At Thu, 15 Dec 2011 20:29:58 +0100, herbert langhans
<herbert.raimund%langhans.com.pl@localhost> wrote:
Subject: Encrypting textfiles from shell
>
> actually a simple task - I would like to pass a textfile (with a
> password as option) through some unix-binary just to save it encrypted
> on the harddisk. Its intended for a password-list what I carry around on
> my laptop.
>
> Is there any simple tool to recommend? Should be no GUI like tkpasman.
If you want to use a tool in the base OS, there's bdes(1), as well as
the OpenSSL command someone else mentioned. I started doing this kind
of thing long before OpenSSL was included by default in any OS so I've
always used the DES command-line tool or its equivalent in most Unixes.
I used to do this manually, but eventually wrote a wee script to make
sure I didn't accidentally make a typo when giving a key to encrypt the
new file, as I did once. I use a similar script to send the file
through a pager too, just so I don't have to remember the name of the
encryption command, or any of its command-line parameters, if any. It's
all a quick hack -- not meant as a general solution for wide use.
I keep the script right beside the file, with a name like "vifile", so
in this case I would always run it with "./vifile" -- that way I avoid
getting tricked too easily by trojans in my path -- of course if "vi" or
"bdes" or "sh" or "mv" are hacked then I'm going to loose my data....
(This additional paranoia is meant for multi-user systems where I might
only trust the superuser (because it's me and only me) but I don't trust
any other users.)
#! /bin/sh
PWFILE_BASE=$HOME/private/pw
PATH=/bin:/usr/bin; export PATH
umask 077
/bin/chmod go-rwx ${PWFILE_BASE%/*}
/usr/bin/bdes -d < ${PWFILE_BASE}.des > ${PWFILE_BASE}
if [ $? -ne 0 ] ; then
echo "$0: problem decoding! Clean up the mess!" 2>&1
exit 1
fi
/usr/bin/vi ${PWFILE_BASE}
if [ $? -ne 0 ] ; then
echo "$0: problem editing! Clean up the mess!" 2>&1
exit 1
fi
/bin/mv ${PWFILE_BASE}.des ${PWFILE_BASE}.des-SAVE
bdes < ${PWFILE_BASE} > ${PWFILE_BASE}.des
if [ $? -ne 0 ] ; then
echo "$0: problem encoding! Clean up the mess!" 2>&1
exit 1
fi
echo -n "Again to verify encrypted file "
/usr/bin/bdes -d < ${PWFILE_BASE}.des | diff - ${PWFILE_BASE}
if [ $? -ne 0 ] ; then
echo "$0: problem diffing! Clean up the mess!" 2>&1
exit 1
else
/bin/rm ${PWFILE_BASE} ${PWFILE_BASE}.des-SAVE
fi
exit 0
--
Greg A. Woods
Planix, Inc.
<woods%planix.com@localhost> +1 250 762-7675 http://www.planix.com/
Attachment:
pgpkN97h1kFTY.pgp
Description: PGP signature