Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yet I like to interpret this password on the command line using svn checkout,
so I do not have to type in my password ( which is visible on the command line):
Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?
Distribution: Kubuntu 14.04 (Dell Linux-preinstalled laptop + 2 other laptops)
Posts: 117
Rep:
how is "only text" a problem?
I would like to help you but am not familiar with "svn checkout"; do I need to be, in order to help you?
Please explain your question a bit ... how does exporting the variable SVNPASS cause it to interpret it as "text", and how is this not you want?
I presume that you would like the variable SVNPASS to contain the text {AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=
which is exactly what your command above should do: export SVNPASS=`cat <../passwd/passwd.txt`
There are several possibilities of what you mean:
If you did exactly the above but SVNPASS failed to contain the text above, it may be because use of the backticks ` is specific to bash and you're actually using a different shell (for example, Ubuntu Linux uses /bin/dash for script files but /bin/bash for interactive shells). You'd want to use the more correct notation with "$( )":
export SVNPASS=$(cat <../passwd/passwd.txt)
If you actually need the SVNPASS to contain the text *after* where it says "{AES}" --that is, you want to remove the first 5 characters from the string above and only contain yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY= then there are several ways you can do this, such as
Unfortunately, the svn package doesn't install manpages. You may need to provide more info. Installing the subversion-doc package, I can't find the string "SVNPASS".
I don't understand if you encrypted your password, or created a hash? A hash is a one way function, so you won't get the password back. If you encrypted your password, so you can save it in a file, you need a passphrase to decrypt it, so what is the point.
There are several types of aes encryption handled by openssl, so I don't know which you are using. Sometimes you can run into a problem if you included or excluded a newline.
Distribution: Kubuntu 14.04 (Dell Linux-preinstalled laptop + 2 other laptops)
Posts: 117
Rep:
Agree with jschiwal; that was the other possible thing you meant. To clarify, it's possible that you mean this:
Suppose your password is aardvark, and SVN hashes your password and stores it as the string you gave above: {AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=
Are you trying to obtain the word "aardvark" from the long string above? It's not possible. The whole point of hashing the password is so that you can't obtain the original password again; you would need to know the original password in the first place.
If you actually encrypted your password (not hashed but encrypted) then you should already know how to decrypt the password. This would be the case if you used a program like "bcrypt" or "openssl enc". If you used "md5" or "crypt" then that's a one-way hash, not encryption. If that was the output from SVN, then it's likely a hash, not encryption.
That looks like a base64 encoded string to me. In which cause it wouldn't make much sense to base64 encode a hash. I am going to put my money on an AES encrypted string that is base64 encoded with '{AES}' pre-pended to it.
Distribution: Kubuntu 14.04 (Dell Linux-preinstalled laptop + 2 other laptops)
Posts: 117
Rep:
If nomb is right, then some program has AES-encrypted a string. I wonder if it's SVN? But how would SVN decrypt the string? It would need to have a password --either typed in by the user, in which case why store the encrypted password in the first place?-- or already stored somewhere on file --in which case why not just store the original password?
Anyway, think we need more info before proceeding.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.