We help IT Professionals succeed at work.

How can I encrypt a file using shell script?

IT_ETL
IT_ETL asked
on
2,971 Views
Last Modified: 2012-06-27
How can I encrypt a file before sftp'ing it. I am creating a text file
and I want to encrypt that file with same name and sftp it
to a remote server. I am using shell script to create text file then sftp'ing this file.
Somewhere in the shell script I like to encrypt this file before sftp'ing it to remote
server. Please advise.
Comment
Watch Question

Commented:
There are many ways to encrypt a file, which one is the best for you depends on what key(s) or password you want to use to to encrypte and decrypt the file.

If you are encrypting and sftp'ing the file for backup purposes, you could use GPG (http://www.madboa.com/geek/gpg-quickstart/)
 1) Generate encryption keys and assign it a passphrase
 2) Store a copy of your private key in a safe place and make sure you don't forget the passphrase.
 3) Use your public key to encrypt the file before upload. This operation will not require the passphase.
When necessary, you can decrypt the file using the private key and the passphrase.

If you are encrypting the file and transferring it to another person you can use the same approach, but ask your correspondent to provide you with the public key. Alternatively, you can encrypt the file with a password (fixed or automaticly generated using 'pwgen') with same gpg, or zip, or 7zip, depending on what formats your correspondent supports.

Author

Commented:
Could you provide a example that can be used in a shell script?

Commented:
You don't specify what you need to do, I have provided two possible options in the previous comment.

If you are doing a backup, use GPG to generate a key (need to do it once, not in the script):
           gpg --gen-key

In the script use the following command:
           gpg --encrypt --recipient YOURNAME MYFILE

The encrypted file will appear as MYFILE.gpg. In the above command replace YOURNAME with the name you have provided during key generation step. (You can list your current keys with 'gpg -K' command).

Commented:
If you don't need public key and don't mind having the passphrase on the command line...

$ cat test
Hello
Hi
$ gpg --no-tty --batch --passphrase 'your password' --symmetric test && scp test.gpg yottagray:/encrypted
test.gpg                                                                                                     100%   52     0.1KB/s   00:00    
$ ssh yottagray cat /encrypted | gpg --no-tty --batch --passphrase 'your password' --decrypt - 2>/dev/null
Hello
Hi

Open in new window

Commented:
for use in a shell script (you can use public key or symmetric it doesn't matter):
if gpg --no-tty --batch --passphrase 'your password' --symmetric test; then
	 scp test.gpg user@yourhost:/where
else
	echo "Encryption failed. Probably because you did this before and test.gpg already exists."
	echo "Consider not using scp at all and simply piping the results of gpg"
	echo "to stdout to an ssh connection"
fi

Open in new window

Commented:
In fact i'll prove an example of that too for you.
$ cat test
Hello
Hi
$ gpg --no-tty --batch --passphrase 'your password' --symmetric --output - test | ssh yottagray 'cat >/foo'
$ ssh yottagray cat /foo | gpg --no-tty --batch --passphrase 'your password' --decrypt - 2>/dev/null
Hello
Hi
$

Open in new window

Author

Commented:
I already got the public key and password. How do I setup the config file as well as other files using this public key and password in my local directory. I believe once everything is set then I can just add few lines of code to encrypt the file then sftp this file to remote server. Examle of codes are below. Please suggest how do I accomplish above two steps.

gpg --default-recipient $GPG_REC --encrypt $outputFile
cd $KSH_LOCAL_DIR
SFTP put $KSH_HOST $KSH_HOST_DIR $outputFile

Commented:
Your gpg commands are correct. Please note that it will not encrypt file in place, but create a new file with .gpg suffix. In the related topic (https://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Q_26476181.html#a33698966) I have asked you to provide more info about 'SFTP' command you are using.

Commented:
You don't need to SCP it at all you can directly create the encrypted file over the ssh connection, essentially "SCP" it at once with the command I showed you above. Now I know more about your environment and requirements, the exact command would be:

cd $KSH_LOCAL_DIR
gpg --no-tty --batch --default-recipient $GPG_REC --encrypt $outputFile --output - $THE_FILE_YOU_ARE_ENCRYPTING | ssh $KSH_HOST "cat >$KSH_HOST_DIR/$outputFile"

Commented:
This will only work of cause if you have no passphrase on your ssh key. If you do, you have to re-add the --passphrase 'YOUR PASSWORD' command above before the | or a variant such as:

--passphrase-file /path/to/file/with/password/int

Commented:
If you insist on making a file locally to SCP, all the above applies except remove

--output -

And everything after and including the |

Author

Commented:
I need little more help. I have done following. I have imported public key (cm-pubkey.asc) into local directory using following command at the prompt

$gpg --import < cm-pubkey.asc

I do see above publice key at following location /home/local_dir/.gnupg/pubring.gpg

Now in a shell script I am gpg'ing this file then SFTP'ing this file to remote server using below code

cd $KSH_LOCAL_DIR
gpg --default-recipient $GPG_REC --encrypt $outputFile
SFTP put $KSH_HOST $KSH_HOST_DIR $outputFile

How do I use public key (cm-pubkey.asc) that was imported to local directory to gpg above file ($outputFile) or am I using this public key to gpg above file? There might be more than one key in local directory. How do I write a code so that only public key (cm-pubkey.asc) will be used to gpg this file ($outputFile) ? Please suggest......

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
This resolves problem
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.