I recall when I was using ColdFusion years ago that you could encrypt CF scripts to protect the code and CF could still execute them.
Does any such capacity exist for gnuplot? My guess is it does not.
Gnuplot itself cannot handle encrypted files, but you can use an external tool like openssl to encrypt and decrypt your scripts and pipe the decrypted script to gnuplot:
Encrypt:
openssl aes-256-cbc -in foobar.gp -out foobar-enc.gp -pass file:foobar.pwd
Decrypt and execute gnuplot:
openssl aes-256-cbc -d -in foobar-enc.gp -pass file:foobar.pwd | gnuplot
That capacity does not exist in gnuplot.
Related
I have the job of converting some bash scripts to run on Node in an AWS Lambda. The scripts encode and decode some files. As the files are used externally I have to keep the encryption unchanged.
The files are encrypted with the command
openssl -e -aes-256-cbc -base64 -salt -in $filein -out $fileout -k $key
and decrypted with
openssl -d -aes-256-cbc -base64 -salt -in $filein -out $fileout -k $key
I've tried just wrapping the openssl calls but openssl is no longer installed in the Node Lambda runtime.
I've tried using the node:crypto module and searching stackoverflow but don't really understand enough about encryption and how openssl works to have a chance of writing any code. For example I can't work out how to get the iv to use when decrypting the file.
So is it possible to reproduce these openssl commands with node?
My backup plan is to build a container or Lambda Layer containing SSL and use one of the SSL wrappers but I'd prefer not to do that if I can help it.
I'm trying to encrypt a stdout stream to a file located on a removable drive.
However, as the drive can be removed at an arbitrary time, I am wondering how to manage this?
I have tried using openssl and a 256-bit AES cipher but unsurprisingly I get block length errors on the decrypt.
My bash scripts do this:
Encrypt:
openssl aes-256-cbc -a -salt -pass file:"$KEY_FILE"
Decrypt:
openssl aes-256-cbc -d -a -pass file:"$KEY_FILE"
Unfortunately I'm on an embedded system so not many binaries included beyond what is necessary. Bash and openssl are present however.
Which programme or command do you use to extract the public key from a p12 protected with a password? I am trying with the command hydrabut i think it only works along networks
You can use openssl to check, convert etc. a p12 file.
E.g.:
openssl pkcs12 -info -in example.p12
or
openssl pkcs12 -in example.p12 -out example.pem -nodes
etc.
You can make openssl read the password from a file or stdin. E.g.:
openssl [...] -pass stdin
See man page for openssl for more ideas.
I'm using the OpenWrt Linux distribution and I want to encrypt a file using AES.
How can I do that quickly and easily, and how can I—or someone else—decrypt it again?
The quickest and easiest way is to use openssl util (provided by openssl-util package). For example, to encrypt a file, issue the following command:
openssl enc -aes-256-cbc -in file.txt -out file.enc
To decrypt:
openssl enc -d -aes-256-cbc -in file.enc -out file.dec
The openssl encryption is not a good solution according to this, so please don't use it.
I've used https://www.aescrypt.com/ in the past and I was happy with it. If you want something that has been around for a while - that's not a bad start. It also has both a UI and a cli.
The fact that there is no small, easy to use and super simple cli tool for this purpose annoyed me so much that I sat down and wrote this
https://github.com/ro-tex/aes256cli. I literally wrote it while this discussion was open on my screen, so I'm making no claims as to how good of a solution it is. I just wanted something that will do what I need with zero friction and this is good enough for me.
To encode:
cat 'yourfile' | openssl aes-128-cbc > 'encrypted file'
To decode: First, you have to remember your password which you used to encode, then:
cat 'encrypted file' | openssl enc -d -aes-128-cbc -k 'Your password' > 'decrypted file'
I have the following command but it doesn't work for me...
cd /etc/postfix/ssl/ && openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 <<PASS
password
password
PASS
UPDATE:
The output is:
109 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
...............................++++++
...........++++++
e is 65537 (0x10001)
Enter pass phrase for smtpd.key:
It should auto answer the question and put password automaticaly.
I always use HEREDOC for automating my Q&A on bash and work fine...
What is the problem here?
OpenSSL (and OpenSSH) takes measures to read the password directly from the terminal, rather than from stdin, as a security measure.
However there are a load of ways to supply passwords to OpenSSL. Check man openssl for the section PASS PHRASE ARGUMENTS.
So you could do:
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 -passout "pass:mypassword"
... but per the manpage: "Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important"
Or you could do:
printf '%s\n' "$PASS" | {
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 -passout fd:3
} 3<&0
... which is supposedly more secure than other options because the password won't show up in ps.
As #Graeme said HERE
I can do with heredoc like so:
I have to add -passout stdin for openssl to read from stdin.
cd /etc/postfix/ssl/ && openssl genrsa -passout stdin -des3 -rand /etc/hosts -out smtpd.key 1024 <<PASS
password
PASSW