Shell scripts encryption

Similar Messages

• How to shell script for noob? or Cryptography for someone who doesn't need.

  Hi, I've seen the need of automating some tasks in the Terminal and I believe using shell scripts is my solution, although I don't really even understand how they work.
  Instead of posting a full how-to here, I'd like to ask if anyone knows about good comprehensive guide for someone who never used any programming language, yet knows how to work a bit with the Terminal?
  I will figure out the command I will need to input in the Terminal myself, by testing. Once it's figured all I need is to make a shell script out of it, and perhaps make an application out of it. (Automator? ... or more Script Editor? Or?)
  Thanks
  After seing this page...
  http://www.askdavetaylor.com/howcan_i_secure_encrypt_folders_on_my_macs_usb_flashdrive.html
  ... I believed to have found a great solution for some heavy cryptography, to protect some folder and for learning pleasure. What I wanted to do is to automate the openssl task mostly like this:
  Open my flash drive (or a certain folder) containting a disk image (uncompressed, or compressed if necessary, doesn't matter) but uncrypted. Clicking on something I will name 'Lock' for the moment will run the shell script, encrypting the said image with pre-set parameters and a password I will input when prompted by the app.
  Re-running the app will prompt me a password and simply un-encrypt the image, making it useable for me.
  That's all. Perhaps if I can do it, I'll make it prompt me what cipher and all other parameter to use, but I don't understand openssl very well yet. *I just read and understood more or less informations on that page.*
  Who knows, I'll end up with a sweet GUI for encrypting files usable by the common mortals.

  The Advanced Bash Scripting Guide is a great resource for beginners thru advanced users- http://tldp.org/LDP/abs/html/index.html

• Encrypt sensitive passwords in shell script - Which one do you prefer ?

  Hi ,
  I am looking for various options to encrypt a sensitive password in a unix shell script. After a bit of googling, I learned about 'shc'.
  Can you please advice on what things you use for this purpose, if any ?
  My requirement / idea is
  A .sql file will have to be executed by a shell script in SQLPLUS as USER/XXXX . The .sql file will be prepared by developer and will be put to a directory to which their osuser - say 'user1' will have write access. I will have 'oracle' user in the server , who is the DBA user. I want them to run this SQL like, runthis.sh test.sql where runthis.sh is owned by oracle user and will reside in some directory owned by DBA user. I am planning to configure schema password (USER/XXXX) in runthis.sh , which a developer is not supposed to know.
  But if I give execute permission for 'user1' to runthis.sh, it becomes readable and all can read the password. Is there anyway , I can store encrypted password in SQLPLUS connect string in this file / encrypt shell script as such ?
  Thanks in Advance.
  With Regards,
  SSN

  The Oracle account should be identical to the O/S account, and set up as 'externally identified'
  But heck, why I am explaining it when it is all on your doorstep, accessible 7 x 24 hrs, at http://tahiti.oracle.com
  Sybrand Bakker
  Senior Oracle DBA

• Encrypting password in shell script on Solaris 10.

  Hi,
  I have a shell script & in that the username & password is specified. I can see the password. Is there any way to encrpyt password in Unix scripts on solaris 10 box.
  Please suggest.
  Thanks & Regards,
  Tejas

  Here are some examples of avoiding passwords in scripts.
  First, if it's a script that needs to use remote login, you could set up ssh keys in the authorized_keys file of the remote system to allow auto-authentication.
  As a more general example, you could create a shell function that prompts for the password and stores it in an environment variable to be used by the script or utility that you want to use. Here is an example that we use in our Red Hat systems to allow yum to tunnel through our http proxy:
  function yumproxy(){
      echo -n "Enter Proxy Username: "
      read -e username
      echo -n "Enter Proxy Password: "
      read -es password
      echo
      export http_proxy="http://$username:$password@ourproxyserver:8080/"
  }This is in .bashrc so that we can run it once just before running any yum commands (not that this means anything in a Solaris forum!)

• Calling a report from a shell script

  We are modifying all concurrent programs to encrypt the oracle password by using the "ENCRYPT" option in the concurrent program definition for all unix based programs.
  The db user/password is derived from the FCP_LOGIN within the shell script. If I submit the concurrent prorgam and go to the root directory on which the unix shell scripts are present and execute the following command :
  ps -ef
  I can see the call to the concurrent program and since I am using the encrypt method, i cannot see the password(I could see the password before the change)
  The problem is one of the shell scripts is calling an Oracle Report by using ar25run command which needs a userid as the parameter.
  So when I issue the above ps command, i can see the password in the call to this report.
  Is there any other way of passing the oracle user/password to the report? This is required for SOX compliance.
  thanks,

  I guess it should be the same problem as if you are calling CONCSUB from unix also, because both need userid and password.
  If that's the case probably metalink note 104541.1 might help you.

• Wireless network (and a shell script for you guys, also)

  I don't know the right way to bring up my wireless iface at bootup, so I wrote a small shell script to do it for me.
  Feel free to use it if you find it useful..
  I'd also appreciate someone telling me what *IS* the arch way of doing what my shell script's doing
  #!/usr/bin/env bash
  # Val Polyakov <[email protected]>
  # 7/8/07
  # Change these to reflect your network
  PATH=/usr/sbin:/sbin:/bin
  IFACE=ifaceNameOfYourWirelessCard
  DRIVER=moduleNameForYourWirelessCard
  SID=yourSID
  ENCKEY=yourEncryptionKey
  # Don't change anything beyond this point.
  case "$1" in
      start)
          echo "Loading the wireless card driver"
          modprobe $DRIVER
      echo "Setting up the SID and encryption key"
          iwconfig $IFACE essid $SID enc $ENCKEY
      echo "Bringing up the wireless interface"
      ifconfig $IFACE up
      if [ -f /var/run/dhcpcd-$IFACE.pid ]
      then
          rm /var/run/dhcpcd-$IFACE.pid
      fi
      echo "Running the dhcp client"
      dhcpcd $IFACE
      stop)
          echo "Bringing down the wireless interface"
      ifconfig $IFACE down
      echo "Unloading the driver"
      rmmod $DRIVER   
      restart)
          $0 stop
      sleep 2
          $0 start
          echo "usage: $0 {start|stop|restart}"
  esac
  exit 0

  brain0 wrote:If your wireless drivers support wpa_supplicant, you could try autowifi from http://www.archlinux.org/~thomas/autowifi-svn/ It handles multiple wireless networks very well. There is no documentation right now, just read here: http://archlinux.org/pipermail/arch-dev … 00867.html
  what would the benefit of that be, as compared to my script ?
  the shell script i made (and pasted) works just fine, sits in /etc/rc.d and is called by /etc/rc.conf
  i was just curious whats the official, i guess, way to do it with arch
  since network profiles dont work for some reason, i figured i must be missing something..

• Command line parameters and Shell Script -- URGENT

  Hi folks,
  I am facing some problem in the Shell script and the command line parameter.
  The scenario is -- I am picking a file from a directory, whose path is <b>/interfaces/xid/receive/filename.dat</b>
  I have to encrypt filename.dat and move it to another folder, whose path is <b>/interfaces/xid/send</b>. So, the encrypted file will reside in the <b>send</b> directory.
  Now, I don't want to hardcode the new path, where the encrypted file has to be moved. Please let me know how to achieve this. Please consider this as urgent.
  Have a look at the command line in the "before message processing"  -- <b>/interfaces/xid/receive/xi_decompress.sh  /interfaces%F</b>
  Have a look at the shell script for the same --
  #!/bin/sh
  Setup environment variables
  COMMPRESS_DIR=/interfaces/software/commpress
  export COMMPRESS_DIR
  LOG_DIR=/interfaces/software/commpress/log/
  export LOG_DIR
  IN_FILE=$1
  export IN_FILE
  Find the directory where the unencrypted file is deposited
  IN_FILE_DIR=`dirname $1`
  export IN_FILE_DIR
  Make sure the working directory is where the unencrypt.key is...
  cd $COMMPRESS_DIR
  encrypt the file
  if [ `uname` = "HP-UX" ]
  then
     find $IN_FILE | $COMMPRESS_DIR/compx $IN_FILE_DIR logpath=$LOG_DIR
  else
     find $IN_FILE | $COMMPRESS_DIR/compx-sun $IN_FILE_DIR logpath=$LOG_DIR
  fi
  Get the result of the encryption
  RET_CODE=$?
  Check decryption result
  If error (retuen code <> 0), create an error log file in the
  same directory as the input file.
  if [ $RET_CODE -ne 0 ]
  then
      PREFIX="Decryption"
      DATE_TIME=$(date +%Y%m%d_%H%M%S%N)
      SUFFIX="err"
      FILENAME=$/$_$.$
      echo "Decryption Error log"        >$FILENAME
      echo "DATE_TIME:  $"   >>$FILENAME
      echo "DIRECTORY:  $" >>$FILENAME
      echo "FILE:       $"     >>$FILENAME
      echo "ERROR CODE: $"    >>$FILENAME
  fi
  exit $RET_CODE
  What else I need to add in this piece of code? Urgent help !!
  Thanks a lot in advance.
  Neetesh

  Hi Satish,
  I was able to figure that out, that we need to hard code the path as the 2nd parameter.
  But I guess there is a way out in Unix where we can handle this situation, where we are not willing to hard code.
  Anyways, thanks a lot for your input .. -:)
  Cheers,
  Neetesh

• How to avoid password prompt in shell script for zip password protection

  Hi
  I am trying to set password protection to my oracle database export backup. Once the backup completed, it should compress with a password protection. Thats the plan. Initialy we were using the gzip for the compression. Then realized that there is no password protection for the gzip. Started using zip option. I tried using
  zip -P <password> filename
  But it was throwing below error.
  -bash-3.2$ zip -P expreports REPORTS_2013FEB14.dmp
  zip warning: missing end signature--probably not a zip file (did you
  zip warning: remember to use binary mode when you transferred it?)
  zip warning: (if you are trying to read a damaged archive try -F)
  zip error: Zip file structure invalid (REPORTS_2013FEB14.dmp)
  Not quite sure why.
  Then I used zip -e REPORTS_2013FEB14.dmp.zip REPORTS_2013FEB14.dmp
  But this prompting for the password. As I am trying to put the command in the script. It will be tough if it prompts for the password.
  I would like to know how to avoid the password prompting by saving somewhere or how the code should be written. Tried using expect feature of shell script. Below was the code I tried. It didnt work.
  [oracle@SF40V6636 test]$ cat repexp.sh
  zip -e REPORTS_imp.log.zip REPORTS_imp.log
  expect "Enter password:"
  send "imprep"
  expect "Verify password:"
  send "imprep"
  So please help in avoiding this password prompt or let me know how to change the code.
  Thanks
  SHIYAS M

  How about using gpg and adding a secret key to the requirement of a password? No one should be able to decrypt your file, not by knowing only the password.
  1. Generate a public and private key pair:
  $ gpg --gen-key
  When it shows "We need to generate a lot of random bytes…" open another terminal session and type "dd if=/dev/sda of=/dev/null" to create traffic. When the public and secret key created and signed you can Ctrl-C the dd command.
  To see what you have created:
  $ gpg --list-keys
  2. Encrypt and gzip your stuff:
  $ tar zcf stuff.tgz file_or_folder
  $ gpg recipient "Some Name" encrypt stuff.tgz
  $ rm -f stuff.tgz
  3. Decrypt and extract the archive:
  $ gpg batch yes --passphrase "password" -d stuff.tgz.gpg > stuff.tgz
  $ tar zxvf stuff.tgz
  Again, knowing the password alone will not let anybody decrypt your stuff.

• Can't enter shell scripts in Automator?

  When adding the "Run Shell Script" action to a workflow in Automator, I can't actually type anything in the text box -- when I try to type something, I just get a bunch of seemingly random characters. Does anyone else see the same behaviour or is there just something funky going on with my two Macs?
  I'm certain I'd be able to create a couple of services for encrypting/decrypting messages in Mail with GPG, if only I could actually type the shell script into Automator

  Redemption Code http://helpx.adobe.com/x-productkb/global/redemption-code-help.html

• Speed up shell script execution

  Hi All,
  Before I go on, I must stress I am doing this for a disk image that I OWN, it's in no way an attempt to break into someone else's data...
  Last week I created an encrypted disk image (10GB) but have since forgotten the password stupidly!!!
  So, I figured I could knock up an applescript to try and brute force the image.
  I have successfully done this running th following code:
  do shell script "hdiutil attach -passphrase PASSWORDVAR diskimage.dmg
  The PASSWORDVAR changes on every loop to the next consecutive attempt, ie
  aaaaa
  aaaab
  aaaac etc
  When I run the script the command is looping about twice a second which is pretty slow... Is there anyway to speed this up a bit? Any help would be great!
  Thanks,

  You don't show the rest of your script that's building the password to try, so it's possible the problem is there, but the chances are your delay is not in AppleScript, but in hdiutil.
  On its own AppleScript can execute simple loops pretty quickly. However in this case you're calling hdiutil which has to take the parameters, test the password against the disk image, verify the result and then return an error.
  There is some overhead here in AppleScript calling do shell script so you might find better performance if this was a single shell script rather than an AppleScript, but I don't think it'll be a lot different.
  If you have multiple machines you can try to divide and conquer, having each machine start at a different point in the list of possibilities (or one start from the end and work forwards), other than that it's a let-it-run-all-night (week?) kind of thing.

• How to pass password to an lftp connection using shell script

  Hi
  I need to transfer a file to server which support FTPS protocol. I am using lftp utility for this purpose. User credentials used to establish the connection expires after a period(eg: 45 days/3 months) . Can anyone guide me with me an approach to use the password in the shell script which transfer the file to the remote server other than hard coding the password in the script.
  Thanks
  Ramya

  SSH is a better option but unfortunately it's not always available. If you worry about security, you could use the bookmark lftp feature:
  $ lftp ftp://username@server
  Password:
  lftp username@server:~>  set bmk:save-passwords true
  lftp username@server:~> bookmark add yourserver
  lftp username@server:~> bookmark list
  lftp username@server:~> quit
  $ lftp yourserver &
  $ ps -aux | grep lftp
  The password is stored in ~/.lftp/bookmarks (not encrypted) but you can protect the file with the right permissions as you would do with your certificates with SSH.

• Shell script adapter and passwords

  Does anyone know how to get a password into a shell script resource adapter?
  I've set up the "password" attribute in my resource adapter's schema, expecting at least to see the encrypted password in in $WSUSER_password, but it's always empty. Other attributes I add to the resource scheme show up in the scripts as shell variables just fine.
  Side question - the Solaris resource adapter, which looks a lot like the shell script adapter, doesn't even have a password in its schema map, yet it seems to set passwords just fine. What's up with that?
  The ShellScriptResourceObjects55.xml example doesn't seem to deal with passwords at all.

  Hi,
  Have you been able to resolve this issue?
  I am currently working on configuring a Shell Script Resource on my IDM system.
  I am still in the "*Create User"* stage of things (I haven't even begun working with the other Actions : Get User, Get All Users, Delete User, Update User)
  After a month-long period of trial-and-error, and a lot of headaches, I finally succeeded in Creating a new user on my Unix Machine, without any errors
  Except for one thing : for some reason, the user I create is not being given a password!
  A first, I configured the "Attribute Mapping" page to include a "Password" attribute. This did not work.
  Then I removed the password from there (I figured that when I input the user's basic information on the IDENTITY tab in IDM, then the password gets automatically passed to the Unix machine).
  Still, this did not work.
  The funniest thing is : I am not getting any errors. The user is created on my Unix machine. And, also, in my My-SQL database.
  The problem is : when I try to log into that same Unix machine as the user, it does not work, because......of course.....*.there is NO PASSWORD*.
  What could be the problem?

• Parameter transfer to tmloadcf from Unix shell script.

  Hi.
  I am using Tuxedo global transaction with database password encryption, so I replaced by ***** the database password in OPENINFO string of the TMS in the UBBCONFIG GROUP section.
  As a result the password should be inserted manually when running tmloadcf.
  Do you know how this password can be inserted from a Unix shell scripts?
  I tried to use << or named pipe (mkfifo) but in both cases the tmloadcf remained stuck.
  Thanks in advance for your help.
  Amnon Katz.

  Amnon,
  The C library function isatty() is used to determine if tmloadcf is
  associated with a terminal. If isatty(0) returns 0, then the tmloadcf code
  to prompt for a password will fail.
  In some places in Tuxedo, there is functionality to allow reading a password
  from an environment variable if the process requiring the password is not
  associated with a terminal. However, this functionality is not available
  for tmloadcf. If you have an active Tuxedo maintenance contract and the
  functionalty of reading a database password from an environment variable
  when tmloadcf is not run from a terminal is important to you, you may want
  to file a support case and request that this functionality be added to
  tmloadcf. Otherwise, you will have to run tmloadcf from a terminal.
  Regards,
  Ed
  <Amnon Katz> wrote in message news:[email protected]..
  Thanks Ed for your reply.
  Do you know how tmloadcf identify that descriptor 0 is associated with a
  terminal?
  Is it possible to write some code that can emulates this situation?
  Regards,
  Amnon

• Exports (from shell script) without password given explicitly in script

  Hi All,
  I have Oracle 10g2 on SLES 10 64-bit. I would like to do export the database using data pump from shell scripts. Is there any method to hide the password in the script file.
  Currently in doing by command:
  expdp system/password@database ....
  So any user who see the script will know the passowrd.
  Regards
  Groxy

  Hi,
  Have you considered the "Secure External Password Store" feature that was added in 10gR2? It uses the Oracle Wallet to store a database_alias with username/password credentials in encrypted format. Then you can enter your expdp command like this:
  expdp /@database_alias ...
  Take a look at the 10gR2 Security Guide. There's a chapter there on how to set this up.
  John

• Trying to create a shell script to cut/paste files in finder. Help needed.

  I'm trying to create an automator shell script to cut/paste. It'll function exactly like copy/paste. i.e. I'll just copy file/files with command+c like always, but then I'll create an automator which uses the "mv" terminal app to move the files which works exactly like cut paste.
  I need some help since I don't know the syntax for creating shell scripts.
  What I did so far is to do it in automator with Apple Script which goes like the following:
  on run {input, parameters}
  tell application "Finder"
  set theWindow to window 1
  set thePath to quoted form of (POSIX path of (target of theWindow as string))
  end tell
  tell application "Terminal"
  do script with command "mv \"" & input & "\"" & thePath in window 1
  end tell
  return input
  end run
  This gets the copied file path from clipboard before, as input, and then recognizes the active finder window as thePath so then executes the mv command for the input file to the thePath window.
  It doesn't work as expected since it connects both file/window paths into a single path instead of leaving a space between them so the mv command can't recognize two separate paths.
  What's the correct syntax for that line
  do script with command "mv \"" & input & "\"" & thePath in window 1
  to leave a space between input and thePath under the mv command?
  Also this requires the terminal app to be open in the background.
  After I get this to work I want to do the exact same thing using shell script within automator, so I won't need Terminal to be open all the time.
  And the next step will be to cut/paste multiple files/folders but that should be easy to do once I get the hang of it.

  Try using:
  on run {input, parameters}
  tell application "Finder"
  set theWindow to window 1
  set thePath to quoted form of (POSIX path of (target of theWindow as string))
  end tell
  do shell script "mv \"" & input & "\" " & thePath
  return input
  end run
  (45977)