Commands tagged Encryption (28)

  • Add Password Protection to a file your editing in vim.

    While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format. For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption Show Sample Output


    88
    vim -x <FILENAME>
    denzuko · 2009-05-05 23:24:17 4
  • Encrypted archive with openssl and tar

    Create an AES256 encrypted and compressed tar archive. User is prompted to enter the password. Decrypt with: openssl enc -d -aes256 -in <file> | tar --extract --file - --gzip


    26
    tar --create --file - --posix --gzip -- <dir> | openssl enc -e -aes256 -out <file>
    seb1245 · 2012-11-27 15:33:45 0
  • Quickly generate an MD5 hash for a text string using OpenSSL

    Thanks to OpenSSL, you can quickly and easily generate MD5 hashes for your passwords. Alternative (thanks to linuxrawkstar and atoponce): echo -n 'text to be encrypted' | md5sum - Note that the above method does not utlise OpenSSL. Show Sample Output


    19
    echo -n 'text to be encrypted' | openssl md5
    Zenexer · 2009-03-18 00:11:46 4
  • Simple multi-user encrypted chat server for 5 users

    Client ~$ ncat --ssl localhost 9876 Change localhost to the correct ip address. Show Sample Output


    19
    ncat -vlm 5 --ssl --chat 9876
    snipertyler · 2014-06-07 19:17:29 0
  • Encrypted chat with netcat and openssl (one-liner)

    client$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw ; done | nc localhost 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done This will establish a simple encrypted chat with AES-256-CTR using netcat and openssl only. More info here https://nixaid.com/encrypted-chat-with-netcat/


    9
    server$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw; done | nc -l -p 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done
    arno · 2014-01-16 14:36:09 0
  • Create executable, automountable filesystem in a file, with password!

    This is just a proof of concept: A FILE WHICH CAN AUTOMOUNT ITSELF through a SIMPLY ENCODED script. It takes advantage of the OFFSET option of mount, and uses it as a password (see that 9191? just change it to something similar, around 9k). It works fine, mounts, gets modified, updated, and can be moved by just copying it. USAGE: SEE SAMPLE OUTPUT The file is composed of three parts: a) The legible script (about 242 bytes) b) A random text fill to reach the OFFSET size (equals PASSWORD minus 242) c) The actual filesystem Logically, (a)+(b) = PASSWORD, that means OFFSET, and mount uses that option. PLEASE NOTE: THIS IS NOT AN ENCRYPTED FILESYSTEM. To improve it, it can be mounted with a better encryption script and used with encfs or cryptfs. The idea was just to test the concept... with one line :) It applies the original idea of http://www.commandlinefu.com/commands/view/7382/command-for-john-cons for encrypting the file. The embedded bash script can be grown, of course, and the offset recalculation goes fine. I have my own version with bash --init-file to startup a bashrc with a well-defined environment, aliases, variables. Show Sample Output


    6
    dd if=/dev/zero of=T bs=1024 count=10240;mkfs.ext3 -q T;E=$(echo 'read O;mount -o loop,offset=$O F /mnt;'|base64|tr -d '\n');echo "E=\$(echo $E|base64 -d);eval \$E;exit;">F;cat <(dd if=/dev/zero bs=$(echo 9191-$(stat -c%s F)|bc) count=1) <(cat T;rm T)>>F
    rodolfoap · 2013-01-31 01:38:30 5
  • Encrypt and password-protect execution of any bash script, Version 2

    (Please see sample output for usage) Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.: myscript --> myscript.crypt You can execute myscript.crypt only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Sorry for the chmod on parentheses, I dont like "-" at the end. Thanks flatcap for the subshell abbreviation to /dev/null Show Sample Output


    6
    read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
    rodolfoap · 2013-03-10 08:59:45 8
  • Encrypted archive with openssl and tar

    command to decrypt: openssl enc -aes-256-cbc -d < secret.tar.enc | tar x Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.


    5
    tar c folder_to_encrypt | openssl enc -aes-256-cbc -e > secret.tar.enc
    recursiverse · 2009-07-23 06:03:39 0
  • Encrypt and password-protect execution of any bash script

    (Please see sample output for usage) script.bash is your script, which will be crypted to script.secure script.bash --> script.secure You can execute script.secure only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Show Sample Output


    5
    echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
    rodolfoap · 2013-03-09 11:16:48 4
  • en/decrypts files in a specific directory

    To decrypt the files replace "ccenrypt" with "ccdecrypt. ccrypt(1) must be installed. It uses the AES (Rijndael) block cipher. To make it handier create an alias.


    4
    for a in path/* ; do ccenrypt -K <password> $a; done
    P17 · 2009-05-08 18:33:23 2
  • Create Encrypted WordPress MySQL Backup without any DB details, just the wp-config.php

    The coolest way I've found to backup a wordpress mysql database using encryption, and using local variables created directly from the wp-config.php file so that you don't have to type them- which would allow someone sniffing your terminal or viewing your shell history to see your info. I use a variation of this for my servers that have hundreds of wordpress installs and databases by using a find command for the wp-config.php file and passing that through xargs to my function. Show Sample Output


    4
    eval $(sed -n "s/^d[^D]*DB_\([NUPH]\)[ASO].*',[^']*'\([^']*\)'.*/_\1='\2'/p" wp-config.php) && mysqldump --opt --add-drop-table -u$_U -p$_P -h$_H $_N | gpg -er AskApache >`date +%m%d%y-%H%M.$_N.sqls`
    AskApache · 2009-08-18 07:03:08 0
  • Debug SSH at the Maximum Verbosity Level

    When debugging an ssh connection either to optimize your settings ie compression, ciphers, or more commonly for debugging an issue connecting, this alias comes in real handy as it's not easy to remember the '-o LogLevel=DEBUG3' argument, which adds a boost of debugging info not available with -vvv alone. Especially useful are the FD info, and the setup negotiation to create a cleaner, faster connection. Show Sample Output


    4
    alias sshv='ssh -vvv -o LogLevel=DEBUG3'
    AskApache · 2010-10-30 11:23:52 0
  • Encrypted archive with openssl and tar

    The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL "That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:" openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar Show Sample Output


    3
    openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3
    berot3 · 2009-10-03 03:50:46 2
  • Quickly Encrypt a file with gnupg and email it with mailx

    This is a quick and easy way of encrypting files in a datastream, without ever really creating an output file from gpg. Useful with cron also, when file(s) have to be sent based on a set schedule.


    3
    cat private-file | gpg2 --encrypt --armor --recipient "Disposable Key" | mailx -s "Email Subject" user@email.com
    slashdot · 2009-10-19 20:38:37 0
  • Mount/unmount your truecrypted file containers

    This should automatically mount it to /media/truecrypt1. Further mounts will go to /media/truecrypt2, and so on. You shouldn't need sudo/su if your permissions are right. I alias tru='truecrypt' since tr and true are commands. To explicitly create a mount point do: tru volume.tc /media/foo To make sure an GUI explorer window (nautilus, et al) opens on the mounted volume, add: --explorer To see what you currently have mounted do: tru -l To dismount a volume do: tru -d volume.tc. To dismount all mounted volumes at once do: tru -d Tested with Truecrypt v6.3a / Ubuntu 9.10


    2
    truecrypt volume.tc
    rkulla · 2010-04-14 18:34:09 0
  • Create named LUKS encrypted volume

    You need to be root to do this. So check the command before running it. You enter the same password for Enter LUKS passphrase: Verify passphrase: Enter passphrase for /dev/loopn: ___ You can then copy the .img file to somewhere else. Loop it it with losetup -f IMAGENAME.img and then mount it with a file manager (eg nemo) or run mount /dev/loopn /media/mountfolder Acts similar to a mounted flash drive Show Sample Output


    2
    edrv() { N=${1:-edrv}; truncate -s ${2:-256m} $N.img && L=$(losetup -f) && losetup $L $N.img && cryptsetup luksFormat --batch-mode $L && cryptsetup luksOpen $L $N && mkfs.vfat /dev/mapper/$N -n $N; cryptsetup luksClose $N; echo losetup -d $L to unmount; }
    snipertyler · 2014-02-24 01:38:21 3
  • happened to find this not bad software to keep my files and folders safe! Even the free trial version has the fantastic functions to protect any private files from being seen by anyone except me. With it I can encrypt, hide or lock anything I want, amazin

    I noticed some spammer posted an advertisement here for "not bad" encryption. Unfortunately, their software only runs under Microsoft Windows and fails to work from the commandline. My shell script improves upon those two aspects, with no loss in security, using the exact same "military-grade" encryption technology, which has the ultra-cool codename "ROT-13". For extra security, I recommend running ROT-13 twice. Show Sample Output


    1
    tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
    hackerb9 · 2010-04-30 10:07:27 1
  • Quickly generate an MD5 hash for a text string using OpenSSL

    Here Strings / A variant of here documents, the format is: (from bash manpage)


    1
    md5sum<<<'text to be encrypted'
    waldvogel · 2012-02-14 19:57:52 0
  • Quickly generate an MD5 hash for a text string using OpenSSL


    1
    echo -n 'the_password' | md5sum -
    jfreak53 · 2012-06-04 13:18:33 0
  • AES file encryption with openssl

    To decrypt: openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txt.new Reference: http://tombuntu.com/index.php/2007/12/12/simple-file-encryption-with-openssl Optional parameter -a makes output base64 encoded, can be viewed in text editor or pasted in email


    1
    openssl aes-256-cbc -salt -in secrets.txt -out secrets.txt.enc
    jrdbz · 2013-04-13 19:33:37 0
  • Bash scripts encryption and passphrase-protection

    This function will encrypt a bash script and will only execute it after providing the passphrase. Requires mcrypt to be installed on the system. Show Sample Output


    1
    scrypt(){ [ -n "$1" ]&&{ echo '. <(echo "$(tail -n+2 $0|base64 -d|mcrypt -dq)"); exit;'>$1.scrypt;cat $1|mcrypt|base64 >>$1.scrypt;chmod +x $1.scrypt;};}
    rodolfoap · 2017-06-14 16:27:20 2
  • Safely store your gpg key passphrase.

    From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/. What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no? You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com. Show Sample Output


    0
    pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"
    denzuko · 2009-05-07 14:49:56 0
  • Encrypt directory with GnuPG and tar

    Decrypt with: gpg -o- foo.tgz.gpg | tar zxvf -


    0
    tar zcf - foo | gpg -c --cipher-algo aes256 -o foo.tgz.gpg
    skkzsh · 2013-03-13 09:44:39 0
  • create compressed encrypted backup

    Create compressed, encrypted backup from $source to $targetfile with password $key and exclude-file $excludefile


    0
    tar --exclude-from=$excludefile -zcvp "$source" | openssl aes-128-cbc -salt -out $targetfile -k $key
    klausman · 2013-12-13 19:35:20 0
  • Use php and md5 to generate a password

    echo defaults to include a newline character at the end of the string, which messes with the hash. If you suppress it with -n then it has the same effect as PHP's ?echo md5("string"), "\t-";? Even more, by using cut you get the exact same output, so it works as a drop-in replacement for the original command for this thread. Show Sample Output


    0
    echo -n "string" | md5sum|cut -f 1 -d " "
    labadf · 2014-02-20 22:44:00 0
  •  1 2 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Change the From: address on the fly for email sent from the command-line
It's very common to have cron jobs that send emails as their output, but the From: address is whatever account the cron job is running under, which is often not the address you want replies to go to. Here's a way to change the From: address right on the command line. What's happening here is that the "--" separates the options to the mail client from options for the sendmail backend. So the -f and -F get passed through to sendmail and interpreted there. This works on even on a system where postfix is the active mailer - looks like postfix supports the same options. I think it's possible to customize the From: address using mutt as a command line mailer also, but most servers don't have mutt preinstalled.

dd with progress bar and remaining time displayed

Validate all XML files in the current directory and below
If everything validates, there's no output. Can be handy to run on a cron job set up to email output.

Rename files to be all in CAPITALS
Simple bash/ksh/sh command to rename all files from lower to upper case. If you want to do other stuff you can change the tr command to a sed or awk... and/or change mv to cp....

du disk top 10
fancy command line ncdu clone

Counts number of lines (in source code excluding comments)
I took java to make the find command simpler and to state that it works for any language supported by cpp. cpp is the C/C++ preprocessor (interprets macros, removes comments, inserts includes, resolves trigraphs). The -fpreprocessor option tells cpp to assume the input has already been preprocessed so it will only replace comment lines with blank lines. The -L 1 option tells xargs to launch one process for each line, indeed cpp can only process one file at the time...

Indent all the files in a project using emacs
use -iname \*[.ch] instead of -iname \*.c -o -iname \*.h

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

backup your history
simple and easy backup your history with timestamp

Get your commandlinefu points (upvotes - downvotes)
This will calculate the your commandlinefu votes (upvotes - downvotes). Hopefully this will boost my commandlinefu points.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: