Commands tagged crypt sorted by votes

Commands tagged crypt (5)

sorted by

Encrypt and password-protect execution of any bash script, Version 2

(Please see sample output for usage) Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.: myscript --> myscript.crypt You can execute myscript.crypt only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Sorry for the chmod on parentheses, I dont like "-" at the end. Thanks flatcap for the subshell abbreviation to /dev/null Show Sample Output
This is sample output - yours may be different.
```
$ cat script.bash

#!/bin/bash
echo "hello, world"

$ read -p 'Script: ' S && C=$S.crypt H='eval "$(dd if=$0 bs=1 skip=// 2>/dev/null|gpg -d 2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)

Script: script.bash
Enter passphrase:
Repeat passphrase:

$ cat script.bash.crypt 

eval "$(dd if=$0 bs=1 skip=70 2>/dev/null|gpg -d 2>/dev/null)"; exit;
%3@5%7%f$2&s*ty7%8@j$j!8)(&@@@

$ ./script.bash.crypt 
Enter passphrase:

hello, world
```
6

read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)

rodolfoap · 2013-03-10 08:59:45 11
Encrypt and password-protect execution of any bash script

(Please see sample output for usage) script.bash is your script, which will be crypted to script.secure script.bash --> script.secure You can execute script.secure only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Show Sample Output
This is sample output - yours may be different.
```
$ cat script.bash 

#!/bin/bash
echo "Hello, world"

$ echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
Enter passphrase:
Repeat passphrase:

$ ./script.secure 
Enter passphrase:

Hello, world

$ cat script.secure 
eval "$(dd if=$0 bs=1 skip=69 2>/dev/null|gpg -d 2>/dev/null)"; exit
%6&A2%&F%&B%&%4&%
```
5

echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure

rodolfoap · 2013-03-09 11:16:48 9
Test a SSLv2 connection

Test for weak SSL version. Show Sample Output
This is sample output - yours may be different.
```
CONNECTED(00000003)
```
1

openssl s_client -connect localhost:443 -ssl2

fernandomerces · 2011-04-02 06:34:39 4
Create new user with home directory and given password

Function: char * crypt (const char *key, const char *salt) The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found. The salt parameter does two things. Firstly, it selects which algorithm is used, the MD5-based one or the DES-based one. Secondly, it makes life harder for someone trying to guess passwords against a file containing many passwords; without a salt, an intruder can make a guess, run crypt on it once, and compare the result with all the passwords. With a salt, the intruder must run crypt once for each different salt. For the MD5-based algorithm, the salt should consist of the string $1$, followed by up to 8 characters, terminated by either another $ or the end of the string. The result of crypt will be the salt, followed by a $ if the salt didn't end with one, followed by 22 characters from the alphabet ./0-9A-Za-z, up to 34 characters total. Every character in the key is significant. For the DES-based algorithm, the salt should consist of two characters from the alphabet ./0-9A-Za-z, and the result of crypt will be those two characters followed by 11 more from the same alphabet, 13 in total. Only the first 8 characters in the key are significant. Show Sample Output
This is sample output - yours may be different.
```
root# useradd -m -p $(perl -e'print crypt("foo", "aa")') foo
user$ su - foo
Password: foo
foo$ ^D
root# userdel -r foo
```
0

useradd -m -p $(perl -e'print crypt("pass", "mb")') user

mariusbutuc · 2010-09-03 19:00:56 5

Create & mount 'encrypted filesystem' on a partition or file

In order to create a new encrypted filing system managed by cryptmount, you can use the supplied 'cryptmount-setup' program, which can be used by the superuser to interactively configure a basic setup. Alternatively, suppose that we wish to setup a new encrypted filing system, that will have a target-name of "opaque". If we have a free disk partition available, say /dev/hdb63, then we can use this directly to store the encrypted filing system. Alternatively, if we want to store the encrypted filing system within an ordinary file, we need to create space using a recipe such as: dd if=/dev/zero of=/home/opaque.fs bs=1M count=512 . cryptmount --generate-key 32 opaque . cryptmount --prepare opaque . mke2fs /dev/mapper/opaque . cryptmount --release opaque . mkdir /home/crypt . cryptmount -m opaque . cryptmount -u opaque For detail see sample output Show Sample Output

This is sample output - yours may be different.

In order to create a new encrypted filing system managed by cryptmount,
       you can use the supplied 'cryptmount-setup' program, which can be  used
       by the superuser to interactively configure a basic setup.

       Alternatively,  suppose  that  we  wish to setup a new encrypted filing
       system, that will have a target-name of "opaque".  If we  have  a  free
       disk partition available, say /dev/hdb63, then we can use this directly
       to store the encrypted filing system.  Alternatively,  if  we  want  to
       store  the  encrypted filing system within an ordinary file, we need to
       create space using a recipe such as:

$dd if=/dev/zero of=/home/opaque.fs bs=1M count=512

       and then replace all occurences of '/dev/hdb63' in the  following  with
       '/home/opaque.fs'.   (/dev/urandom  can  be used in place of /dev/zero,
       debatably for extra security, but is rather slower.)

       First,  we  need  to  add  an  entry  in  /etc/cryptmount/cmtab,  which
       describes  the  encryption  that will be used to protect the filesystem
       itself and the access key, as follows:

           opaque {
               dev=/dev/hdb63 dir=/home/crypt
               fstype=ext2 mountoptions=defaults cipher=twofish
               keyfile=/etc/cryptmount/opaque.key
               keyformat=builtin
           }

       Here, we will be using the "twofish" algorithm to  encrypt  the  filing
       system  itself, with the built-in key-manager being used to protect the
       decryption key (to be stored in /etc/cryptmount/opaque.key).

       In  order  to  generate  a  secret  decryption  key   (in   /etc/crypt&#8208;
       mount/opaque.key)  that  will  be  used  to  encrypt  the filing system
itself, we can execute, as root:

$cryptmount --generate-key 32 opaque

       This will generate a 32-byte (256-bit) key, which is known to  be  sup&#8208;
       ported  by the Twofish cipher algorithm, and store it in encrypted form
       after asking the system administrator for a password.

       If we now execute, as root:

$cryptmount --prepare opaque

       we will then be asked for the password that we  used  when  setting  up
       /etc/cryptmount/opaque.key,  which  will  enable  cryptmount to setup a
       device-mapper target (/dev/mapper/opaque).  (If you  receive  an  error
       message  of the form device-mapper ioctl cmd 9 failed: Invalid argument
       , this may mean that you have chosen a key-size that isn't supported by
       your chosen cipher algorithm.  You can get some information about suit&#8208;
       able key-sizes by checking the output  from  "more  /proc/crypto",  and
       looking at the "min keysize" and "max keysize" fields.)

       We  can  now  use  standard tools to create the actual filing system on
       /dev/mapper/opaque:

$mke2fs /dev/mapper/opaque

       (It may be advisable, after the filesystem is first mounted,  to  check
       that  the  permissions of the top-level directory created by mke2fs are
       appropriate for your needs.)

       After executing

$cryptmount --release opaque
$mkdir /home/crypt

       the encrypted filing system is ready for use.  Ordinary users can mount
       it by typing

$cryptmount -m opaque

       or

           cryptmount opaque

       and unmount it using

$cryptmount -u opaque

-2

cryptmount -m <name>

totti · 2012-01-17 18:02:47 7

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Server load and process monitoring

In certain cases you mighy need to monitor the server load caused by certain process. For example HTTP, while stress testing apache using ab (apache benchmark) you may want to monitor the server status,load, # of spawned HTTP processes, # of established connections, # of connections in close wait state, apache memory footprint etc.

Change mysql prompt to be more verbose

You can put this into your shell sourced file like .bashrc or .zshrc to have a different mysql prompt. See http://dev.mysql.com/doc/refman/5.1/de/mysql-commands.html for more informations. Beware that currently with mysql 5.5 the seconds are buggy and won't be displayed if you put this into a .cnf file. With the enironment variable this will work.

Find usb device in realtime

Using this command you can track a moment when usb device was attached.

diff output of two commands

This only works in bash

Get AWS temporary credentials ready to export based on a MFA virtual appliance

You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

list files recursively by size

Show current working directory of a process

RTFM function

Simple edit to work for OSX. Now just add this to your ~/.profile and `source ~/.profile`

Get AWS temporary credentials ready to export based on a MFA virtual appliance

Convert CSV to JSON

Replace 'csv_file.csv' with your filename.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged crypt

Commands tagged crypt (5) the last day the last week the last month all time sorted by date votes

What's this?

Check These Out

Stay in the loop…

Commands tagged crypt (5)

sorted by