HPE Community
Operating System - HP-UX
1819928 Members
3366 Online
109607 Solutions
New Discussion юеВ

Encrypt and Decrypt user defined password file.

 
Chris Fung
Frequent Advisor

тАО06-18-2003 06:14 PM

тАО06-18-2003 06:14 PM

Encrypt and Decrypt user defined password file.

Hi there,

Our site have lots of automated ftp jobs and those ftp script need the input of user id and password. The userid and password are stored in a plain text file.

However, we got a requirement to encrypt this password file in the system......I am just wondering if there is any available source code / samples that I can make use for our situation ??

Besides, I found there is a "encrypt / decrypt" subroutine man page in the system....is that I can make use of them to accomplish my task ?

Cheers,

Chris,
0 Kudos
Reply
3 REPLIES 3
twang
Honored Contributor

тАО06-18-2003 06:29 PM

тАО06-18-2003 06:29 PM

Re: Encrypt and Decrypt user defined password file.

Use the attached "hide" to execuate command, syntax is as follows:
# hide echo hello
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО06-18-2003 06:33 PM

тАО06-18-2003 06:33 PM

Re: Encrypt and Decrypt user defined password file.

Hi Chris,

The best way is to use ssh (either openssh or HP's ssh). You can convert all your automated ftp jobs to use scp. You will need to setup public/private key authorization. It may sound tricky initially but it is very easy to get it going.

Just by keeping the password file encrypted in the system, you are accomplishing not much. Any network sniffer on your wire can find out the passwords and other sensitive information as they are sent in clear text.

Even if you use 'crypt' command, it will still require the password. Following is the basic usage of crypt.

crypt < your_file.txt > encrypted_file.txt
Enter Key:xxxxxx

crypt < encrypted_file.txt > your_file.txt
Enter Key:xxxxxx

The best you can do is to keep one password for all the encryptions. Write a wrapper script that takes the key, decrypts the files, runs the ftp jobs and then prompts for the key and encrypts the files back. Something like this

echo "Starting to decrypt:"
crypt < encfile.txt > file.txt
(Put all your batch jobs here)
echo "Starting to encrypt:"
crypt < file.txt > encfile.txt
rm file.txt


But your best bet is to use ssh.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Chris Fung
Frequent Advisor

тАО06-18-2003 07:08 PM

тАО06-18-2003 07:08 PM

Re: Encrypt and Decrypt user defined password file.

Thanks for your promptly reply !!

Sri : I did thinking of using OpenSSH. However, there is still some points I need to figure out.

1. We have different platforms (HP, AIX, NCR, Tandem, AS/400, Windows familes...etc...) I am just wondering the SSH can support all thest clients (particularly for Tandam and AS/400)

2. The deployment of SSH. All servers and clients will have the SSH installed and therefore it may require considerable effort. Also, we may have to think about the patching and upgrade issue.

3. Dealing with 3rd party vendors. Since some of the services and application are supported by third party vendors and we are not sure and probably have difficulties align with them to use other services / utilities to replace their currently working ftp jobs. (sometime it is quite political)

Besides, our security strategy is to deploy PKI a few year later...

And that's why I am strike for a short term solution (encrypt the password file) at this moment. Because, the global standard is not yet been identified.

Any comments ?

Cheers,

Chris,
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.