Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

OpenID

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged encryption

Hide

News

2012-05-20 - test: test
2012-05-20 - test: test
2012-05-20 - test: test
2012-05-20 - Test tweets: YU not working?

Hide

Functions

Hide

Credits

Site by David Winterbottom (user root).

Commands tagged Encryption

Terminal - Commands tagged Encryption - 15 results

md5sum<<<'text to be encrypted'

2012-02-14 19:57:52

User: waldvogel

Functions: md5sum

Tags: Security Encryption

Up
Down

Quickly generate an MD5 hash for a text string using OpenSSL

Here Strings / A variant of here documents, the format is:

(from bash manpage)

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

cryptmount -m <name>

This is sample output - yours may be different.

In order to create a new encrypted filing system managed by cryptmount,
       you can use the supplied 'cryptmount-setup' program, which can be  used
       by the superuser to interactively configure a basic setup.

       Alternatively,  suppose  that  we  wish to setup a new encrypted filing
       system, that will have a target-name of "opaque".  If we  have  a  free
       disk partition available, say /dev/hdb63, then we can use this directly
       to store the encrypted filing system.  Alternatively,  if  we  want  to
       store  the  encrypted filing system within an ordinary file, we need to
       create space using a recipe such as:

$dd if=/dev/zero of=/home/opaque.fs bs=1M count=512

       and then replace all occurences of '/dev/hdb63' in the  following  with
       '/home/opaque.fs'.   (/dev/urandom  can  be used in place of /dev/zero,
       debatably for extra security, but is rather slower.)

       First,  we  need  to  add  an  entry  in  /etc/cryptmount/cmtab,  which
       describes  the  encryption  that will be used to protect the filesystem
       itself and the access key, as follows:

           opaque {
               dev=/dev/hdb63 dir=/home/crypt
               fstype=ext2 mountoptions=defaults cipher=twofish
               keyfile=/etc/cryptmount/opaque.key
               keyformat=builtin
           }

       Here, we will be using the "twofish" algorithm to  encrypt  the  filing
       system  itself, with the built-in key-manager being used to protect the
       decryption key (to be stored in /etc/cryptmount/opaque.key).

       In  order  to  generate  a  secret  decryption  key   (in   /etc/crypt&#8208;
       mount/opaque.key)  that  will  be  used  to  encrypt  the filing system
itself, we can execute, as root:

$cryptmount --generate-key 32 opaque

       This will generate a 32-byte (256-bit) key, which is known to  be  sup&#8208;
       ported  by the Twofish cipher algorithm, and store it in encrypted form
       after asking the system administrator for a password.

       If we now execute, as root:

$cryptmount --prepare opaque

       we will then be asked for the password that we  used  when  setting  up
       /etc/cryptmount/opaque.key,  which  will  enable  cryptmount to setup a
       device-mapper target (/dev/mapper/opaque).  (If you  receive  an  error
       message  of the form device-mapper ioctl cmd 9 failed: Invalid argument
       , this may mean that you have chosen a key-size that isn't supported by
       your chosen cipher algorithm.  You can get some information about suit&#8208;
       able key-sizes by checking the output  from  "more  /proc/crypto",  and
       looking at the "min keysize" and "max keysize" fields.)

       We  can  now  use  standard tools to create the actual filing system on
       /dev/mapper/opaque:

$mke2fs /dev/mapper/opaque

       (It may be advisable, after the filesystem is first mounted,  to  check
       that  the  permissions of the top-level directory created by mke2fs are
       appropriate for your needs.)

       After executing

$cryptmount --release opaque
$mkdir /home/crypt

       the encrypted filing system is ready for use.  Ordinary users can mount
       it by typing

$cryptmount -m opaque

       or

           cryptmount opaque

       and unmount it using

$cryptmount -u opaque

2012-01-17 18:02:47

User: totti

Tags: Filesystem mount Encryption crypt

-2

Up
Down

Create & mount 'encrypted filesystem' on a partition or file

In order to create a new encrypted filing system managed by cryptmount,

you can use the supplied 'cryptmount-setup' program, which can be used

by the superuser to interactively configure a basic setup.

Alternatively, suppose that we wish to setup a new encrypted filing

system, that will have a target-name of "opaque". If we have a free

disk partition available, say /dev/hdb63, then we can use this directly

to store the encrypted filing system. Alternatively, if we want to

store the encrypted filing system within an ordinary file, we need to

create space using a recipe such as:

dd if=/dev/zero of=/home/opaque.fs bs=1M count=512

cryptmount --generate-key 32 opaque

cryptmount --prepare opaque

mke2fs /dev/mapper/opaque

cryptmount --release opaque

mkdir /home/crypt

cryptmount -m opaque

cryptmount -u opaque

For detail see sample output

alias sshv='ssh -vvv -o LogLevel=DEBUG3'

This is sample output - yours may be different.

OpenSSH_5.6p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /home/askapache/.ssh/config
debug1: Applying options for askapacheweb
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: cipher ok: blowfish-cbc [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: cipher ok: aes128-cbc [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: cipher ok: 3des-cbc [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: cipher ok: cast128-cbc [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: cipher ok: aes128-ctr [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: cipher ok: arcfour128 [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: ciphers ok: [blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,aes128-ctr,arcfour128]
debug3: key names ok: [ssh-rsa]
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to www.askapache.com [208.86.158.195] port 25627.
debug1: Connection established.
debug3: Not a RSA1 key file /home/askapache/.ssh/key.rsa5.
debug1: identity file /home/askapache/.ssh/key.rsa5 type -1
debug1: identity file /home/askapache/.ssh/key.rsa5-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(4096<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 147/256
debug2: bits set: 488/4096
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: put_host_port: [208.86.158.195]:25627
debug3: put_host_port: [www.askapache.com]:25627
debug3: check_host_in_hostfile: host [www.askapache.com]:25627 filename /home/askapache/.ssh/known_hosts
debug3: check_host_in_hostfile: host [www.askapache.com]:25627 filename /home/askapache/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 7
debug3: check_host_in_hostfile: host [208.86.158.195]:25627 filename /home/askapache/.ssh/known_hosts
debug3: check_host_in_hostfile: host [208.86.158.195]:25627 filename /home/askapache/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 8
debug1: Host '[www.askapache.com]:25627' is known and matches the RSA host key.
debug1: Found key in /home/askapache/.ssh/known_hosts:7
debug2: bits set: 484/4096
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/askapache/.ssh/key.rsa5 ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/askapache/.ssh/key.rsa5
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 44:bf:40:5e:gg:33:f4:77
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
Authenticated to www.askapache.com ([208.86.158.195]:25627).
debug2: fd 5 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

$ exit

debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
debug3: channel 0: close_fds r -1 w -1 e 6
Connection to www.askapache.com closed.
Transferred: sent 2528, received 7200 bytes, in 7.6 seconds
Bytes per second: sent 334.7, received 953.2
debug1: Exit status 0

2010-10-30 11:23:52

User: AskApache

Functions: alias

Tags: ssh bash alias log Encryption debug tty askapache SSH_TTY logging loglevel

Up
Down

Debug SSH at the Maximum Verbosity Level

When debugging an ssh connection either to optimize your settings ie compression, ciphers, or more commonly for debugging an issue connecting, this alias comes in real handy as it's not easy to remember the '-o LogLevel=DEBUG3' argument, which adds a boost of debugging info not available with -vvv alone.

Especially useful are the FD info, and the setup negotiation to create a cleaner, faster connection.

27e70f93f6059e5e08ed04a0a05c17ca

2010-08-19 16:41:03

User: shoshwet

Tags: Security Encryption

-20

Up
Down

Quickly generate an MD5 hash for a text string using OpenSSL

Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

2010-04-30 10:07:27

User: hackerb9

Functions: tr

Tags: Encryption rot13

Up
Down

happened to find this not bad software to keep my files and folders safe! Even the free trial version has the fantastic functions to protect any private files from being seen by anyone except me. With it I can encrypt, hide or lock anything I want, amazin

I noticed some spammer posted an advertisement here for "not bad" encryption. Unfortunately, their software only runs under Microsoft Windows and fails to work from the commandline. My shell script improves upon those two aspects, with no loss in security, using the exact same "military-grade" encryption technology, which has the ultra-cool codename "ROT-13". For extra security, I recommend running ROT-13 twice.

truecrypt volume.tc

2010-04-14 18:34:09

User: rkulla

Tags: Security mount Encryption Truecrypt

Up
Down

Mount/unmount your truecrypted file containers

This should automatically mount it to /media/truecrypt1. Further mounts will go to /media/truecrypt2, and so on. You shouldn't need sudo/su if your permissions are right.

I alias tru='truecrypt' since tr and true are commands.

To explicitly create a mount point do: tru volume.tc /media/foo

To make sure an GUI explorer window (nautilus, et al) opens on the mounted volume, add: --explorer

To see what you currently have mounted do: tru -l

To dismount a volume do: tru -d volume.tc. To dismount all mounted volumes at once do: tru -d

Tested with Truecrypt v6.3a / Ubuntu 9.10

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

php -r 'echo md5("password") . "\n";'

2010-02-07 21:39:07

User: mvrilo

Tags: Encryption password PHP md5

-4

Up
Down

Use php and md5 to generate a password

another alternative to encrypt strings

Comments (3) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

cat private-file | gpg2 --encrypt --armor --recipient "Disposable Key" | mailx -s "Email Subject" user@email.com

2009-10-19 20:38:37

User: slashdot

Functions: cat mailx

Tags: Security GPG Encryption email

Up
Down

Quickly Encrypt a file with gnupg and email it with mailx

This is a quick and easy way of encrypting files in a datastream, without ever really creating an output file from gpg. Useful with cron also, when file(s) have to be sent based on a set schedule.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3

2009-10-03 03:50:46

User: berot3

Tags: openssl Encryption tar password lifehacker

Up
Down

Encrypted archive with openssl and tar

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL

"That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:"

openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar

eval $(sed -n "s/^d[^D]*DB_$[NUPH]$[ASO].*',[^']*'$[^']*$'.*/_\1='\2'/p" wp-config.php) && mysqldump --opt --add-drop-table -u$_U -p$_P -h$_H $_N | gpg -er AskApache >`date +%m%d%y-%H%M.$_N.sqls`

2009-08-18 07:03:08

User: AskApache

Functions: eval gpg sed

Tags: bash GPG backup sed Encryption eval sql mysqldump wordpress

Up
Down

Create Encrypted WordPress MySQL Backup without any DB details, just the wp-config.php

The coolest way I've found to backup a wordpress mysql database using encryption, and using local variables created directly from the wp-config.php file so that you don't have to type them- which would allow someone sniffing your terminal or viewing your shell history to see your info.

I use a variation of this for my servers that have hundreds of wordpress installs and databases by using a find command for the wp-config.php file and passing that through xargs to my function.

tar c folder_to_encrypt | openssl enc -aes-256-cbc -e > secret.tar.enc

2009-07-23 06:03:39

User: recursiverse

Functions: c++ tar

Tags: openssl Encryption tar

Up
Down

Encrypted archive with openssl and tar

command to decrypt:

openssl enc -aes-256-cbc -d < secret.tar.enc | tar x

Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.

Comments (0) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

for a in path/* ; do ccenrypt -K <password> $a; done

2009-05-08 18:33:23

User: P17

Tags: Encryption

Up
Down

en/decrypts files in a specific directory

To decrypt the files replace "ccenrypt" with "ccdecrypt.

ccrypt(1) must be installed. It uses the AES (Rijndael) block cipher.

To make it handier create an alias.

Comments (2) | Add to favourites | Report as malicious | Submit alternative | Report as a duplicate

pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"

2009-05-07 14:49:56

User: denzuko

Tags: GPG Linux key Encryption secure password management pwsafe single

Up
Down

Safely store your gpg key passphrase.

From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/.

What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no?

You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com.

vim -x <FILENAME>

2009-05-05 23:24:17

User: denzuko

Functions: vim

Tags: vim edit Encryption files secure password protect

Up
Down

Add Password Protection to a file your editing in vim.

While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format.

For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption

echo -n 'text to be encrypted' | openssl md5

2009-03-18 00:11:46

User: Zenexer

Functions: echo

Tags: Security Encryption

Up
Down

Quickly generate an MD5 hash for a text string using OpenSSL

Thanks to OpenSSL, you can quickly and easily generate MD5 hashes for your passwords.

Alternative (thanks to linuxrawkstar and atoponce):

echo -n 'text to be encrypted' | md5sum -

Note that the above method does not utlise OpenSSL.