Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Encrypt the script file

Buffavento wrote:

We are talking about built in function for WinSCP.exe. Basically WinSCP encrypt a text file using with its own algorithm that only decrypt with WinSCP as well for converting encrypted file to text file line by line while processing.

I understand the topic very well. What would prevent an attacker from using the same algorithm as WinSCP to decrypt the password? An encryption without a password (or any other form of a secret key) is not an encryption. It's just an obfuscation.
See also https://en.wikipedia.org/wiki/Security_through_obscurity
Buffavento

Re: Encrypt the script file

martin wrote:

You didn't answer my question, so once again: To encrypt something you need a password. Where would WinSCP take the password from?


Hi Martin,

I think you did not understand the topic. There is no password for encryption. We are talking about built in function for WinSCP.exe. Basically WinSCP encrypt a text file using with its own algorithm that only decrypt with WinSCP as well for converting encrypted file to text file line by line while processing.

Thats it. Thanks.
martin

Re: Encrypt the script file

You didn't answer my question, so once again: To encrypt something you need a password. Where would WinSCP take the password from?
Buffavento

Re: Encrypt the script file

martin wrote:

How? To encrypt something you need a password. Where would WinSCP take the password from?


Think that WinSCP can read txt files and encrypted files that encrypted with WinSCP.
Let me explain via example I've mentioned earlier.

Ex: normal-script.txt
open ftp://adminuser:xyzpassword@10.10.10.10
lcd "C:\temp"
cd /buffavento
put *
close
exit

normal-script.txt file can read WinSCP also if your developers add one feature to WinSCP that WinSCP can convert this text file to encrypted text file like below
encrypted-file.txt
Ency32487239723948!
32894u32984uwekfjwekfhkjfhwkejf3287498327498987987987@@£@!£!@£!@£!@£
23jkne213871236871263871263
dsfnsdfjbmsdfb!@£!@£!
sdfjhskjdfh213123123@£@£
dsfjjk
dsfjkhksjdfh


As you know we can use WinSCP in command line like
WinSCP.exe" /console /script=normal-script.txt

if WinSCP encrypted the text script file like above then we can copy the encrypted file to untrusted environment and we can run the WinSCP like
WinSCP.exe" /console /script=encrypted-file.txt

The logic is so simple actually.

What other product?

I dont know the full name but it should be called Pyro
martin

Re: Encrypt the script file

Buffavento wrote:

I mean, WinCSP can encrypt the normal text script file then it can read their own encrypted file.

Ex: I can write normal script file.
WinSCP can ask me "do you want to encrypt this text file?"
if I say Yes, WinSCP can create encrypted file that can used as script file as well.
It means that I can use encrypted or plain text file as a script.

How? To encrypt something you need a password. Where would WinSCP take the password from?

Look at the other product examples.

What other product?
Buffavento

Re: Encrypt the script file

martin wrote:

Buffavento wrote:

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

That's technically impossible. How can you encrypt something in a way that only WinSCP can decrypt it?

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation


I mean, WinCSP can encrypt the normal text script file then it can read their own encrypted file.

Ex: I can write normal script file.
WinSCP can ask me "do you want to encrypt this text file?"
if I say Yes, WinSCP can create encrypted file that can used as script file as well.
It means that I can use encrypted or plain text file as a script.

Look at the other product examples.
martin

Re: Encrypt the script file

Buffavento wrote:

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

That's technically impossible. How can you encrypt something in a way that only WinSCP can decrypt it?

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation
Buffavento

Encrypt the script file

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

ScriptFile.scp:
option batch continue
option confirm off
open ftp://adminuser:xyzpassword@10.10.10.10
option transfer binary
lcd "C:\temp"
cd /buffavento
put *
close
exit


We want like this type of script file solution (if some one access it noting to steal in file)
EncryptedScriptFile.escp:
Ency32487239723948!

fsdjlfkj2394892348n932489238239847
234u23948uefkjdfhksdjfh32hr87hr87hr
32894u32984uwekfjwekfhkjfhwkejf3287498327498987987987@@£@!£!@£!@£!@£
23jkne213871236871263871263
dsfnsdfjbmsdfb!@£!@£!
sdfjhskjdfh213123123@£@£
dsfjjk
dsfjkhksjdfh
martin

Re: Encryption

scrablevision2 wrote:

Does your software have encryption included?

Can you explain us, what you mean specifically?
scrablevision2

Encryption

Does your software have encryption included?
dbkcis

Re: Encrypt password in script file.

That was just what I was looking for. Thanks Martin!
dbkcis

Re: Encrypt password in script file.

Is it possible to hide the script within, and access it directly from, an SSIS package?

Thanks,
David
martin

Re: Encrypt password in script file.

Teh best way is to encrypt the script using Windows file-level encryption.
mart

Encrypt password in script file.

Hello,

I will like make automation with winscp scripting but i'dont like show password in the script.

What is the best way to encrypt password directly in the scrypt...?

open scp://mart:PASSWORD ENCRYPTED@server -hostkey="ssh-rsa 2048 ..."

Regard,

mart