Commands tagged crypt sorted by votes

Commands tagged crypt (5)

sorted by

Encrypt and password-protect execution of any bash script, Version 2

(Please see sample output for usage) Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.: myscript --> myscript.crypt You can execute myscript.crypt only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Sorry for the chmod on parentheses, I dont like "-" at the end. Thanks flatcap for the subshell abbreviation to /dev/null Show Sample Output
This is sample output - yours may be different.
```
$ cat script.bash

#!/bin/bash
echo "hello, world"

$ read -p 'Script: ' S && C=$S.crypt H='eval "$(dd if=$0 bs=1 skip=// 2>/dev/null|gpg -d 2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)

Script: script.bash
Enter passphrase:
Repeat passphrase:

$ cat script.bash.crypt 

eval "$(dd if=$0 bs=1 skip=70 2>/dev/null|gpg -d 2>/dev/null)"; exit;
%3@5%7%f$2&s*ty7%8@j$j!8)(&@@@

$ ./script.bash.crypt 
Enter passphrase:

hello, world
```
6

read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)

rodolfoap · 2013-03-10 08:59:45 14
Encrypt and password-protect execution of any bash script

(Please see sample output for usage) script.bash is your script, which will be crypted to script.secure script.bash --> script.secure You can execute script.secure only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Show Sample Output
This is sample output - yours may be different.
```
$ cat script.bash 

#!/bin/bash
echo "Hello, world"

$ echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
Enter passphrase:
Repeat passphrase:

$ ./script.secure 
Enter passphrase:

Hello, world

$ cat script.secure 
eval "$(dd if=$0 bs=1 skip=69 2>/dev/null|gpg -d 2>/dev/null)"; exit
%6&A2%&F%&B%&%4&%
```
5

echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure

rodolfoap · 2013-03-09 11:16:48 21
Test a SSLv2 connection

Test for weak SSL version. Show Sample Output
This is sample output - yours may be different.
```
CONNECTED(00000003)
```
1

openssl s_client -connect localhost:443 -ssl2

fernandomerces · 2011-04-02 06:34:39 6
Create new user with home directory and given password

Function: char * crypt (const char *key, const char *salt) The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found. The salt parameter does two things. Firstly, it selects which algorithm is used, the MD5-based one or the DES-based one. Secondly, it makes life harder for someone trying to guess passwords against a file containing many passwords; without a salt, an intruder can make a guess, run crypt on it once, and compare the result with all the passwords. With a salt, the intruder must run crypt once for each different salt. For the MD5-based algorithm, the salt should consist of the string $1$, followed by up to 8 characters, terminated by either another $ or the end of the string. The result of crypt will be the salt, followed by a $ if the salt didn't end with one, followed by 22 characters from the alphabet ./0-9A-Za-z, up to 34 characters total. Every character in the key is significant. For the DES-based algorithm, the salt should consist of two characters from the alphabet ./0-9A-Za-z, and the result of crypt will be those two characters followed by 11 more from the same alphabet, 13 in total. Only the first 8 characters in the key are significant. Show Sample Output
This is sample output - yours may be different.
```
root# useradd -m -p $(perl -e'print crypt("foo", "aa")') foo
user$ su - foo
Password: foo
foo$ ^D
root# userdel -r foo
```
0

useradd -m -p $(perl -e'print crypt("pass", "mb")') user

mariusbutuc · 2010-09-03 19:00:56 7

Create & mount 'encrypted filesystem' on a partition or file

In order to create a new encrypted filing system managed by cryptmount, you can use the supplied 'cryptmount-setup' program, which can be used by the superuser to interactively configure a basic setup. Alternatively, suppose that we wish to setup a new encrypted filing system, that will have a target-name of "opaque". If we have a free disk partition available, say /dev/hdb63, then we can use this directly to store the encrypted filing system. Alternatively, if we want to store the encrypted filing system within an ordinary file, we need to create space using a recipe such as: dd if=/dev/zero of=/home/opaque.fs bs=1M count=512 . cryptmount --generate-key 32 opaque . cryptmount --prepare opaque . mke2fs /dev/mapper/opaque . cryptmount --release opaque . mkdir /home/crypt . cryptmount -m opaque . cryptmount -u opaque For detail see sample output Show Sample Output

This is sample output - yours may be different.

In order to create a new encrypted filing system managed by cryptmount,
       you can use the supplied 'cryptmount-setup' program, which can be  used
       by the superuser to interactively configure a basic setup.

       Alternatively,  suppose  that  we  wish to setup a new encrypted filing
       system, that will have a target-name of "opaque".  If we  have  a  free
       disk partition available, say /dev/hdb63, then we can use this directly
       to store the encrypted filing system.  Alternatively,  if  we  want  to
       store  the  encrypted filing system within an ordinary file, we need to
       create space using a recipe such as:

$dd if=/dev/zero of=/home/opaque.fs bs=1M count=512

       and then replace all occurences of '/dev/hdb63' in the  following  with
       '/home/opaque.fs'.   (/dev/urandom  can  be used in place of /dev/zero,
       debatably for extra security, but is rather slower.)

       First,  we  need  to  add  an  entry  in  /etc/cryptmount/cmtab,  which
       describes  the  encryption  that will be used to protect the filesystem
       itself and the access key, as follows:

           opaque {
               dev=/dev/hdb63 dir=/home/crypt
               fstype=ext2 mountoptions=defaults cipher=twofish
               keyfile=/etc/cryptmount/opaque.key
               keyformat=builtin
           }

       Here, we will be using the "twofish" algorithm to  encrypt  the  filing
       system  itself, with the built-in key-manager being used to protect the
       decryption key (to be stored in /etc/cryptmount/opaque.key).

       In  order  to  generate  a  secret  decryption  key   (in   /etc/crypt&#8208;
       mount/opaque.key)  that  will  be  used  to  encrypt  the filing system
itself, we can execute, as root:

$cryptmount --generate-key 32 opaque

       This will generate a 32-byte (256-bit) key, which is known to  be  sup&#8208;
       ported  by the Twofish cipher algorithm, and store it in encrypted form
       after asking the system administrator for a password.

       If we now execute, as root:

$cryptmount --prepare opaque

       we will then be asked for the password that we  used  when  setting  up
       /etc/cryptmount/opaque.key,  which  will  enable  cryptmount to setup a
       device-mapper target (/dev/mapper/opaque).  (If you  receive  an  error
       message  of the form device-mapper ioctl cmd 9 failed: Invalid argument
       , this may mean that you have chosen a key-size that isn't supported by
       your chosen cipher algorithm.  You can get some information about suit&#8208;
       able key-sizes by checking the output  from  "more  /proc/crypto",  and
       looking at the "min keysize" and "max keysize" fields.)

       We  can  now  use  standard tools to create the actual filing system on
       /dev/mapper/opaque:

$mke2fs /dev/mapper/opaque

       (It may be advisable, after the filesystem is first mounted,  to  check
       that  the  permissions of the top-level directory created by mke2fs are
       appropriate for your needs.)

       After executing

$cryptmount --release opaque
$mkdir /home/crypt

       the encrypted filing system is ready for use.  Ordinary users can mount
       it by typing

$cryptmount -m opaque

       or

           cryptmount opaque

       and unmount it using

$cryptmount -u opaque

-2

cryptmount -m <name>

totti · 2012-01-17 18:02:47 14

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Google text-to-speech in mp3 format

Usage: t2s 'How are you?' Nice because it automatically names the mp3 file up to 15 characters Modified (uses bash manip instead of tr) t2s() { wget -q -U Mozilla -O $(cut -b 1-15

use vi key bindings at the command line

Adding Prefix to File name

Good old bracket expansion :-) For large numbers of files, "rename" will spare you the for-loop, or the find/exec...

list block devices

Shows all block devices in a tree with descruptions of what they are.

Binary digits Matrix effect

Silly Perl variant.

Stop Flash from tracking everything you do.

Brute force way to block all LSO cookies on a Linux system with the non-free Flash browser plugin. Works just fine for my needs. Enjoy.

whowatch: Linux and UNIX interactive, process and users monitoring tool

whowatch is a interactive, ncurses-based, process and users monitoring tool, which updates information in real time. This is a perfect tool for local and remote servers. It displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. Display of users command line can be switch to tty idle time. Certain user can be selected and his processes tree may be viewed as well as tree of all system processes. Tree may be displayed with additional column that shows owner of each process. In the process tree mode SIGINT and SIGKILL signals can be sent to the selected process. Killing processes is just as simple and fun as deleting lines on the screen.

ignore .DS_Store forever in GIT

With a couple of little commands, you?ll be able to ignore the .DS_Store files forever from your git repositories on mac! The following command will add the .gitignore file to the git configuration git config --global core.excludesfile ~/.gitignore then, the following, will add the .DS_Store to the list echo .DS_Store >> ~/.gitignore

Convert CSV to JSON

Replace 'csv_file.csv' with your filename.

Get information about memory modules

To take information about the characteristics of the installed memory modules.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged crypt

Commands tagged crypt (5) the last day the last week the last month all time sorted by date votes

What's this?

Check These Out

Stay in the loop…

Commands tagged crypt (5)

sorted by