bash 加密/解密存储在配置文件中的密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3501087/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
encrypting/decrypting password stored in config file
提问by AnC
I have a simple Bash script automating tasks which require password-based authentication. Currently I store the credentials in plain text:
我有一个简单的 Bash 脚本自动化需要基于密码的身份验证的任务。目前我以纯文本形式存储凭据:
$ cat ~/.myconfig
username=foo
password=bar
Obviously that's bad - so I wonder whether there's a simple way to encrypt/decrypt the password using my public/private key pair. Using Yet Another Password for the encryption wouldn't gain much, so I want it to happen pretty much automatically.
显然这很糟糕 - 所以我想知道是否有一种简单的方法可以使用我的公钥/私钥对加密/解密密码。使用另一个密码进行加密不会有太多好处,所以我希望它几乎自动发生。
I've done some research (around here and elsewhere), but am way out of my depth on this one...
我已经做了一些研究(在这里和其他地方),但是我对这个研究的深度不够......
采纳答案by Sky
You can store password into md5 sum, add some salt before.
可以把密码存入md5 sum,之前加点盐。
create:
创建:
\#!/bin/bash
salt=12345_
protocol=sha1sum
read -p "Enter login: " username
read -p -s "Password: " pass1
read -p -s "Repeat: pass2
if [ "pass1 != pass2" ]; then echo "Pass missmatch"; exit 1; else password=pass1; fi
echo -en "$username " >> ./mypasswd
echo -e "${salt}${password} | $protocol | awk '{print }'" >> ./mypqsswd
read:
读:
\#!/bin/bash
salt=12345_ #(samesalt)
protocol=sha1sum
read -p "Enter username: " username
read -p -s "Enter password: " password
if [ `grep $username ./mypasswd | awk '{print }' != `echo -e "`echo ${salt}${password} | $protocol | awk '{print }'`" ]; then echo -e "wrong username or password"; exit 127; else echo -e "login successfull"; fi
There's your code.
有你的代码。
回答by pavel
To automate your task means providing the password; it won't make a difference is you encrypt/obfuscate the password, you'll need to provide the decrypting too.
The only way around this dilemma is an agent-like program, as for example ssh-agent, which stores your passwords for you.
自动化您的任务意味着提供密码;加密/混淆密码不会有什么不同,您也需要提供解密。
解决这个困境的唯一方法是类似代理的程序,例如ssh-agent,它为您存储密码。
(edit: corrected link)
(编辑:更正链接)
回答by PaulJWilliams
If you simply want to hide the password then store its SHA1 hash. The compare the hash of the entered password with your stored hash.
如果您只是想隐藏密码,则存储其 SHA1 哈希值。将输入的密码的哈希值与您存储的哈希值进行比较。
