At first, thanks for the great and free 'packer' - thanks again!
Okey, the case.
We are using 7z in our company under about 800 linux hosts. We have a tiny integrity testing software and patterns from it are saved in secured 7z files (we are using this for Windows OSes too - thats why we used 7z - same soft, same switches for both OSes etc.)
The problem is with password. When I use -p <plain_pass_here>, linux audit, logs command execution with plain password - and this wrong, very wrong.
Is this possible to load passfrom from simple file? fe. -p /foo/bar/file or whatever
Or any other, simple way to use the password but do not pass it as input argument?
Will it be much work for you Igor to create some patch or add this functionality somehow?
I can compile it from sources, np for me.
Thanks
Rafael
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
$ :: set-up test environment.
$ :: make a test file to archive.
$ >file echo;this is a test file
$ :: and a file to contain a password.
$ >password_file echo;PASSWORD
$ ::redirect password_file on command line
$ 7z a archive file -p<password_file
7-Zip 9.20 Copyright (c)1999-2010 Igor Pavlov 2010-11-18
Scanning
Creating archive archive.7z
Enter password (will not be echoed):
Compressing file
Everything is Ok
$ :: list archive with password entered on command line
$ 7z l -slt archive.7z -pPASSWORD
7-Zip 9.20 Copyright (c)1999-2010 Igor Pavlov 2010-11-18
Listing archive: archive.7z
--
Path= archive.7z
Type= 7z
Method= LZMA 7zAES
Solid= -
Blocks=1
Physical Size=155
Headers Size=123
----------
Path= file
Size=21
Packed Size=32Modified=2015-12-10 15:00:00
Attributes= ....A
CRC= F3E2EAE7
Encrypted= +
Method= LZMA:16 7zAES:19
Block=0
$
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, 7z supports '-p' switch which you can use to pass the password. So under Unixes, you can retrieve the content of a file into a shell variable, and use that variable in 7-Zip command line.
This should work in a shell script, assuming that the file 'password.txt' contains the password in one line of text:
Hello,
At first, thanks for the great and free 'packer' - thanks again!
Okey, the case.
We are using 7z in our company under about 800 linux hosts. We have a tiny integrity testing software and patterns from it are saved in secured 7z files (we are using this for Windows OSes too - thats why we used 7z - same soft, same switches for both OSes etc.)
The problem is with password. When I use -p <plain_pass_here>, linux audit, logs command execution with plain password - and this wrong, very wrong.
Is this possible to load passfrom from simple file? fe. -p /foo/bar/file or whatever
Or any other, simple way to use the password but do not pass it as input argument?
Will it be much work for you Igor to create some patch or add this functionality somehow?
I can compile it from sources, np for me.
Thanks
Rafael
here is windows example,
you translate to unix...
Hello,
Oh, redirection. Okey.
I will give a try.
Thank you.
./7z a dupa.7z 7z.so -p</home/7z/bin/pass
7-Zip [32] 15.09 beta : Copyright (c) 1999-2015 Igor Pavlov : 2015-10-16
p7zip Version 15.09 beta (locale=pl_PL.utf8,Utf16=on,HugeFiles=on,32 bits,4 CPUs x86)
Scanning the drive:
1 file, 2135524 bytes (2086 KiB)
Creating archive: dupa.7z
Items to compress: 1
Enter password (will not be echoed):
Soo, does not work.
Igor - any patch for reading password from a file?
Well, 7z supports '-p' switch which you can use to pass the password. So under Unixes, you can retrieve the content of a file into a shell variable, and use that variable in 7-Zip command line.
This should work in a shell script, assuming that the file 'password.txt' contains the password in one line of text:
PASSWORD=$(cat password.txt)
7z <other_parameters> -p$PASSWORD
PASSWORD is "visible" only in that shell script, it won't be compromised outside of it.
I know, but is not the solution.
We have strict security guidelines and anyway... SYS CALL in audit log will be stored with assigned values.
Soo, we switched to tar/gzip and openssl and its -kfile parameter.
Thanks!