Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

nu vot, WWWXXXAPC, dhcpd lease file "binding state", WWWXXXDOCO, how to setup procmail to process html2text, how to setup procmail html2text, WWWXXXDOCO, WWWXXXAPC., XXXCNZZZ, ss4000 recovery array

Links

XODOX
Impressum

#1: encrypt/decrypt in shell script

Posted on 2005-02-15 20:01:37 by sfgroups

I want to store password in text file for my application, how will I
encrypt/decrypt using shell script?


-SR

Report this message

#2: Re: encrypt/decrypt in shell script

Posted on 2005-02-16 05:30:59 by cfajohnson

On Tue, 15 Feb 2005 at 19:01 GMT, sfgroups@gmail.com wrote:
> I want to store password in text file for my application, how will I
> encrypt/decrypt using shell script?

Unix passwords are not normally decryptable. To verify a password,
the supplied password is encrypted with the same seed that was
used to encrypt it and compared with the encrypted version.

There's probably a Perl module that will do the job, but I use a
small program I wrote in C, called encrypt. I compile it with:

gcc -ansi -o encrypt encrypt.c -lcrypt

It reads the password to be encrypted from stdin, and a
2-character seed may be supplied on the command line.

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>

char *
encrypt( char *passwd, char *pepper )
{
char salt[3];
char SaltChars[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456 789./";

time_t ticks;
static char *pwd;

if ( pepper )
{
salt[0] = pepper[0];
salt[1] = pepper[1];
}
else
{
time(&ticks);
salt[0] = SaltChars[ticks & 0x3F];
salt[1] = SaltChars[(ticks >> 6) & 0x3F];
}
salt[2] = '\0';
pwd = (char *)crypt(passwd, salt);
return pwd;
}

int
main(int argc, char *argv[])
{
char *passwd;
char buf[1024];
char *salt;

if (argc > 1)
{
salt = argv[1];
}
else
{
/* salt = "$1$!@#$%^&*"; */
salt = NULL;
}

fgets(buf,sizeof(buf),stdin);
if ( buf[strlen(buf)-1] == '\n' )
{
buf[strlen(buf) - 1] = '\0';
}
printf( "%s\n", encrypt(buf, salt));

return 0;
}


--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
============================================================ =======
My code (if any) in this post is copyright 2005, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License

Report this message

#3: Re: encrypt/decrypt in shell script

Posted on 2005-02-16 20:19:15 by Jeremiah DeWitt Weiner

Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
> On Tue, 15 Feb 2005 at 19:01 GMT, sfgroups@gmail.com wrote:
>> I want to store password in text file for my application, how will I
>> encrypt/decrypt using shell script?
> Unix passwords are not normally decryptable. To verify a password,
> the supplied password is encrypted with the same seed that was
> used to encrypt it and compared with the encrypted version.

The OP did say "for [his] application"; we have no way of knowing
whether he's using a standard Unix password-hashing scheme for it.
Probably not, would be my guess; he probably just wants to be able to
pass a password (in plain text) to some other application that's asking
for it.

My answer would be "you can probably encrypt it, but it's probably
not worth it." See the fetchmail design notes
(http://www.catb.org/~esr/fetchmail/design-notes.html) for an
explanation of why it's not really worth it to encrypt a password that's
just going to sit in a text file on a system anyway. A better approach
would be to redesign the system so you don't have to put the password in
a file. If that's not possible, locking down the ownership and
permissions is probably the best way to go.

JDW

Report this message