Linux bash shell script with password hide for truecrypt

Question

I try to create my own linux bash script that calls truecrypt for mounting. As option a need to set the password for the truecrypt file. I can do this inside the bash script but if someone open it, they can see the password. The script will later run automatically.

My question: Is there some safe way to hide/encrypt the password?

Example:

truecrypt --mount --password="testing" /home/username/test.tc /home/username/mount/

Thanks for any help!

Answer 1

Use SHC. It encrypts shell scripts using RC4 and makes an executable binary out of the shell script which you can run.

Download SHC(http://www.datsi.fi.upm.es/~frosal/) and install it.

Create a shell script with in "truecrypt --mount --password="testing" /home/username/test.tc /home/username/mount/" andsave it as "yourfilename.sh".

Now, run the command :

shc -f yourfilename.sh

The switch "-f" specifies the source script to encrypt. The above command will create two files: yourfilename.sh.x.c and yourfilename.sh.x.

The program "shc" creates C source code out of your shell script then encrypts it (yourfilename.sh.x.c). The encrypted shell script is: yourfilename.sh.x. Run that binary and it executes your commands:

./script.sh.x

Answer 2

There is no safe way to store the password without someone being able to read it. The only options you have are to use user rights to limit who can see it. You can make the script readable only to the user who's password is in it as one options. Another is to have the script read the password from a file which has a similar permission set (this just gives you more flexibility with updating the script and such).

Ultimately though any admin/superuser can read the file anyways so this isn't something you can do safely. The thing most people suggest is to have the script run automatically and present a GUI for the user to input their password. These vary based on your distribution but they are usually there.