I want to automate the following manual process.
Currently, I am encryptying a set of files using openssl as follows:
Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in
file1 -out file1.enc
I am then prompted for a password, which is then used to encrypt the file
When decrypting, I type
$ openssl enc -d -aes-256-cbc -in
file1.enc -out file
I am then prompted for the password – which again, I manually type.
I want to automate this process of en/decryption – so I need to find a way of providing openssh with the password.
My first thought is whether it is possible to read the password from a file (say)? Or is there a better way of doing this?
Also, I suppose that I will have to place restriction on who can view the password file – otherwise, that defeats the whole objective of using a password. I am thinking to run the bash script as a specific user, and then give only that user read rights to the contents of that file.
Is this the way its done – or is there a better way?
Ofcourse all of this leads to yet another question – which is, how to run a bash script as another user – without having to type the user pwd at the terminal…?
BTW, I am running on Linux Ubuntu 10.0.4
Best Answer
reading
man openssl
(especially the section PASS PHRASE ARGUMENTS):openssl enc
accepts-pass <arg>
... so, pick your arg from the list given above. eg: