Can I encrypt a username password combo before using it with cURL?

encoding shell-script authentication curl base64
6,816

Solution 1

No.

Well, technically you could pass the raw Authorization header using --header. But the usefulness of that would be exactly zero. Base64 is only an encoding used to avoid corruption of binary data, but it does not hide anything – it can be reversed in moments, such as by using the base64 command, by anyone reading your script.

In other words, even if you do this, the password will still be in plain text.

Solution 2

You could have the script read the password from a file. You can ensure the script is run with an effective userid that gives it read access to that file and set permissions so that no one else does.

You may have to jump through some hoops to be able to use setuid, which would mean that users who can read and execute the script could not read the password file. Unix.stackexchange has a good answer on this subject. In your case, don't elevate effective UID to root, just use an ordinary ID created for this purpose only (e.g. script runs as wally, wally owns password.txt (r--------) wally has no special priviliges but those needed to write logs or output files to be shared with others)

Share:
6,816
Greg Guida
Author by

Greg Guida

Updated on September 18, 2022

Comments

  • Greg Guida
    Greg Guida over 1 year

    I'm making a shell script that reached out to a web service with basic auth. I don't want to have to put in my username and password every time the script runs, but I also don't want to have the combo in plain text inside the script. I know the username and password get base64 encoded before they're sent across the network. Is there any way I could encode it beforehand and include that in the shell script?

  • Greg Guida
    Greg Guida about 12 years
    Thanks for clearing that up but, do you have any suggestions on how I could 1)not enter the pw every time and 2)not store it in plain text or base64?
  • user1686
    user1686 about 12 years
    Read it from an external file, and keep that file on an encrypted filesystem. For example, curl has a --netrc option to read from ~/.netrc, or you could use the shell abilities to read from anywhere. (eCryptFS makes it very easy to set up an encrypted ~/Private/ directory.) Alternatively, if you use GNOME or KDE or Windows or Mac OS X, it's possible to use the "keyring" function in them.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to decode an encoded excel file using python
How do I shorten a base64 string?
Can't Set "Host:" Header with CURL Request
How to base64 encode an image using python
Python base64 encoding a list
Base64 decoding gives different result
JavaMail base64 encoding
Curl fails on sftp password authentication
C# base64 encoding/decoding with serialization of objects issue
Base62 hash of a string