Tuesday, October 15, 2013

Simple encryption/description

I started using openssl and my public/private keypair to do some basic
password encryption deciption for use with expect to test production
servers. I found myself first using expect and hard coding my password and then
when I shared the script with someone I start freaking out wondering if
I shared my password by accident. This solves things.

Encrypt your password using your public key and put it as a binary file
somewhere safe like ~/.ssh/.encpass - you have access to decrypt it and
you probably have your public/private key pairs there, but you are not
likely to send that off when you share your cool bash/expect script.
In your bash script, you can simply run the decrypt function:

pass=$(openssl rsautl -decrypt -inkey ~/.ssh/id_rsa.pem -in ~/.ssh/.encpass)

Now pass has whatever you encrypted and you can use it in your script.
Here's what you do to pull this off. First, create a pem file of your
public private key pair and then encrypt your password. Steps:

> cd ~/.ssh
> openssl rsa -in id_rsa -outform pem > id_rsa.pem
> openssl rsa -in id_rsa -pubout -outform pem > id_rsa.pub.pem
> echo "my safe password" > .secret
> openssl rsautl -encrypt -inkey id_rsa.pub.pem -pubin -in .secret -out .encpass
> rm -f .secret

That's it. No need to keep the raw password around, just the encrypted
value. There's other variants you could do, you could create the .encpass
when you need and delete it after, whatever your comfortable with.

Tuesday, May 28, 2013

Unmarshaling JSON using Go

I had a Doh! moment today writing some code to Unmarshal JSON string into a Go object. I swore up and down I had the code right, but my Object just didn't get populated. I was searching around and was about to break down and post to ask for help when it finally clicked.

I used lower case names for the fields in my structure, effectively rendering them private! So, once I went through and made the fields all start with a Capital, making them public, I was able to populate the structure.

For example:

type Some struct {
  name string `json:"Name of item"`
  age int `json:"age"`
}

Is a valid structure, but you won't populate using

some := Some{}
data, err = json.UnMarshal(jsonBytes, &some)

If you check some.name - it will be empty because it's lower case. The correct struct is:

type Some struct {
  Name string `json:"Name of item"`
  Age int `json:"age"`
}

Tuesday, February 19, 2013

Encrypting/decrypting files with openssl

If you want to encrypt and decrypt files using openssl command line tools, here is what you need to do.

First, you need to use your private key to generate a public key.

openssl rsa -in ~/.ssh/id_rsa -pubout ~/.ssh/id_rsa.public

That is not to be confused with SSH public. Once you have that you can encrypt a file using your public key:

> echo "example">~/.ssh/passwd
> openssl rsautl -encrypt -inkey ~/.ssh/id_rsa.public -pubin -in ~/.ssh/passwd -out ~/.ssh/.passwdenc
> openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in ~/.ssh/.passwdenc 
example


I find this useful when sharing scripts that require password and you don't want to store your password un-encrypted and you also don't want to have to remember to remove the password (if you did type in your password) before sharing it. I sometimes find it useful to create expect scripts to check multiple servers that do not support public/private key pair encryption and I don't want to put my clear text password in the script.