Project

General

Profile

Purity Monitors - Experts Only - Passwords

This is how passwords are stored for several applications, such as the ELog plots for the purity monitors and the Java OPC client for the MicroBooNE cyrogenics system.

Getting the Software

aescrypt is used for encrypting usernames and passwords. This is a lot better than simply using a text file. To grab and install aescrpyt:

wget https://www.aescrypt.com/download/v3/linux/aescrypt-3.10.tgz
tar xzf aescrypt-3.10.tgz
cd aescrypt-3.10/src
make
cp aescrypt ~/bin/
cp aescrypt_keygen ~/bin/

That will install everything.

The File with the Login Information

Put a file called .pass.txt in your home directory with the login information you need. Here's an example for the ECL:

ECL username password

Encrypting a Username and Password

This assumes you have a .pass.txt file. Come up with a password for your passwords, here randomString. This is a cool site to help with password creation. I strongly encourage you to not include punctuation as it can screw-up bash. To encrypt it, do this:

aescrypt -e -p randomString .pass.txt

To Decrypt and Show the .pass.txt File on Screen

aescrypt -d -p randomString -o - .pass.txt.aes

Updating a Password or Adding an Entry

Say you need to update a password. To do so, decrypt the .pass.txt.aes file the encryption created:

aescrypt -d -p randomString -o - .pass.txt.aes > .pass.txt

Open up the .pass.txt file with you favorite editor and update it. You can then encrypt it again using this:

aescrypt -e -p newRandomString .pass.txt

You should then remove the .pass.txt file!

rm .pass.txt

Using All of This in Practice

In the directory of the script you are running that needs the password, put a file called pass.aes containing the randomString from above. It is important that your pass.aes file and/or your .pass.txt.aes file be protected against unauthorized reading. Ideally both should be protected. Otherwise anyone who reads and understands this page can use pass.aes and aesdecrypt to get your password from .pass.txt.aes. The script needing the login information will be able to find it the password it needs. Do not use the decrypted password in any command line argument, as command-line arguments can be easily seen by any user using ps or /proc/.