This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: encoding scripts (so that user can't see passwords easily)?
On Tue, 06 Dec 2005 20:36:07 +0100, Tomasz Chmielewski wrote:
>
> It is to be a measure to prevent an accidental viewing of
> usernames/passwords rather than some "military grade" tool which takes
> 100 years to break on a supercomputer.
[I think this discussion is off topic for cygwin]
Here are 2 simple bash scripts that do what you want. Both are filters
(i.e. read standard input, write to standard output). The first one
just obscures the input to all numeric string. The second one uses gpg,
so you can do "real strong encryption", with encryption done by anyone
while decryption done by the privileged user.
Ehud
#! /bin/bash -e
# simple conversion to all numeric and back
# --------------------------------------------------
OP="$1" # requested operation (--encrypt/--decrypt)
INP=`cat` # input to encrypt/decrypt
LEN=${#INP} # Length of input
OUT="" # output (almost final)
case "$OP" in
"--encrypt" )
while [ "$INP" != "" ]
do
CH=${INP:0:1} # 1st char of input
INP=${INP:1:$LEN} # rest of input
OCT=`echo "$CH" | od -An -to1 -N1` # convert to octal
EON=`expr 789 - $OCT` # not too obvious
OUT="$OUT$EON"
done ;; # OUT ready
"--decrypt" )
while [ "$INP" != "" ]
do
EON=${INP:0:3} # 1st "inverted" octal of input
INP=${INP:3:$LEN} # rest of input
OCT=`expr 789 - $EON` # octal
OUT="$OUT"'\'"$OCT" # add \ for decoding octals '
done ;; # OUT ready
* ) echo "OP (1st arg) is |$OP|. should be --encrypt or --decrypt"
exit 1 ;;
esac
echo -e "$OUT" # echo encrypted/decrypted to USER
############################## end of simple-crypt.sh ##############################
#! /bin/bash -e
# gpg encryption/decryption, must have gpg keys (public & private)
# ----------------------------------------------------------------
KEY=$1 # gpg key, should be in pubring.gpg/secring.gpg
OP=$2 # requested operation (--encrypt/--decrypt)
PSP="$3" # passphrase (needed for --decrypt only) or empty
GPGOPT="--default-recipient-self --batch --no-tty --always-trust --no-options --output -"
if [ "$PSP" != "" ] ; then # do only when passphrase given
exec 3<&0 # trick, save stdin stream
echo "${PSP" |
( exec 4<&0 ; # set fd 4 to read from echo
exec 0<&3 ; # restore original stdin (for gpg input)
gpg --default-key $KEY $GPGOPT --passphrase-fd 4 $OP )
else
gpg --default-key $KEY $GPGOPT $OP
fi
############################## end of gpg-crypt.sh ##############################
--
Ehud Karni Tel: +972-3-7966-561 /"\
Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign
Insurance agencies (USA) voice mail and X Against HTML Mail
http://www.mvs.co.il FAX: 1-815-5509341 / \
GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/