Sorry, when I first asked the question I should given you some context. This is obviously more involved and beyond my level of expertise than I imagined it would be, and I didn't realize that I would need to be more specific...
First, I recall saying:
...I don't need public keys, just one key for the one user doing the encrypting and decrypting.
I never mentioned using paired keys or a remote server. I continued:
I just need one private key and it does not thus far need to be accessed by a remote host or sent to a remote server, and would just like to store it in the local machine.
So there are no servers and no reason for a paired key in my case. I want one key for one desktop (local) machine-- just assume it's a non-networked virtual machine. ( Am I correctly understanding the terminology: 'remote server'? I'm not sure what you meant, and I never really understood the use for paired keys unless there are multiple users; unless you are referring to the machine itself as a user. Again, this stuff is a bit out of my league. ) Basically, I would like the same or similar functionality as an openssl encryption operation using one key. For example:
Code: Select all
openssl aes-256-cbc -e -a -salt -in file -out file -k pass
If we generate a hash value and store it in a file for retrieval later with ssh, openssl, or whatever command, that's great; so far so good. When you said:
Never, ever, EVER store a password in a script.
I took this to mean that it is unsafe to store a password ( collected from the user via script ) as a bash variable, which I promise I am never going to do.
You said:
passwords in script files are not Secure...Either utilize the ssh key file mechanism, or leave the password out of the script and have the script prompt the user for the password. Or use an expect script.
To that I say: I would like to have the script prompt the user for the password-- but store it, as I said:
outside the script
.
So can this be done with a bash script or not? You suggested using expect, which installs Tcl, but if I'm going to learn a new language, I'd prefer to jump onboard with an open-source one like Falcon. ( I prefer to avoid using corporate-controlled software / programming languages when possible. )
Again, I apologize for not contextualizing my question earlier, so here is the big picture: I want to build a custom program that can:
1) run for the duration of the session
2) function as a "server" to outside applications and automate script-like operations
3) prompt the user for a password one time for the duration of the session
4) securely store the password ( one key on one local machine ) either in memory or the hard drive
5) automatically plug-in the collected password into any number of program operations
6) forget or delete the password when the program ends or is closed
From the research I did, it looks like Falcon programming language is designed to do just these things. I hope I am making better sense now. If so, I'd appreciate any further feedback you may have; this is completely new territory for me and I can use any and all advice and correction in case I am misunderstanding anything. If this can be done with a bash script, I'd prefer to just stick with that, of course, since it's simpler and familiar.