2

I'm trying to create a scripted method for encrypting files, i'm trying to get this to perform the following actions:

Do a MD5 checksum against the file we're encrypting, strip just the MD5 value and put it into a variable,

Ask the user for a password, (Wish I could use the openssl input method for password instead of having to use input from bash, seems less secure if it's printing out to the terminal) but I'm not sure how to go about this, is there a valid secure way of doing this?

Anyhow, take that password, add in a # then the md5 sum after, IE: passhere#md5sumoforiginalfile

In a perfect world, it would tar.gz the file first and perform the encryption against the compressed archive.

This is where i'm sort of stumped, I'm having issues printing the md5 and incorporating the md5 hash into the password, also don't feel right doing the input the way it is, is there a better way of doing this?

Thanks in advance all!

Here's the function (originally grabbed from another script off the web by author: Matt Reid)

function encrypt() {
filein="$1"
fileout="$2"

if [ "$filein" = "no" ]; then
    echo -n "No input file specified, what file are we encrypting: "
    read filein
fi

if [ -r "$filein" ]; then
    if [ "$fileout" = "no" ]; then
        fileout="$filein.aes256"
    fi
    if [ -f "$fileout" ]; then
        echo "Output file exists already, encrypting will overwrite this file."
        echo -n "Do you want to encrypt anyway? [Y/n]: "
        read choice
        if [ "$choice" = "Y" ] || [ "$choice" = "y" ] || [ "$choice" = "" ]; then
    openssl enc -aes-256-cbc -a -salt -in $filein -out $fileout
            generate_digests $filein $fileout
            sdelete $filein
            exit 0;
        else 
            exit 2;
        fi      
    else
    filemd5=$(openssl dgst -md5 $filein | cut -d '  ' -f 1)
    echo "Please enter password: "
        read passvar
    openssl enc -aes-256-cbc -a -salt -out $fileout -k ${passvar}#${filemd5}
        generate_digests $filein $fileout
        sdelete $filein
        exit 0;
    fi
else
    echo "Input file does not exist or is not readable. You're attempting to encrypt file: '$filein'"
    exit 1;
fi
}

EDIT: Ok, I was able to get this working (minus the tar portion), but my question remains, is there a way to change this so I can use the hidden input from openssl enc for the password and some how modify the entered password by appending the #md5sumhere ? Not quite sure how to go about that.

Thanks again.

Improve this question

1 Answer 1

Reset to default
3

I'd use a hashed password instead of a plaintext one:

salt="astringtobeusedassalt"
hashedpassword=`openssl passwd -salt $salt`
echo $hashedpassword
finalpassword="$hashedpassword""#""$filemd5" # $filemd5 variable from your script

As a side note: please use sha1 or above when computing digests (sha256 is even more desirable)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Avio, excellent idea, I didn't consider doing that. I shall make this addition.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.