Security :: Reading Encryption Password With Bash?
Nov 20, 2010
I have two cryptsetup volumes with the same password that I want to open in a bash script, and I want to avoid writing the passphrase twice. I was thinking of using read -s. Is there any security problems with this?The other alternative would be to have a password file on a small partition encrypted with a passphrase. Then only give the passphrase and let the script open up all encrypted volumes using the password file. However this seems overly complicated. But is it more secure?
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
I want to automate the following manual process.Currently, I am encryptying a set of files using openssl as follows:Encrypt file.txt to file.out using 256-bit AES in CBC mode $ openssl enc -aes-256-cbc -salt -in file1 -out file1.enI am then prompted for a password, which is then used to encrypt the fileWhen decrypting, I type $ openssl enc -d -aes-256-cbc -infile1.enc -out fileI am then prompted for the password - which again, I manually type.I want to automate this process of en/decryption - so I need to find a way of providing openssh with the password.
My first thought is whether it is possible to read the password from a file (say)? Or is there a better way of doing this?Also, I suppose that I will have to place restriction on who can view the password file - otherwise, that defeats the whole objective of using a password. I am thinking to run the bash script as a specific user, and then give only that user read rights to the contents of that file.Is this the way its done - or is there a better way?Ofcourse all of this leads to yet another question - which is, how to run a bash script as another user - without having to type the user pwd at the terminal.
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
am fiddling around using an AES encrypted password which is stored in passwd.txt:cat ../passwd/passwd.txt {AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=Yet I like to interpret this password on the command line using svn checkout, so I do not have to type in my password ( which is visible on the command line):Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?The alternative is to type in the password on the command line, but this needs to be invisible eitehr showing #, * or "hidden". the last option is described: http://www.tech-recipes.com/rx/278/h...-shell-script/
When installing the latest Distro of Mint (I believe this is not much different, if at all, from Ubuntu as far as this goes) I chose to have my Home folder encrypted using the login password. This was a function of the installation. What I was wondering about was how secure this was and if I should maybe use something to do a better encryption or not.
I know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).
This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.
Now in my bash script, I want to get the output /home/user instead of $HOME once read. So far, I have managed to get the $HOME variable but I can't get it to echo the variable. All I get is the output $HOME.
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
I couldnt find any relevant threads so I created a new oneI am at my wits end sudden my encryption password is being rejected. It has worked before and it is written down I even tried loading a LiveCD hoping maybe an update screwed it up but even in the LiveCD the password isnt working.This wouldnt be such a big deal if I havent changed all my passwords and stored them in KeePass and havent got a chance to back it up yet
I am moving my Linux server from Suse 10 to Ubuntu 9.04 and I moved the significant parts of /etc/shadow, /etc/passwd, and /etc/group over to Ubuntu 9.04. I am not able to login into the computer with the old accounts. The only problem I see is that the old accounts use Blowfish and DES to encrypt the passwords in /etc/shadow, and Ubuntu uses SHA512. If I change the passwords, the accounts will work. However; I have about 300 accounts to move, and I don't want to do that to all of them. I have tired Ubuntu Forums and talked to every linux expert I know, and no one has an answer.
I decided to go for an encrypted home folder. It's really really cool that ubuntu offers the encryption now out of the box! However it auto generated a password for the encryption for me. While the password might be safe, it is impossible for me to remember. And writing it down on a piece of paper, which I would then carry around along with my laptop seems to make the whole encryption obsolete...
Long story short: Can you pinpoint me on how to change the encryption password?
Am configured SVN on Ubuntu 10.04 ,It's Working fine ;svn access method is svn://ipaddress .In this method am not encrypting the password ,Currently my passwd (/homesvnMyProject/conf )file like that [users]test = testNow i want to Implement the password Encryption for any users, without implementing svn+ssh:// method
When I user wants to navigate through the internet, he must first give his username and password. The password is sent in clear text. I would like to encrypt this using SSL (or an other solution already integrated in Squid). Is this possible in Squid?I read that "user_cert" option can do this, but I couldn't configure it.I have: acl myacl user_cert src 192.168.1.5Which gives: "aclParseAclLine: Invalid ACL type 'user_cert'"The other solution is probably tunneling, but I don't want to install special software on the client machines
I have a text file that contains a single word and I want to write a bash script that will read the word from the text file... The following is my incorrect attempt, as it assigns the name of the textfile to the variable as opposed to the word stored within the textfile:(assume I have a text file value.txt that has as its contents a single word, say wordone)
#!/bin/sh for f in value.txt do echo $f done
so the output of the above script is value.txt, however I want it to be wordone.to summarise: how do I assign the value of the word contained within a textfile to a variable?
I've been reading about getopt and getopts but it doesn't seem like it's possible to parse arguments like --foo or even -foo. I've started my own script trying to achieve this, but I'm still wondering if I'm losing performance and if there is a better way to do this task.
Also I'm using the [[ =~ ]] regex syntax which seems to be available only in newer bash versions, should it be a big issue? My bash version: GNU bash, version 4.1.7(2)-release (x86_64-unknown-linux-gnu)
I am trying to write a simple script to list all the files in a directory. The script I wrote was as below where the pdb_files is a directory and all the files which I want to list are in that folder.
Code: files=`ls -F pdb_files/*THERMO*` for inFiles in $files do echo $inFiles
I need to Read a path of a file witch is written in Text file i used this
Code:
FILENAME=$1 while read line do echo $line done < $FILENAME
it worked and showed me the Line witch was written in my file but now my problem is how am gonna use that line as a path i mean for example if am gonna execute a linux command on that file like dpkg -i /path/to/the/file how am gonna export it from The $Line variable and use it after the command.
there is one problem i encountered here while working with Embedded Artist board or Lpc 2478 uclinux.so my questions.what type of encryption does this uclinux use to encrypt the password?instead of using these 2 username and password,can i put my own password and username?
how to program in bash, an i have a problem, i am trying compare values in between 2 values (from another file), so far my solution is to make a nested for loop, but that causes it to compare every value. Here is a visulization of what i want
file.a 2,3,4,5 file.b 3 5
[code]...
i want the values 2, 3, 4, 5 from file.a to be compared inbetween values 3 5, 6 9,1 2, 4 7 from file.b (var1 is the value im comparing, var2 is the less value, var 3 is the greater value)
for i in $var1 do for k in $var2 do
[code]....
my problem with the above code is it compares EVERYINNG, not the values inbetween what i want (which is 3 5, 6 9 etc).
Here the description of the issue I am having.I am writing a bash test script which reads lines from a file, builds ISO messages, sends them to a server, reads the response with response code and reports the result of the test to a file or on the screen.The message that I need to send is 94 characters long.Here's the portion of a code that I initially wrote:
~ Open socket. exec 3<>/dev/tcp/172.26.0.25/9991 #~ Send msg.
I would like to read unix file permissions into a bash array for processing but tbh I have no idea how to do this. Then I will check for each individual access right l, d, x etc.
I am looking for some software (not Tryecrypt) where I can just right click a file and it will encrypt it for me. It would be nice to unencrypt on Windows but not essential.
