Re: encoding scripts (so that user can't see passwords easily)?

["Ehud Karni" <ehud at unix dot mvs dot co dot il>]

On Tue, 06 Dec 2005 20:36:07 +0100, Tomasz Chmielewski wrote:
>
> It is to be a measure to prevent an accidental viewing of
> usernames/passwords rather than some "military grade" tool which takes
> 100 years to break on a supercomputer.

[I think this discussion is off topic for cygwin]

Here are 2 simple bash scripts that do what you want. Both are filters
(i.e. read standard input, write to standard output). The first one
just obscures the input to all numeric string. The second one uses gpg,
so you can do "real strong encryption", with encryption done by anyone
while decryption done by the privileged user.

Ehud


#! /bin/bash -e
# simple conversion to all numeric and back
# --------------------------------------------------

OP="$1"                    # requested operation (--encrypt/--decrypt)
INP=`cat`                  # input to encrypt/decrypt
LEN=${#INP}                # Length of input
OUT=""                     # output (almost final)

case "$OP" in
   "--encrypt" )
       while [ "$INP" != "" ]
       do
           CH=${INP:0:1}                       # 1st char of input
           INP=${INP:1:$LEN}                   # rest of input
           OCT=`echo "$CH" | od -An -to1 -N1`  # convert to octal
           EON=`expr 789 - $OCT`               # not too obvious
           OUT="$OUT$EON"
       done    ;;                              # OUT ready

   "--decrypt" )
       while [ "$INP" != "" ]
       do
          EON=${INP:0:3}                       # 1st "inverted" octal of input
          INP=${INP:3:$LEN}                    # rest of input
          OCT=`expr 789 - $EON`                # octal
          OUT="$OUT"'\'"$OCT"                  # add \ for decoding octals '
       done    ;;                              # OUT ready

   * ) echo "OP (1st arg) is |$OP|. should be --encrypt or --decrypt"
       exit 1  ;;
esac

echo -e "$OUT"                                 # echo encrypted/decrypted to USER

############################## end of simple-crypt.sh ##############################


#! /bin/bash -e
# gpg encryption/decryption, must have gpg keys (public & private)
# ----------------------------------------------------------------

KEY=$1                     # gpg key, should be in pubring.gpg/secring.gpg
OP=$2                      # requested operation (--encrypt/--decrypt)
PSP="$3"                   # passphrase (needed for --decrypt only) or empty

GPGOPT="--default-recipient-self --batch --no-tty --always-trust --no-options --output -"
if [ "$PSP" != "" ] ; then # do only when passphrase given
    exec 3<&0              # trick, save stdin stream

    echo "${PSP" |
    (  exec 4<&0 ;         # set fd 4 to read from echo
       exec 0<&3 ;         # restore original stdin (for gpg input)
       gpg --default-key $KEY $GPGOPT --passphrase-fd 4 $OP )
else
    gpg --default-key $KEY $GPGOPT $OP
fi

############################## end of gpg-crypt.sh ##############################


--
 Ehud Karni           Tel: +972-3-7966-561  /"\
 Mivtach - Simon      Fax: +972-3-7966-667  \ /  ASCII Ribbon Campaign
 Insurance agencies   (USA) voice mail and   X   Against   HTML   Mail
 http://www.mvs.co.il  FAX:  1-815-5509341  / \
 GnuPG: 98EA398D <http://www.keyserver.net/>    Better Safe Than Sorry

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/