3

I need to use a password to login to MySQL DB. But the password is stored in AES encryption algorithm.

The login will be:

AES_PASSWORD=2hhbdhbdhbdbh (the encrypted password in AES)
mysql -uroot -p$(AES_PASSWORD)

How do I decrypt this in shell and use it? I searched in other similar queries, and couldn't find anything related to AES.

halfer
  • 19,824
  • 17
  • 99
  • 186
RajSanpui
  • 11,556
  • 32
  • 79
  • 146

1 Answers1

6

You need to know more than just the password's AES string. You need to know which AES it was encrypted with, for example, and the key or password used to encrypt it.

But lets say you you're using aes256 and know the password is "secret". You can do this:

DECODED=`echo $AES_PASSWORD | openssl enc -d -a -aes256 -pass pass:secret`

And then call mysql with $DECODED as the password argument instead.

This may or may not be the best way to invoke mysql, however, as the password appears on the command line in plain text when someone looks at the process list with 'ps'.

Wes Hardaker
  • 21,735
  • 2
  • 38
  • 69
  • So openssl is a prerequisite for this. – RajSanpui Feb 04 '14 at 14:40
  • I agree this is an alternate, but i think is equally vulnerable. Anyone can use the DB keys and AES version, to hack the DB ;-) – RajSanpui Feb 04 '14 at 15:19
  • Yes, openssl is required for this solution. But that's the most likely place you'll find any aes implementation. One of the crypto packages is likely to be needed, and openssl is rather common on most systems now. Except, probably, M$. – Wes Hardaker Feb 05 '14 at 19:46
  • Thanks for your answer, apologies for late acceptance, could not login. – RajSanpui Feb 10 '14 at 12:42