Encrypt password in script file.

Advertisement

mart
Guest

Encrypt password in script file.

Hello,

I will like make automation with winscp scripting but i'dont like show password in the script.

What is the best way to encrypt password directly in the scrypt...?

open scp://mart:PASSWORD ENCRYPTED@server -hostkey="ssh-rsa 2048 ..."

Regard,

mart

Reply with quote

Advertisement

dbkcis
Guest

Re: Encrypt password in script file.

Is it possible to hide the script within, and access it directly from, an SSIS package?

Thanks,
David

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Encryption

scrablevision2 wrote:

Does your software have encryption included?
Can you explain us, what you mean specifically?

Reply with quote

Buffavento
Guest

Encrypt the script file

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

ScriptFile.scp:
option batch continue
option confirm off
open ftp://adminuser:xyzpassword@10.10.10.10
option transfer binary
lcd "C:\temp"
cd /buffavento
put *
close
exit

We want like this type of script file solution (if some one access it noting to steal in file)
EncryptedScriptFile.escp:
Ency32487239723948!
fsdjlfkj2394892348n932489238239847
234u23948uefkjdfhksdjfh32hr87hr87hr
32894u32984uwekfjwekfhkjfhwkejf3287498327498987987987@@£@!£!@£!@£!@£
23jkne213871236871263871263
dsfnsdfjbmsdfb!@£!@£!
sdfjhskjdfh213123123@£@£
dsfjjk
dsfjkhksjdfh

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,392
Location:
Prague, Czechia

Re: Encrypt the script file

Buffavento wrote:

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.
That's technically impossible. How can you encrypt something in a way that only WinSCP can decrypt it?

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

Reply with quote

Advertisement

Buffavento
Guest

Re: Encrypt the script file

martin wrote:

Buffavento wrote:

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.
That's technically impossible. How can you encrypt something in a way that only WinSCP can decrypt it?

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

I mean, WinCSP can encrypt the normal text script file then it can read their own encrypted file.

Ex: I can write normal script file.
WinSCP can ask me "do you want to encrypt this text file?"
if I say Yes, WinSCP can create encrypted file that can used as script file as well.
It means that I can use encrypted or plain text file as a script.

Look at the other product examples.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,392
Location:
Prague, Czechia

Re: Encrypt the script file

Buffavento wrote:

I mean, WinCSP can encrypt the normal text script file then it can read their own encrypted file.

Ex: I can write normal script file.
WinSCP can ask me "do you want to encrypt this text file?"
if I say Yes, WinSCP can create encrypted file that can used as script file as well.
It means that I can use encrypted or plain text file as a script.
How? To encrypt something you need a password. Where would WinSCP take the password from?

Look at the other product examples.
What other product?

Reply with quote

Buffavento
Guest

Re: Encrypt the script file

martin wrote:

How? To encrypt something you need a password. Where would WinSCP take the password from?

Think that WinSCP can read txt files and encrypted files that encrypted with WinSCP.
Let me explain via example I've mentioned earlier.

Ex: normal-script.txt
open ftp://adminuser:xyzpassword@10.10.10.10
lcd "C:\temp"
cd /buffavento
put *
close
exit

normal-script.txt file can read WinSCP also if your developers add one feature to WinSCP that WinSCP can convert this text file to encrypted text file like below
encrypted-file.txt
Ency32487239723948!
32894u32984uwekfjwekfhkjfhwkejf3287498327498987987987@@£@!£!@£!@£!@£
23jkne213871236871263871263
dsfnsdfjbmsdfb!@£!@£!
sdfjhskjdfh213123123@£@£
dsfjjk
dsfjkhksjdfh


As you know we can use WinSCP in command line like
WinSCP.exe" /console /script=normal-script.txt

if WinSCP encrypted the text script file like above then we can copy the encrypted file to untrusted environment and we can run the WinSCP like
WinSCP.exe" /console /script=encrypted-file.txt

The logic is so simple actually.

What other product?
I dont know the full name but it should be called Pyro

Reply with quote

martin
Site Admin
martin avatar

Re: Encrypt the script file

You didn't answer my question, so once again: To encrypt something you need a password. Where would WinSCP take the password from?

Reply with quote

Advertisement

Buffavento
Guest

Re: Encrypt the script file

martin wrote:

You didn't answer my question, so once again: To encrypt something you need a password. Where would WinSCP take the password from?

Hi Martin,

I think you did not understand the topic. There is no password for encryption. We are talking about built in function for WinSCP.exe. Basically WinSCP encrypt a text file using with its own algorithm that only decrypt with WinSCP as well for converting encrypted file to text file line by line while processing.

Thats it. Thanks.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,392
Location:
Prague, Czechia

Re: Encrypt the script file

Buffavento wrote:

We are talking about built in function for WinSCP.exe. Basically WinSCP encrypt a text file using with its own algorithm that only decrypt with WinSCP as well for converting encrypted file to text file line by line while processing.
I understand the topic very well. What would prevent an attacker from using the same algorithm as WinSCP to decrypt the password? An encryption without a password (or any other form of a secret key) is not an encryption. It's just an obfuscation.
See also https://en.wikipedia.org/wiki/Security_through_obscurity

Reply with quote

Advertisement

You can post new topics in this forum