使用 OpenSSL 工具撰写 Bash 脚本进行密码明文的加密与解密

使用 OpenSSL 工具进行密码明文的加密与解密

Written By: Xinyao Tian

简介

本文档描述了使用 OpenSSL 工具在 Bash 脚本中对密码进行加密和解密的简单方式。

BASE64 的加密与解密脚本

使用 Base64 算法进行密码的加密

脚本名称为 encryptPasswd.sh, 脚本内容如下:

#!/bin/bash
# Script developed by Xinyao Tian on 2023/08/10

echo "INFO: Encrypting plain text password through $0"

passwd_plaintext=$1

passwd_encrypted=`echo $passwd_plaintext | openssl enc -base64`

echo "INFO: Encrypted password is:"

echo $passwd_encrypted

使用 Base64 算法进行密码的解密

脚本名称为 decryptPasswd.sh, 脚本内容如下:

#!/bin/bash
# Script developed by Xinyao Tian on 2023/08/10

echo "INFO: Decrypting encryped password through $0"

passwd_encrypted=$1

passwd_plaintext=`echo $passwd_encrypted | openssl enc -base64 -d` 

echo "INFO: Decrypted password is:"

echo $passwd_plaintext

使用方法

检视目录中的脚本:

[flinkrt@p0-tkldmp-rc01 ~]$ ls -l
total 8
-rwxr--r-- 1 flinkrt flinkrt 217 Aug 10 14:21 decryptPasswd.sh
-rwxr--r-- 1 flinkrt flinkrt 212 Aug 10 14:19 encryptPasswd.sh

加密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./encryptPasswd.sh 123456
INFO: Encrypting plain text password through ./encryptPasswd.sh
INFO: Encrypted password:
MTIzNDU2Cg==

解密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./decryptPasswd.sh MTIzNDU2Cg==
INFO: Decrypting encryped password through ./decryptPasswd.sh
INFO: Decrypted password is:
123456

BASE64-withPassphrase 的加密与解密脚本

使用 BASE64-withPassphrase 算法进行密码的加密

脚本名称为 encryptPasswdWithKey.sh, 脚本内容如下:

#!/bin/bash

# ------ #
# Script developed by Xinyao Tian on 2023/08/10
# Quick developed for Network Protection Operation 2023
# ------ #

echo "INFO: Encrypting plain text password through $0"

passwd_plaintext=$1

passphrase=$2

integrated_passwd="$passphrase$passwd_plaintext"

passwd_encrypted=`echo $integrated_passwd | openssl enc -base64`

echo "INFO: Encrypted password is:"

echo $passwd_encrypted

使用 Base64 算法进行密码的解密

脚本名称为 decryptPasswdWithKey.sh, 脚本内容如下:

#!/bin/bash

# ------ #
# Script developed by Xinyao Tian on 2023/08/10
# Quick developed for Network Protection Operation 2023
# ------ #

echo "INFO: Decrypting encryped password through $0"

passwd_encrypted=$1

integrated_passwd=`echo $passwd_encrypted | openssl enc -base64 -d` 

passphrase=$2

lengthOfPassphrase=`echo ${#passphrase}`

passwd_plaintext=`echo ${integrated_passwd: lengthOfPassphrase}`

echo "INFO: Decrypted password is:"

echo $passwd_plaintext

使用方法

检视目录中的脚本:

[flinkrt@p0-tkldmp-rc01 ~]$ ls -l | grep WithKey
-rwxr--r-- 1 flinkrt flinkrt 341 Aug 10 14:56 decryptPasswdWithKey.sh
-rwxr--r-- 1 flinkrt flinkrt 281 Aug 10 14:52 encryptPasswdWithKey.sh

加密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./encryptPasswdWithKey.sh 123456 ~HbATOlWRYD%Ja0WcOpQ9,mcK+~YMLuP
INFO: Encrypting plain text password through ./encryptPasswdWithKey.sh
INFO: Encrypted password is:
fkhiQVRPbFdSWUQlSmEwV2NPcFE5LG1jSyt+WU1MdVAxMjM0NTYK

解密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./decryptPasswdWithKey.sh fkhiQVRPbFdSWUQlSmEwV2NPcFE5LG1jSyt+WU1MdVAxMjM0NTYK ~HbATOlWRYD%Ja0WcOpQ9,mcK+~YMLuP
INFO: Decrypting encryped password through ./decryptPasswdWithKey.sh
INFO: Decrypted password is:
123456

BASE64-withFixedPassphrase 的加密与解密脚本

使用 BASE64-withFixedPassphrase 算法进行密码的加密

脚本名称为 encryptPasswdWithFixedKey.sh, 脚本内容如下:

#!/bin/bash

# ------ #
# Script developed by Xinyao Tian on 2023/08/10
# Quick developed for Network Protection Operation 2023
# ------ #

echo "INFO: Encrypting plain text password through $0"

passwd_plaintext=$1

passphrase=GMPHwOqsIoCsqaEAYIoSRWEfcfQ2kA52tFXDbtri0I8oW2cLAR

integrated_passwd="$passphrase$passwd_plaintext"

passwd_encrypted=`echo $integrated_passwd | openssl enc -base64`

echo "INFO: Encrypted password is:"

echo $passwd_encrypted

使用 Base64 算法进行密码的解密

脚本名称为 decryptPasswdWithFixedKey.sh, 脚本内容如下:

#!/bin/bash

# ------ #
# Script developed by Xinyao Tian on 2023/08/10
# Quick developed for Network Protection Operation 2023
# ------ #

echo "INFO: Decrypting encryped password through $0"

passwd_encrypted=$1

integrated_passwd=`echo $passwd_encrypted | openssl enc -base64 -d` 

passphrase=GMPHwOqsIoCsqaEAYIoSRWEfcfQ2kA52tFXDbtri0I8oW2cLAR

lengthOfPassphrase=`echo ${#passphrase}`

passwd_plaintext=`echo ${integrated_passwd: lengthOfPassphrase}`

echo "INFO: Decrypted password is:"

echo $passwd_plaintext

使用方法

检视目录中的脚本:

[flinkrt@p0-tkldmp-rc01 ~]$ ls -l | grep WithKey
-rwxr--r-- 1 flinkrt flinkrt 341 Aug 10 14:56 decryptPasswdWithKey.sh
-rwxr--r-- 1 flinkrt flinkrt 281 Aug 10 14:52 encryptPasswdWithKey.sh

加密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./encryptPasswdWithKey.sh 123456 ~HbATOlWRYD%Ja0WcOpQ9,mcK+~YMLuP
INFO: Encrypting plain text password through ./encryptPasswdWithKey.sh
INFO: Encrypted password is:
fkhiQVRPbFdSWUQlSmEwV2NPcFE5LG1jSyt+WU1MdVAxMjM0NTYK

解密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./decryptPasswdWithKey.sh fkhiQVRPbFdSWUQlSmEwV2NPcFE5LG1jSyt+WU1MdVAxMjM0NTYK ~HbATOlWRYD%Ja0WcOpQ9,mcK+~YMLuP
INFO: Decrypting encryped password through ./decryptPasswdWithKey.sh
INFO: Decrypted password is:
123456

AES256CBC-withFixedPassphrase 的加密与解密脚本

使用 AES256CBC-withFixedPassphrase 算法进行密码的加密

脚本名称为 encryptAES256.sh, 脚本内容如下:

#!/bin/bash

# ------ #
# Script developed by Xinyao Tian on 2023/08/10
# Quick developed for Network Protection Operation 2023
# ------ #

echo "INFO: Encrypting plain text password through $0"

passwd_plaintext=$1

passwd_encrypted=`echo -n $passwd_plaintext | openssl enc -e -aes-256-cbc -a -salt -k SEvjsEbM7SHmI9Ow`

echo "INFO: Encrypted password is:"

echo $passwd_encrypted

使用 Base64 算法进行密码的解密

脚本名称为 decryptAES256.sh, 脚本内容如下:

#!/bin/bash

# ------ #
# Script developed by Xinyao Tian on 2023/08/10
# Quick developed for Network Protection Operation 2023
# ------ #

echo "INFO: Decrypting encryped password through $0"

passwd_encrypted=$1

passwd_plaintext=`echo $passwd_encrypted | openssl aes-256-cbc -a -d -salt -k SEvjsEbM7SHmI9Ow` 

echo "INFO: Decrypted password is:"

echo $passwd_plaintext

使用方法

检视目录中的脚本:

[flinkrt@p0-tkldmp-rc01 ~]$ ls -l | grep AES
-rwxr--r-- 1 flinkrt flinkrt 373 Aug 10 16:24 decryptAES256.sh
-rwxr--r-- 1 flinkrt flinkrt 382 Aug 10 16:27 encryptAES256.sh

加密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./encryptAES256.sh 123456
INFO: Encrypting plain text password through ./encryptAES256.sh
INFO: Encrypted password is:
U2FsdGVkX18dXFeLgjDD4hnZshk6tYr999gpzgWQ7YU=

解密使用方法如下:

[flinkrt@p0-tkldmp-rc01 ~]$ ./decryptAES256.sh U2FsdGVkX18dXFeLgjDD4hnZshk6tYr999gpzgWQ7YU=
INFO: Decrypting encryped password through ./decryptAES256.sh
INFO: Decrypted password is:
123456

References

• Using OpenSSL to encrypt messages and files on Linux