我有 2 个 Bash 脚本。第一个脚本以 2 个字符串作为参数,创建一个环境变量,其名称为第一个字符串,并将其值设置为使用 openssl (v3.4.2) 加密的第二个字符串的值。第二个脚本以 1 个字符串作为参数,并输出环境变量的解密值,该变量的名称是作为参数传递的字符串的值。
设置脚本
#!/bin/bash
if [ $# -ne 2 ]; then
echo "Usage: $0 <variable_name> <string_to_encrypt>"
exit 1
fi
VAR_NAME=$1
STRING_TO_ENCRYPT=$2
# Generate a random salt and passphrase
SALT=$(openssl rand -hex 8)
PASSPHRASE=$(openssl rand -hex 12)
# Encrypt the string
ENCRYPTED=$(echo -n "$STRING_TO_ENCRYPT" | openssl enc -aes-256-cbc -a -salt -pbkdf2 -pass pass:"$PASSPHRASE" -S "$SALT")
# Combine salt, passphrase, and encrypted string
RESULT="${SALT}:${PASSPHRASE}:${ENCRYPTED}"
# Set the environment variable
export "$VAR_NAME=$RESULT"
echo "Environment variable $VAR_NAME has been set with the encrypted value."
示例用法
source ./setit.sh MY_VAR secret_value
获取它
#!/bin/bash
if [ $# -ne 1 ]; then
echo "Usage: $0 <variable_name>"
exit 1
fi
VAR_NAME=$1
# Check if the environment variable exists
if [ -z "${!VAR_NAME}" ]; then
echo "Error: Environment variable $VAR_NAME does not exist."
exit 1
fi
# Get the value of the environment variable
ENCRYPTED_VALUE="${!VAR_NAME}\n"
echo "$VAR_NAME = $ENCRYPTED_VALUE"
# Extract salt, passphrase, and encrypted string
IFS=':' read -r SALT PASSPHRASE ENCRYPTED <<< "$ENCRYPTED_VALUE"
# Decrypt the string
DECRYPTED=$(echo -n "$ENCRYPTED" | openssl enc -aes-256-cbc -d -a -pbkdf2 -pass pass:"$PASSPHRASE" -S "$SALT")
# Check if decryption was successful
if [ $? -eq 0 ]; then
echo "Decrypted value of $VAR_NAME:"
echo "$DECRYPTED"
else
echo "Error: Decryption failed. The encrypted value may be corrupted or tampered with."
exit 1
fi
示例用法
./getit.sh MY_VAR
第一个脚本似乎按预期工作,但是当我运行第二个脚本来解密该值时,出现以下错误:
解密失败 0031185FF87F0000:错误:1C80006B:Provider 例程:ossl_cipher_generic_block_final:最终块长度错误:providers/implementations/ciphers/ciphercommon.c:444: 错误:解密失败。加密值可能已损坏或被篡改。
该wrong final blocklength部分告诉我这可能是填充问题,但我不完全确定。