Project Warehouse, PEN, and Web Services will be unavailable from 7-8 AM EST, Thursday January 29th, 2015. We apologize for any inconvenience that may occur.


Support Options

Submit a Support Ticket

You are here: Home » WIKI » NEES Encryption

NEES Encryption


We recently enabled the capability to encrypt session key (userid/password) for web services. We also enabled encryption for the ftp password. At some point in the future encryption will be mandatory. However, we must first create and distribute a Windows tool to encrypt strings.

The following two scripts demonstrate the use of encryption.

Actual Linux script to encode a password

The first is the actual Linux script to encode a password.

This script is available in the hub at /apps/bin/neescrypt

Create a web services call or an ftp URL

The second demonstates how the first script to create a web services call or an ftp URL.

# neescrypt:  Encrypt a string taken from the command line arguments.
#             and write encoded string to standard output. 
#             Put this script in your PATH. 
#             This is available for hub tools at /apps/bin/neescrypt
#             This script requires openssl and uuencode
# Example:
#       neescrypt password
cat >$TMPKEY <<"EOF"
-----END PUBLIC KEY-----
#  In addition to openssl RSA encryption using the above key,
#  there are four transforms required for NEES encryption.
#  1.  uuencode to convert encrypted string to base64
#  2.  Remove uuencode header and trailer lines
#  3.  Insert %%% at beginning.
#  4.  Translate all + and / characters to _ and -
# This next line does all the above transforms to the command line arguments of neescrypt then writes encoded value to stdout
echo $@ | /usr/bin/openssl rsautl -encrypt  -inkey $TMPKEY -pubin |  uuencode -m /dev/stdout | grep -v "^begin-base64|^===="  | sed '1i%%%' | tr -d 'n'  | tr +/ _-

Example script for calling neescrypt

This is an example script for calling neescrypt

# demo_neescrypt:  show how to use neescrypt to call web services or ftp

# change these and also change the target data below to something you have access to
#  For web services we need to encrypt the userid and password as one string seperated by /
encval=`neescrypt $userid/$passwd`
echo "this demonstrates how to use neescrypt with web services "
echo wget -q -O proj863.xml$encval
wget -q -O proj863.xml$encval
#  For the ftp server you only encrypt the password
enckeypw=`neescrypt $passwd`
echo "this demonstrates how to use neescrypt with ftp"
echo wget -q -O References.doc "ftp://$userid:$"
wget -q -O References.doc "ftp://$userid:$"

Example of a python cgi-script as a nees encryption ‘service’

Here’s a simple example of a python cgi-script as a nees encryption ‘service’.

A cgi script to call neesencrypt

usage: https://host/cgi-bin/[username]&p=[password] 

import sys, os
from subprocess import Popen, PIPE
import cgi
form = cgi.FieldStorage()

print "Content-Type: text/htmlnn"

if "u" not in form or "p" not in form:
    print "ERROR: missing u and/or p arguments"
p = Popen("%s %s/%s" % ( "/private/bin/neesencrypt", 
                         form["p"].value ), shell=True, stdout=PIPE)
sts = os.waitpid(, 0)[1]

Created on , Last modified on