I have the need to encrypt/decrypt a one word string. The encrypted word
will be saved in a file.
Later the word will be picked-up from the file, decrypt it at execution
time, and use it as a UNIX password to perform certain function that
requires authentication.
What Ruby facility is available for this simple function?
El Jueves, 5 de Febrero de 2009, Ruby S. escribió:
Hello Team,
I have the need to encrypt/decrypt a one word string. The encrypted word
will be saved in a file.
Later the word will be picked-up from the file, decrypt it at execution
time, and use it as a UNIX password to perform certain function that
requires authentication.
What Ruby facility is available for this simple function?
The problem is:
Even if the UNIX password is encrypted by the Ruby programm, if an
attacker
can see the Ruby code it can know how to decrypt it.
I have the need to encrypt/decrypt a one word string. The encrypted word
will be saved in a file.
Later the word will be picked-up from the file, decrypt it at execution
time, and use it as a UNIX password to perform certain function that
requires authentication.
What Ruby facility is available for this simple function?
Rotate the password in the file. Remember the rotation level. And
then…
What Ruby facility is available for this simple function?
The problem is:
Even if the UNIX password is encrypted by the Ruby programm, if an attacker
can see the Ruby code it can know how to decrypt it.
You are correct. However, we are behind several firewalls.
Also, the file with the encripted password will be place within a “secured”
dir.
Well… I’d rather do something different: set up ssh with ssh-agent
so that you can do automated logins. Not sure whether that works with
Ruby’s Net::SSH but you can fork a SSH shell via system or IO.popen.
Of course, in this scenario someone has to enter the passphrase
once…
Actually Robert, your idea might work. Let me give you the background:
We have two AIX (IBM flavor of UNIX) servers, s1 and s2 for argument
sake.
s1 is an application server, while s2 is a DB2 server.
There is an SQL utility on s2 which we need to trigger (run), and which
execution will be initiated on s1 via ssh.
The Ruby utility running on s1 will eventually receive a return code
from
the SQL utility running on s2 and will take appropriate action based on
the
RC.
Now, to execute the SQL utility in the DB2 server, one has to use a
userid/pw which exists on DB2.
We want to encrypt the pw once, which a user will entered, and save it
in a
file.
The Ruby utility will read that file and at execution time decipher the
pw
and send the request.
We don’t want to place an un-encrypted pw in a file, which is why I
wanted a
cypher/decipher utility.
I found that crypt is one way encryption utility. In other words, I can
cypher but can’t decipher with it.
Or at the other extreme use OpenSSL. You’ll find RSA and DSA examples
in most of the presentations linked in my sig.
To be honest though, unless it’s a long word you’re encrypting you
probably shouldn’t worry about it.