would be my guess; he probably just wants to be able to
pass a password (in plain text) to some other application that's asking
for it.

My answer would be "you can probably encrypt it, but it's probably
not worth it." See the fetchmail design notes
(http://www.catb.org/~esr/fetchmail/design-notes.html) for an
explanation of why it's not really worth it to encrypt a password that's
just going to sit in a text file on a system anyway. A better approach
would be to redesign the system so you don't have to put the password in
a file. If that's not possible, locking down the ownership and
permissions is probably the best way to go.

JDW

Report this message