X-Spam-Check-By: sourceware.org Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: encoding scripts (so that user can't see passwords easily)? Date: Wed, 7 Dec 2005 08:59:19 -0500 Message-ID: <31DDB7BE4BF41D4888D41709C476B6570246A8D0@NIHCESMLBX5.nih.gov> From: "Buchbinder, Barry \(NIH/NIAID\) [E]" To: X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id jB7DxVrX028871 Ehud Karni wrote: > On Tue, 06 Dec 2005 20:36:07 +0100, Tomasz Chmielewski wrote: >> >> It is to be a measure to prevent an accidental viewing of >> usernames/passwords rather than some "military grade" tool which >> takes 100 years to break on a supercomputer. > > [I think this discussion is off topic for cygwin] > > Here are 2 simple bash scripts that do what you want. Both are > filters (i.e. read standard input, write to standard output). The > first one just obscures the input to all numeric string. The second > one uses gpg, so you can do "real strong encryption", with encryption > done by anyone while decryption done by the privileged user. > > Ehud > > > #! /bin/bash -e > # simple conversion to all numeric and back # > -------------------------------------------------- > > OP="$1" # requested operation (--encrypt/--decrypt) > INP=`cat` # input to encrypt/decrypt > LEN=${#INP} # Length of input > OUT="" # output (almost final) > > case "$OP" in > "--encrypt" ) > while [ "$INP" != "" ] > do > CH=${INP:0:1} # 1st char of input > INP=${INP:1:$LEN} # rest of input > OCT=`echo "$CH" | od -An -to1 -N1` # convert to octal > EON=`expr 789 - $OCT` # not too obvious > OUT="$OUT$EON" > done ;; # OUT ready > > "--decrypt" ) > while [ "$INP" != "" ] > do > EON=${INP:0:3} # 1st "inverted" octal > of input INP=${INP:3:$LEN} # rest of > input OCT=`expr 789 - $EON` # octal > OUT="$OUT"'\'"$OCT" # add \ for decoding > octals ' done ;; # OUT ready > > * ) echo "OP (1st arg) is |$OP|. should be --encrypt or --decrypt" > exit 1 ;; > esac > > echo -e "$OUT" # echo > encrypted/decrypted to USER > > ############################## end of simple-crypt.sh > ############################## > > > #! /bin/bash -e > # gpg encryption/decryption, must have gpg keys (public & private) # > ---------------------------------------------------------------- > > KEY=$1 # gpg key, should be in > pubring.gpg/secring.gpg > OP=$2 # requested operation (--encrypt/--decrypt) > PSP="$3" # passphrase (needed for --decrypt only) > or empty > > GPGOPT="--default-recipient-self --batch --no-tty --always-trust > --no-options --output -" > if [ "$PSP" != "" ] ; then # do only when passphrase given > exec 3<&0 # trick, save stdin stream > > echo "${PSP" | > ( exec 4<&0 ; # set fd 4 to read from echo > exec 0<&3 ; # restore original stdin (for gpg input) > gpg --default-key $KEY $GPGOPT --passphrase-fd 4 $OP ) else > gpg --default-key $KEY $GPGOPT $OP > fi > > ############################## end of gpg-crypt.sh > ############################## Are we forgetting the classic? As long as we don't care how strong the encryption is, what about rot13? #!/bin/sh tr 'A-Za-z' 'N-ZA-Mn-za-m' (Maybe I should ITP rot13.) And there's always uuencode/uudecode. :-) - Barry -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/