X-Spam-Check-By: sourceware.org Date: Wed, 7 Dec 2005 13:58:35 +0200 Message-Id: <200512071158.jB7BwZkt015168@beta.mvs.co.il> From: "Ehud Karni" To: mangoo AT wpkg DOT org Cc: ssorensen AT gmail DOT com, cygwin AT cygwin DOT com Subject: Re: encoding scripts (so that user can't see passwords easily)? In-reply-to: <4395E827.4070804@wpkg.org> (message from Tomasz Chmielewski on Tue, 06 Dec 2005 20:36:07 +0100) Reply-to: ehud AT unix DOT mvs DOT co DOT il References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-8-i Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Tue, 06 Dec 2005 20:36:07 +0100, Tomasz Chmielewski wrote: > > It is to be a measure to prevent an accidental viewing of > usernames/passwords rather than some "military grade" tool which takes > 100 years to break on a supercomputer. [I think this discussion is off topic for cygwin] Here are 2 simple bash scripts that do what you want. Both are filters (i.e. read standard input, write to standard output). The first one just obscures the input to all numeric string. The second one uses gpg, so you can do "real strong encryption", with encryption done by anyone while decryption done by the privileged user. Ehud #! /bin/bash -e # simple conversion to all numeric and back # -------------------------------------------------- OP="$1" # requested operation (--encrypt/--decrypt) INP=`cat` # input to encrypt/decrypt LEN=${#INP} # Length of input OUT="" # output (almost final) case "$OP" in "--encrypt" ) while [ "$INP" != "" ] do CH=${INP:0:1} # 1st char of input INP=${INP:1:$LEN} # rest of input OCT=`echo "$CH" | od -An -to1 -N1` # convert to octal EON=`expr 789 - $OCT` # not too obvious OUT="$OUT$EON" done ;; # OUT ready "--decrypt" ) while [ "$INP" != "" ] do EON=${INP:0:3} # 1st "inverted" octal of input INP=${INP:3:$LEN} # rest of input OCT=`expr 789 - $EON` # octal OUT="$OUT"'\'"$OCT" # add \ for decoding octals ' done ;; # OUT ready * ) echo "OP (1st arg) is |$OP|. should be --encrypt or --decrypt" exit 1 ;; esac echo -e "$OUT" # echo encrypted/decrypted to USER ############################## end of simple-crypt.sh ############################## #! /bin/bash -e # gpg encryption/decryption, must have gpg keys (public & private) # ---------------------------------------------------------------- KEY=$1 # gpg key, should be in pubring.gpg/secring.gpg OP=$2 # requested operation (--encrypt/--decrypt) PSP="$3" # passphrase (needed for --decrypt only) or empty GPGOPT="--default-recipient-self --batch --no-tty --always-trust --no-options --output -" if [ "$PSP" != "" ] ; then # do only when passphrase given exec 3<&0 # trick, save stdin stream echo "${PSP" | ( exec 4<&0 ; # set fd 4 to read from echo exec 0<&3 ; # restore original stdin (for gpg input) gpg --default-key $KEY $GPGOPT --passphrase-fd 4 $OP ) else gpg --default-key $KEY $GPGOPT $OP fi ############################## end of gpg-crypt.sh ############################## -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D Better Safe Than Sorry -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/