Solved

How can I encrypt a file using shell script?

Posted on 2010-09-15
14
876 Views
Last Modified: 2012-06-27
How can I encrypt a file before sftp'ing it. I am creating a text file
and I want to encrypt that file with same name and sftp it
to a remote server. I am using shell script to create text file then sftp'ing this file.
Somewhere in the shell script I like to encrypt this file before sftp'ing it to remote
server. Please advise.
0
Comment
Question by:IT_ETL
  • 7
  • 4
  • 3
14 Comments
 
LVL 3

Expert Comment

by:gremwell
Comment Utility
There are many ways to encrypt a file, which one is the best for you depends on what key(s) or password you want to use to to encrypte and decrypt the file.

If you are encrypting and sftp'ing the file for backup purposes, you could use GPG (http://www.madboa.com/geek/gpg-quickstart/)
 1) Generate encryption keys and assign it a passphrase
 2) Store a copy of your private key in a safe place and make sure you don't forget the passphrase.
 3) Use your public key to encrypt the file before upload. This operation will not require the passphase.
When necessary, you can decrypt the file using the private key and the passphrase.

If you are encrypting the file and transferring it to another person you can use the same approach, but ask your correspondent to provide you with the public key. Alternatively, you can encrypt the file with a password (fixed or automaticly generated using 'pwgen') with same gpg, or zip, or 7zip, depending on what formats your correspondent supports.
0
 

Author Comment

by:IT_ETL
Comment Utility
Could you provide a example that can be used in a shell script?
0
 
LVL 3

Expert Comment

by:gremwell
Comment Utility
You don't specify what you need to do, I have provided two possible options in the previous comment.

If you are doing a backup, use GPG to generate a key (need to do it once, not in the script):
           gpg --gen-key

In the script use the following command:
           gpg --encrypt --recipient YOURNAME MYFILE

The encrypted file will appear as MYFILE.gpg. In the above command replace YOURNAME with the name you have provided during key generation step. (You can list your current keys with 'gpg -K' command).
0
 
LVL 3

Expert Comment

by:T1750
Comment Utility
If you don't need public key and don't mind having the passphrase on the command line...

$ cat test
Hello
Hi
$ gpg --no-tty --batch --passphrase 'your password' --symmetric test && scp test.gpg yottagray:/encrypted
test.gpg                                                                                                     100%   52     0.1KB/s   00:00    
$ ssh yottagray cat /encrypted | gpg --no-tty --batch --passphrase 'your password' --decrypt - 2>/dev/null
Hello
Hi

Open in new window

0
 
LVL 3

Expert Comment

by:T1750
Comment Utility
for use in a shell script (you can use public key or symmetric it doesn't matter):
if gpg --no-tty --batch --passphrase 'your password' --symmetric test; then
	 scp test.gpg user@yourhost:/where
else
	echo "Encryption failed. Probably because you did this before and test.gpg already exists."
	echo "Consider not using scp at all and simply piping the results of gpg"
	echo "to stdout to an ssh connection"
fi

Open in new window

0
 
LVL 3

Expert Comment

by:T1750
Comment Utility
In fact i'll prove an example of that too for you.
$ cat test
Hello
Hi
$ gpg --no-tty --batch --passphrase 'your password' --symmetric --output - test | ssh yottagray 'cat >/foo'
$ ssh yottagray cat /foo | gpg --no-tty --batch --passphrase 'your password' --decrypt - 2>/dev/null
Hello
Hi
$

Open in new window

0
 

Author Comment

by:IT_ETL
Comment Utility
I already got the public key and password. How do I setup the config file as well as other files using this public key and password in my local directory. I believe once everything is set then I can just add few lines of code to encrypt the file then sftp this file to remote server. Examle of codes are below. Please suggest how do I accomplish above two steps.

gpg --default-recipient $GPG_REC --encrypt $outputFile
cd $KSH_LOCAL_DIR
SFTP put $KSH_HOST $KSH_HOST_DIR $outputFile
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 3

Expert Comment

by:gremwell
Comment Utility
Your gpg commands are correct. Please note that it will not encrypt file in place, but create a new file with .gpg suffix. In the related topic (http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Q_26476181.html#a33698966) I have asked you to provide more info about 'SFTP' command you are using.
0
 
LVL 3

Expert Comment

by:T1750
Comment Utility
You don't need to SCP it at all you can directly create the encrypted file over the ssh connection, essentially "SCP" it at once with the command I showed you above. Now I know more about your environment and requirements, the exact command would be:

cd $KSH_LOCAL_DIR
gpg --no-tty --batch --default-recipient $GPG_REC --encrypt $outputFile --output - $THE_FILE_YOU_ARE_ENCRYPTING | ssh $KSH_HOST "cat >$KSH_HOST_DIR/$outputFile"
0
 
LVL 3

Expert Comment

by:T1750
Comment Utility
This will only work of cause if you have no passphrase on your ssh key. If you do, you have to re-add the --passphrase 'YOUR PASSWORD' command above before the | or a variant such as:

--passphrase-file /path/to/file/with/password/int
0
 
LVL 3

Expert Comment

by:T1750
Comment Utility
If you insist on making a file locally to SCP, all the above applies except remove

--output -

And everything after and including the |
0
 

Author Comment

by:IT_ETL
Comment Utility
I need little more help. I have done following. I have imported public key (cm-pubkey.asc) into local directory using following command at the prompt

$gpg --import < cm-pubkey.asc

I do see above publice key at following location /home/local_dir/.gnupg/pubring.gpg

Now in a shell script I am gpg'ing this file then SFTP'ing this file to remote server using below code

cd $KSH_LOCAL_DIR
gpg --default-recipient $GPG_REC --encrypt $outputFile
SFTP put $KSH_HOST $KSH_HOST_DIR $outputFile

How do I use public key (cm-pubkey.asc) that was imported to local directory to gpg above file ($outputFile) or am I using this public key to gpg above file? There might be more than one key in local directory. How do I write a code so that only public key (cm-pubkey.asc) will be used to gpg this file ($outputFile) ? Please suggest......

0
 
LVL 3

Accepted Solution

by:
T1750 earned 500 total points
Comment Utility
Execute at the CLI

gpg --list-keys

You will see a list That looks something like this:


/home/local_dir/.gnupg/pubring.gpg
----------------------------
pub   2048R/DEADBEEF 2010-01-01
uid                  T1570
sub   2048R/FEEBDAED 2010-01-01

pub   2048R/ABCDEF12 2010-01-01
uid                  Data Encryption Key
sub   2048R/3456789A 2010-01-01

The line you are interested in are the ones that start with pub, you want the key id which is what appears after the /, in the above example the public key id for T1570 is DEADBEEF (2048R/DEADBEEF).

The gpg command you use is:

gpg --recipient DEADBEEF --encrypt $outputFile

So what you want to do is change --default-recipient to --recipient  and set $GPG_REC wherever you set that to the key id you selected from the list.
0
 

Author Closing Comment

by:IT_ETL
Comment Utility
This resolves problem
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This Windows batch file is useful for organizing image files from a digital camera or other source, but can have many other uses.  It simply renames the file(s) to match their create date.  For example, if you took a picture today at 1:40pm and the …
Recently, an awarded photographer, Selina De Maeyer (http://www.selinademaeyer.com/), completed a photo shoot of a beautiful event (http://www.sintjacobantwerpen.be/verslag-en-fotoreportage-van-de-sacramentsprocessie-door-antwerpen#thumbnails) in An…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now