View previous topic :: View next topic |
Author |
Message |
psycho Guru
Joined: 22 Jun 2007 Posts: 534 Location: New Zealand
|
Posted: Mon Sep 24, 2012 10:43 am Post subject: how can a shell script grab a password from stdin? [SOLVED] |
|
|
I'm testing tcplay, the free-as-in-freedom implementation of truecrypt. It's working fine: I haven't created any volumes with it yet, but it reads my existing truecrypt volumes without any problems.
Except for one: the proprietary truecrypt command has a --password switch that makes it possible to send passwords to it from, for example, zenity gui dialogs. Annoyingly, tcplay doesn't implement this, so it's necessary to open a terminal window to mount volumes.
Is there a way to send a password to stdin for any program that's expecting input? Like, using the "expect" command? I've read the "expect" docs and can't figure out how to do it. Later I'll edit my zenity scripts so they're reading in the password rather than having it stored plaintext in a script, but for now I'd be grateful if anyone knows how to do something like this in bash:
Code: |
password="foobar123"
echo $password | tcplay -d /dev/sdx -m truecrypt1
|
...so that tcplay accepts the password from the shell script rather than from the user's typing. Obviously piping it as above doesn't work: is there a way to make it work using something like "expect" and {"Password: "} or whatever?
Last edited by psycho on Thu Oct 04, 2012 5:18 am; edited 1 time in total |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Mon Sep 24, 2012 4:23 pm Post subject: |
|
|
Well, expect isn't too bad...
Supposedly it should work something like this, but I have never used tcplay so I don't know how to do it... (I use dmcrypt...)
Code: | #!/usr/bin/expect
spawn tcplay -d /dev/sdx -m truecrypt1
expect "Password:"
send "My_Password\r"
expect eof
|
Now I'm not sure of the value of full disk encryption when the password is stored on disk? I certainly do NOT automount my encrypted volumes, they require me to manually type in password. Another possibility is putting your private key on a USB stick and do not encrypt the private key, but you must have the USB stick inserted to mount. And keep the USB stick in your pocket when you don't need the key... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
psycho Guru
Joined: 22 Jun 2007 Posts: 534 Location: New Zealand
|
Posted: Tue Sep 25, 2012 1:07 am Post subject: |
|
|
Thanks eccerr0r. I'll give expect a go.
eccerr0r wrote: | Now I'm not sure of the value of full disk encryption when the password is stored on disk? |
It's typed into a zenity dialogue, and then becomes a variable in a bash script, and from there to tcplay...I agree that this isn't ideal, but I don't think it exists even for an instant "on disk", not even in /tmp, and I don't use swap. Anyway, my stuff's only encrypted so a casually curious thief can't go through my personal emails and photos after stealing my computer...if anyone were really so interested s/he wanted to make a determined effort to bust in, I'd be flattered and would hate to deprive them of the fruits of their labours.
|
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9532 Location: beyond the rim
|
Posted: Tue Sep 25, 2012 9:40 am Post subject: |
|
|
Question is if tcplay accepts passwords on stdin, or grabs it directly from keyboard like ssh. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Tue Sep 25, 2012 6:25 pm Post subject: |
|
|
Theoretically it shouldn't matter with expect, I thought expect would open a new pty for the subprocess and expect will have full control of the "keyboard" of the subprocess. You can use expect with ssh and telnet without any problems.
Expect is a neat tool... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
psycho Guru
Joined: 22 Jun 2007 Posts: 534 Location: New Zealand
|
Posted: Thu Oct 04, 2012 5:17 am Post subject: |
|
|
Thank you eccerr0r: it works nicely with your script below. The only thing I added was because the default had it sitting there for about ten seconds before sending the password. Now I'll build the zenity script around that snippet. Thanks again.
eccerr0r wrote: | Well, expect isn't too bad...
Supposedly it should work something like this, but I have never used tcplay so I don't know how to do it... (I use dmcrypt...)
Code: | #!/usr/bin/expect
spawn tcplay -d /dev/sdx -m truecrypt1
expect "Password:"
send "My_Password\r"
expect eof
|
|
|
|
Back to top |
|
|
BitJam Advocate
Joined: 12 Aug 2003 Posts: 2508 Location: Silver City, NM
|
Posted: Thu Oct 04, 2012 6:13 am Post subject: |
|
|
Here is what I did: Code: | while true; do
echo -n "Enter new (non-visible) password for user $user: "
stty -echo
read NEW_PASSWORD
stty echo
echo
[ "${#NEW_PASSWORD}" -lt "8" ] && break
echo -n "Verify new password for user $user: "
stty -echo
read new_password2
stty echo
echo
[ "$NEW_PASSWORD" = "$new_password2" ] && break
echo -e "\nThe two passwords you typed in didn't match. Please try again."
done |
|
|
Back to top |
|
|
|