{"id":544,"date":"2014-08-24T19:44:28","date_gmt":"2014-08-25T01:44:28","guid":{"rendered":"http:\/\/rrbits.com\/epb\/?p=544"},"modified":"2014-08-24T19:46:58","modified_gmt":"2014-08-25T01:46:58","slug":"script-encrypt","status":"publish","type":"post","link":"https:\/\/rrbits.com\/epb\/2014\/08\/24\/script-encrypt\/","title":{"rendered":"Script Encrypt"},"content":{"rendered":"

Have you ever wanted to encrypt a script so that it could only be run with the correct password?\u00a0 Chances are… probably not.\u00a0 However, in the off chance that you have, and your script is perfectly happy being piped through it’s interpreter (* See note below), then this script might work for you.\u00a0 I make no guarantees or claims about how secure it might be, and it requires openssl to be installed to work. You can view the code or download it yourself at my BitBucket repo for Script Encrypt<\/a>.<\/p>\n

How does it work?<\/h2>\n

Basically, it takes openssl base64 output and appends it to the end of a stub script that’s charged with collecting the password and piping the decrypted script to the script’s interpreter.\u00a0 I’ve even set up encrypted PHP command-line scripts this way.<\/p>\n

Example<\/h2>\n

Input Script, a very simple script that takes one argument and makes a plasma image:<\/p>\n

#!\/bin\/bash\r\nconvert -size 128x128\u00a0 plasma:steelblue-steelblue $1<\/pre>\n
Output Script, with encrypted data truncated a bit.:<\/p>\n
#!\/bin\/bash\r\necho -n \"Password: \"\r\nread -s PASS_19662\r\necho\r\nexport PASS_19662\r\ntail -n 2 $0 | openssl enc -d -aes-256-cbc -base64 -pass env:PASS_19662 > \/dev\/null #check password.\r\nif [ $? -eq \"0\" ]; then tail -n 2 $0 |\u00a0\u00a0 openssl enc -d -aes-256-cbc -base64 -pass env:PASS_19662 | PASS_19662=\"\" \/bin\/bash$\r\nexit;\r\nU2FsdGVkX1+4pTSupNtaS+oS+0S3UFdKM3w...\r\nloB\/O3T0OhJ7vgOTsHK1pxg\/CeDl574rfLY...<\/pre>\n
* Note: That is, you don’t pipe anything from itself, and you don’t use $0 for anything real important.<\/p>\n","protected":false},"excerpt":{"rendered":"
Have you ever wanted to encrypt a script so that it could only be run with the correct password?\u00a0 Chances are… probably not.\u00a0 However, in the off chance that you have, and your script is perfectly happy being piped through it’s interpreter (* See note below), then this script might work for you.\u00a0 I make…  Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":545,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42,3999],"tags":[4256,4009,4255],"class_list":["post-544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-programming","tag-bash","tag-encryption","tag-shell"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/posts\/544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/comments?post=544"}],"version-history":[{"count":4,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/posts\/544\/revisions"}],"predecessor-version":[{"id":549,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/posts\/544\/revisions\/549"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/media\/545"}],"wp:attachment":[{"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/media?parent=544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/categories?post=544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rrbits.com\/epb\/wp-json\/wp\/v2\/tags?post=544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}