topic Re: encrypting shell file in Operating System - HP-UX

encrypting shell file

andi_1 — Wed, 19 Jun 2002 17:30:40 GMT

Hi guys,

I wrote a shell script that will be shipped over to our customers. If there any way to encrypt the file so customers won't be able to see its contents. The script still must be executable?

Thanks a lot!

Re: encrypting shell file

steven Burgess_2 — Wed, 19 Jun 2002 17:41:18 GMT

Andy

There is something called crypt - I have not used this so not sure exactly how it works

man crypt

for more info

Regards

Steve

Re: encrypting shell file

Rodney Hills — Wed, 19 Jun 2002 17:46:12 GMT

Generally speaking if the users have "root" access on their machine, they can look at anything. And to run a script (even an encrypted one) it must be put into plain text at some point. A knowledgable SA could determine it's contents pretty easily.

If secrecy is an issue, then create a "c" program and send only the executable.

-- Rod Hills

Re: encrypting shell file

steven Burgess_2 — Wed, 19 Jun 2002 17:49:09 GMT

Andi

It appears as though crypt is used when sending mail - the receiver having to decrypt before reading

Below post for more

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x28747bb04b5cd611abdb0090277a778c,00.html

As per Rodney's comments - If the users have root access to there systems - they can do anything - you also need read access to be able to execute

Steve

Re: encrypting shell file

Arockia Jegan — Wed, 19 Jun 2002 18:03:54 GMT

Hi,

You can use the crypt command to encrypt the data.

Or you can use the utility called PGP(Pretty Good Privacy) to encrypt/decrypt data. You need to download that from

http://www.pgpi.org/products/pgp/versions/freeware/unix/

After installing the utility create the public/private key. U should have the public key of the recipients. So that you can encrypt the data by using their ID(get it from their public key) and send the encrypted data to the recipients. They can decrypt the data/file by using their secret key(private key)/pass phrase. If u want more details on this I can send it to you.

Re: encrypting shell file

A. Clay Stephenson — Wed, 19 Jun 2002 18:11:33 GMT

In essence, the answer is no as long as the customer has root access. If you want a secure solution, I suggest that you look into a product called 'Shell-lock' from these guys:
http://www.cactus.com/
It's not free but it's not terribly expensive either. It converts your shell script into a standalone executable.

If you had chosen Perl, I would have an answer for you. You could use the Filter module with a custom encrypt/decrypt routine. You could put in a few lines of plainttext in your script. (Copyrights, Version Numbers, ....) and then everything after the use Filter statement is encrypted data but is still executable.

Re: encrypting shell file

Patrick Wallek — Wed, 19 Jun 2002 18:12:48 GMT

If I read your question correctly, you want to encrypt the script, but have so that it is still executable on your customers system. Is that correct?

If so, I know of no way to do this. Some options you have are to rewrite the script in C, and compile it. I believe PERL also has options to compile programs as well. That could also be an option.