1

I need to place an encrypted password in the property file. I have a shell script which reads a password from a property file, decrypt it and use in the shell script. How to decrypt the password inside the shell script securely? My concern is others should not be able to decrypted the password by viewing the shell script

EDIT: It is an automated process. User will not input any password. To be more clear, my script needs to authenticate a service with user and password. I cannot put plain password in the property file. That should be encrypted and i need to decrypt it in the shell script before authentication process.

Jugi
  • 1,244
  • 3
  • 23
  • 51
  • 1
    Your questions is a bit unclear. You should only have stored a hashed version of the password. Hashing is a one-way encryption (or at least it should be). You then have the user input the password, hash that and compare against the stored hashed password to determine if the password entered was correct. If you are just placing the "unencrypt" routine in your shell script -- you may as well just hardcode the password. – David C. Rankin Mar 25 '18 at 08:51
  • https://stackoverflow.com/a/16056298/1135424 – nbari Mar 25 '18 at 09:09
  • @DavidC.Rankin, it is an automated process. User will not input any password. To be more clear, my script needs to authenticate a service with user and password. I cannot put plain password in the property file. That should be encrypted and i need to decrypt it in the shell script before authentication process. – Jugi Mar 25 '18 at 09:21
  • That's what I thought you were getting at. What I'm saying is regardless what you put in your script -- it tells whoever looks at the script exactly how to decode the password in your property file. There is no way around that. Whether you call openssh, or some custom algorithm with does bitwise gymnastics on the hashed version from the properties file -- whoever reads the script, knows what needs to be done to decrypt it. Now you can make the script readable/executable by only the process that needs to execute it, and `setfacl` -- but those are just bandaids, not cures. – David C. Rankin Mar 25 '18 at 09:33
  • Thanks @DavidC.Rankin, let me give a try as u suggested – Jugi Mar 25 '18 at 09:39

0 Answers0