Develop Reference

How can I provide a password to openssl enc in a bash script?

i have a bash script to dump mysql and making tar and protect it with openssl
tar -cf ${DB}_${DATE}.tar *.sql | openssl enc -aes-256-cbc -pbkdf2 -e > ${DB}_${DATE}.tar.gz.enc > /dev/null 2>&1
but my bash script will stop because of ask password
how can i fill the passwords in bash script ?

As the manual tells you, -pass source specifies a location from which openssl will read the password to use.
Assuming this is a bash script instead of a sh script, you can use process substitution:
tar -czf "${DB}_${DATE}.tar" *.sql |
openssl enc -aes-256-cbc -pbkdf2 -e -pass file:<(echo "password") \
>"${DB}_${DATE}.tar.gz.enc" 2>/dev/null
Note that redirecting stderr to /dev/null is a bad idea -- I'm doing it because it's what your original code did, but it makes it impossible to troubleshoot failures.

Script to get domain's SSL expiry date

I want to create a bash script that takes url as an argument.
for ex: ./scriptname https://domainame.com/
Current one works with with domainname.com but not with the full URL.
I get this error when I try to enter the full URL,
unable to load certificate
140398535546784:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
This is the one I have currently have,
#!/bin/bash
echo | openssl s_client -connect $1:443 2> /dev/null | \
openssl x509 -noout -enddate | \
cut -d = -f 2

A quick fix is to cut the parts of protocol and path out of the url
#!/bin/bash¬
NoProtocol="${1//https:\/\//}"¬
DomainOnly="${NoProtocol%%/*}"¬
¬
echo | openssl s_client -connect ${DomainOnly}:443 2> /dev/null | \¬
openssl x509 -noout -enddate | \¬
cut -d = -f 2¬

different openssl responses in different shells

The following works in bash (/bin/bash):
Code:
echo "U2FsdGVkX198UexvhHEtfC7iLbT3awAfla77fvSjZQJ0LC4GmDMeLOghPWXpyy6e" | openssl aes-128-cbc -a -d -salt -pass file:<( echo -n "toy" )
Fri Sep 15 15:20:01 PDT 2017
But fails when run in sh (/bin/sh):
Code:
echo "U2FsdGVkX198UexvhHEtfC7iLbT3awAfla77fvSjZQJ0LC4GmDMeLOghPWXpyy6e" | openssl aes-128-cbc -a -d -salt -pass file:<( echo -n "toy" )
sh: 15: Syntax error: "(" unexpected
is there a way around this?
As you can see here, i'm using a named pipe for the password and id like to continue doing that. I just need this (or a very close variation of it) to work in /bin/sh.
OS: All Unix flavors.

You can use a named pipe explicitly:
mkfifo passwd
printf '%s' "toy" > passwd &
echo "U2FsdGVkX198UexvhHEtfC7iLbT3awAfla77fvSjZQJ0LC4GmDMeLOghPWXpyy6e" |
openssl aes-128-cbc -a -d -salt -pass file:passwd
rm passwd

OpenSSL: Bad magic number using command line tool

For background, I am working through the Matasano Crypto Challenges. One of the problems (Set1, Challenge 7) is to decrypt an AES-128 ECB mode file with a given key, YELLOW SUBMARINE.
The file is base64 encoded and I can decrypt the file in Python but I cannot using the Windows 10 openssl command line tool.
The command I am running is:
openssl aes-128-ecb -d -a -in 7.txt -pass pass:"YELLOW SUBMARINE"
When I run this I am told that I have a bad magic number.
Does anyone have an idea of why I am getting this error?

Looks like the -pass option doesn't like the space in the passphrase.
You can use the option -K with the hexadecimal key like this:
openssl aes-128-ecb -d -a -K 59454c4c4f57205355424d4152494e45 -in 7.txt
Or use the passphrase directly with this command:
openssl aes-128-ecb -d -a -in 7.txt -K $(echo -n "YELLOW SUBMARINE" | hexdump -v -e '/1 "%02X"')

Just for completeness: encrypting with -a params ( Perform base64 encoding/decoding (alias -base64) ) and decrypting without it ( or vice-versa ), bad magic number given.

Error: 'zlib' is an invalid command

How can I run this command in OSX?
dd if=mybackup.ab bs=24 skip=1|openssl zlib -d > mybackup.tar
When I run this I get the following errors
$ dd if=mybackup.ab bs=24 skip=1|openssl zlib -d > mybackup.tar
dd: mybackup.ab: No such file or directory
openssl:Error: 'zlib' is an invalid command.
Standard commands
asn1parse ca ciphers crl crl2pkcs7
dgst dh dhparam dsa dsaparam
ec ecparam enc engine errstr
gendh gendsa genrsa nseq ocsp
passwd pkcs12 pkcs7 pkcs8 prime
rand req rsa rsautl s_client
s_server s_time sess_id smime speed
spkac verify version x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc seed-cfb
seed-ecb seed-ofb

Openssl on mac is compiled without zlib support. Alternative method described in this article works on my Yosemite:
dd if=backup.ab bs=1 skip=24 | python -c "import zlib,sys;sys.stdout.write(zlib.decompress(sys.stdin.read()))" | tar -xvf -
Optionaly, if you just want to convert it into tar archive:
dd if=backup.ab bs=1 skip=24 | python -c "import zlib,sys;sys.stdout.write(zlib.decompress(sys.stdin.read()))" > backup.tar
It skips first 24 bytes of Android header and then uncompresses zlib data.

Just fix it
Get latest version from OpenSSL Official Repo.
$ wget https://www.openssl.org/source/openssl-1.1.0e.tar.gz
$ tar -zxvf openssl-1.1.0e.tar.gz
$ cd openssl-1.1.0e
Configure OpenSSL with zlib support
$ ./config zlib
$ make
$ sudo make install
Happy days
$ which openssl
/usr/local/bin/openssl