NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Encrypting textfiles from shell

At Thu, 15 Dec 2011 20:29:58 +0100, herbert langhans 
<> wrote:
Subject: Encrypting textfiles from shell
> actually a simple task - I would like to pass a textfile (with a
> password as option) through some unix-binary just to save it encrypted
> on the harddisk. Its intended for a password-list what I carry around on
> my laptop. 
> Is there any simple tool to recommend? Should be no GUI like tkpasman. 

If you want to use a tool in the base OS, there's bdes(1), as well as
the OpenSSL command someone else mentioned.  I started doing this kind
of thing long before OpenSSL was included by default in any OS so I've
always used the DES command-line tool or its equivalent in most Unixes.

I used to do this manually, but eventually wrote a wee script to make
sure I didn't accidentally make a typo when giving a key to encrypt the
new file, as I did once.  I use a similar script to send the file
through a pager too, just so I don't have to remember the name of the
encryption command, or any of its command-line parameters, if any.  It's
all a quick hack -- not meant as a general solution for wide use.

I keep the script right beside the file, with a name like "vifile", so
in this case I would always run it with "./vifile" -- that way I avoid
getting tricked too easily by trojans in my path -- of course if "vi" or
"bdes" or "sh" or "mv" are hacked then I'm going to loose my data....
(This additional paranoia is meant for multi-user systems where I might
only trust the superuser (because it's me and only me) but I don't trust
any other users.)

#! /bin/sh


PATH=/bin:/usr/bin; export PATH

umask 077

/bin/chmod go-rwx ${PWFILE_BASE%/*}

/usr/bin/bdes -d < ${PWFILE_BASE}.des > ${PWFILE_BASE}
if [ $? -ne 0 ] ; then
        echo "$0: problem decoding!  Clean up the mess!" 2>&1
        exit 1
/usr/bin/vi ${PWFILE_BASE}
if [ $? -ne 0 ] ; then
        echo "$0: problem editing!  Clean up the mess!" 2>&1
        exit 1
/bin/mv ${PWFILE_BASE}.des ${PWFILE_BASE}.des-SAVE
bdes < ${PWFILE_BASE} > ${PWFILE_BASE}.des
if [ $? -ne 0 ] ; then
        echo "$0: problem encoding!  Clean up the mess!" 2>&1
        exit 1
echo -n "Again to verify encrypted file "
/usr/bin/bdes -d < ${PWFILE_BASE}.des | diff - ${PWFILE_BASE}
if [ $? -ne 0 ] ; then
        echo "$0: problem diffing!  Clean up the mess!" 2>&1
        exit 1
        /bin/rm ${PWFILE_BASE} ${PWFILE_BASE}.des-SAVE

exit 0

                                                Greg A. Woods
                                                Planix, Inc.

<>       +1 250 762-7675

Attachment: pgpkN97h1kFTY.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index