Hi,

I am fiddling around using an AES encrypted password which is stored in passwd.txt:

cat ../passwd/passwd.txt
{AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=


Yet I like to interpret this password on the command line using svn checkout,
so I do not have to type in my password ( which is visible on the command line):

Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?


The alternative is to type in the password on the command line, but this needs to be invisible eitehr showing #, * or "hidden".
the last option is described: http://www.tech-recipes.com/rx/278/h...-shell-script/

I would like to help you but am not familiar with "svn checkout"; do I need to be, in order to help you?

Please explain your question a bit ... how does exporting the variable SVNPASS cause it to interpret it as "text", and how is this not you want?

I presume that you would like the variable SVNPASS to contain the text
{AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=
which is exactly what your command above should do: export SVNPASS=`cat <../passwd/passwd.txt`

There are several possibilities of what you mean:

If you did exactly the above but SVNPASS failed to contain the text above, it may be because use of the backticks ` is specific to bash and you're actually using a different shell (for example, Ubuntu Linux uses /bin/dash for script files but /bin/bash for interactive shells). You'd want to use the more correct notation with "$( )":

export SVNPASS=$(cat <../passwd/passwd.txt)

If you actually need the SVNPASS to contain the text *after* where it says "{AES}" --that is, you want to remove the first 5 characters from the string above and only contain yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY= then there are several ways you can do this, such as

export SVNPASS=$(tail --bytes=+6 ../passwd/passwd.txt)

which uses the "tail" command to start from the 6th character of your file, or

export SVNPASS=$(sed -e 's/^{AES}//' ../passwd/passwd.txt)

which uses "sed" to remove any occurrence of "{AES}" at the start of the string.

Otherwise, please specify a bit more --exactly how does "svn checkout" use $SVNPASS?

Unfortunately, the svn package doesn't install manpages. You may need to provide more info. Installing the subversion-doc package, I can't find the string "SVNPASS".

I don't understand if you encrypted your password, or created a hash? A hash is a one way function, so you won't get the password back. If you encrypted your password, so you can save it in a file, you need a passphrase to decrypt it, so what is the point.

There are several types of aes encryption handled by openssl, so I don't know which you are using. Sometimes you can run into a problem if you included or excluded a newline.

Agree with jschiwal; that was the other possible thing you meant. To clarify, it's possible that you mean this:

Suppose your password is aardvark, and SVN hashes your password and stores it as the string you gave above:
{AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=

Are you trying to obtain the word "aardvark" from the long string above? It's not possible. The whole point of hashing the password is so that you can't obtain the original password again; you would need to know the original password in the first place.

If you actually encrypted your password (not hashed but encrypted) then you should already know how to decrypt the password. This would be the case if you used a program like "bcrypt" or "openssl enc". If you used "md5" or "crypt" then that's a one-way hash, not encryption. If that was the output from SVN, then it's likely a hash, not encryption.

That looks like a base64 encoded string to me. In which cause it wouldn't make much sense to base64 encode a hash. I am going to put my money on an AES encrypted string that is base64 encoded with '{AES}' pre-pended to it.

If nomb is right, then some program has AES-encrypted a string. I wonder if it's SVN? But how would SVN decrypt the string? It would need to have a password --either typed in by the user, in which case why store the encrypted password in the first place?-- or already stored somewhere on file --in which case why not just store the original password?

Anyway, think we need more info before proceeding.