Support

Support Options

Submit a Support Ticket

 
You are here: Home » Collaborate » Wiki » NEES Encryption

NEES Encryption

Contents

We recently enabled the capability to encrypt session key (userid/password) for web services. We also enabled encryption for the ftp password. At some point in the future encryption will be mandatory. However, we must first create and distribute a Windows tool to encrypt strings.

The following two scripts demonstrate the use of encryption.

Actual Linux script to encode a password

The first is the actual Linux script to encode a password.

This script is available in the hub at /apps/bin/neescrypt

Create a web services call or an ftp URL

The second demonstates how the first script to create a web services call or an ftp URL.

#!/bin/bash
#
# neescrypt:  Encrypt a string taken from the command line arguments.
#             and write encoded string to standard output. 
#             Put this script in your PATH. 
#             This is available for hub tools at /apps/bin/neescrypt
#             This script requires openssl and uuencode
#
# Example:
#       neescrypt password
#
TMPKEY=/tmp/neescrypt.pub$$
cat >$TMPKEY <<"EOF"
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANF/2+WgWArVDvfM3CorR8tmn/8Zq91V
yVHnyruB88VaRVOiWf840ddm5up+7tlOQ9fdPycS9btLflLi0YhnMDMCAwEAAQ==
-----END PUBLIC KEY-----
EOF
#
#  In addition to openssl RSA encryption using the above key,
#  there are four transforms required for NEES encryption.
#  1.  uuencode to convert encrypted string to base64
#  2.  Remove uuencode header and trailer lines
#  3.  Insert %%% at beginning.
#  4.  Translate all + and / characters to _ and -
#
# This next line does all the above transforms to the command line arguments of neescrypt then writes encoded value to stdout
echo $@ | /usr/bin/openssl rsautl -encrypt  -inkey $TMPKEY -pubin |  uuencode -m /dev/stdout | grep -v "^begin-base64|^===="  | sed '1i%%%' | tr -d 'n'  | tr +/ _-
rm $TMPKEY

Example script for calling neescrypt

This is an example script for calling neescrypt

#!/bin/bash
#
# demo_neescrypt:  show how to use neescrypt to call web services or ftp
#

 
# change these and also change the target data below to something you have access to
userid="grodgers"
passwd="mypassw0rd'
 
#  For web services we need to encrypt the userid and password as one string seperated by /
encval=`neescrypt $userid/$passwd`
echo "this demonstrates how to use neescrypt with web services "
echo wget -q -O proj863.xml https://neesws.neeshub.org:9443/REST/Project/863?GAsession=$encval
wget -q -O proj863.xml https://neesws.neeshub.org:9443/REST/Project/863?GAsession=$encval
 
#  For the ftp server you only encrypt the password
enckeypw=`neescrypt $passwd`
echo "this demonstrates how to use neescrypt with ftp"
echo wget -q -O References.doc "ftp://$userid:$enckeypw@neesws.neeshub.org/home/NEES-2010-0863.groups/Documentation/References.doc"
wget -q -O References.doc "ftp://$userid:$enckeypw@neesws.neeshub.org/home/NEES-2010-0863.groups/Documentation/References.doc"

Example of a python cgi-script as a nees encryption ‘service’

Here’s a simple example of a python cgi-script as a nees encryption ‘service’.

#!/usr/bin/python
"""
A cgi script to call neesencrypt

usage: https://host/cgi-bin/neesencrypt.py?u=[username]&p=[password] 

"""
import sys, os
from subprocess import Popen, PIPE
import cgi
form = cgi.FieldStorage()

print "Content-Type: text/htmlnn"

if "u" not in form or "p" not in form:
    print "ERROR: missing u and/or p arguments"
    sys.exit()
    
p = Popen("%s %s/%s" % ( "/private/bin/neesencrypt", 
                         form["u"].value, 
                         form["p"].value ), shell=True, stdout=PIPE)
sts = os.waitpid(p.pid, 0)[1]
print p.stdout.read()

Created on , Last modified on