1

I would like to read a password from stdin, suppress its output and encode it with base64, like so:

read -s|openssl base64 -e

What is the right command for that?

Christian
  • 13
  • Update: the read -e flag outputs its results, but the output is not being suppressed with -s anymore. – Christian Dec 09 '19 at 13:38
  • Not "seeing" the cleartext password actually won't matter a lot - you'll still see the base64 form (which is encoded, not encrypted). Or does it? – Panki Dec 09 '19 at 15:07

1 Answers1

0

The read command sets bash variables, it doesn't output to stdout.

e.g. put stdout into nothing1 file and stderr into nothing2 file and you will see nothing in these files (with or without -s arg)

read 1>nothing1 2>nothing2 
# you will see nothing in these files (with or without -s arg)
# you will see the REPLY var has been set
echo REPLY=$REPLY

So you probably want to do something like:

read -s pass && echo $pass |openssl base64 -e
# Read user input into $pass bash variable.
# If read command is successful then echo the $pass var and pass to openssl command.

from man bash SHELL BUILTIN COMMANDS read command:

read [-ers] [-a aname] [-d delim] [-i text] [-n nchars] [-N nchars] [-p prompt] [-t timeout] [-u fd] [name ...]
          One  line  is read from the standard input, or from the file descriptor fd supplied as an argument to the -u option, and the first word is
          assigned to the first name, the second word to the second name, and so on, with leftover words and their intervening  separators  assigned
          to  the  last  name.  

    -s     Silent mode.  If input is coming from a terminal, characters are not echoed.

    If  no  names  are supplied, the line read is assigned to the variable REPLY.
gaoithe
  • 289
  • 1
    With echo $pass |openssl base64 -e the cleartext password might be visible using ps while openssl is running. – Bodo Dec 09 '19 at 14:17
  • 1
    echo is a bash built in so I don't think it would become visible with ps. I tried just now to catch it in ps output and . . it's not easy . . I have not managed to catch it yet . . https://unix.stackexchange.com/questions/29111/safe-way-to-pass-password-for-1-programs-in-bash other suggestions are to use printf or here string but I'm not sure if that is really necessary. – gaoithe Dec 09 '19 at 17:35
  • Is it possible to pass the password to base64 without using environment variables? I know that they are deleted after closing the terminal session, but I'm looking for the most elegant solution. – Christian Dec 10 '19 at 10:34