How can i encrypt bash script source code?

Question

I want to execute my bash scripts normally but no body see my source codes. How can i encrypt my bash script?

thanks a lot.

You cannot let a client execute code without letting the client see the code. — SLaks, Jul 19 '13 at 15:58
Related to this answer: http://stackoverflow.com/a/9701297/2531279 — Frodon, Jul 19 '13 at 16:00
possible duplicate of [How to obfuscate a shell script?](http://stackoverflow.com/questions/9700893/how-to-obfuscate-a-shell-script) — glenn jackman, Jul 19 '13 at 17:06

score 3 · Answer 1 · edited May 23 '17 at 12:32

3

Bash is a pure interpreted language so the interpreter (bash) can only run it if it is clear text.

You can try to obfuscate the code: How to minify/obfuscate a bash script

On the other hand, you can restrict which users access to that code using system privileges.

edited May 23 '17 at 12:32

Community

1
1

answered Jul 19 '13 at 16:03

Pablo Francisco Pérez Hidalgo

27,044
8
36
62

score 2 · Answer 2 · answered Jan 26 '18 at 19:20

Sorry to wake up a "dead horse", just wanted to share what I have done using gpg. As mentioned earlier bash can only run it (the script) if it is in clear text.

encrypt the shell script with gpg:

gpg -c <your_bash_script.sh>

This will ask you for a passphrase and confirm it.

This will create an encrypted file with a .gpg extension. the default encryption is CAST5 if you want a more strict cipher add --cipher-algo "cipher_name" (check the man pages for details)

<your_bash_script.sh.gpg>

decrypt your shell script with gpg:

gpg -d <your_bash_script.sh.gpg>

This will prompt you for the passphrase assigned to the file and display its contents in the on the screen.

if you put it all together, you have:

gpg -d <your_bash_script.sh.gpg> | bash

You can even use gpg keys

Every time you edit your script, you edit the un-encrypted version of the script or pipe the output of the decryption to a file and re-encrypt it when done.

score 1 · Answer 3 · answered Jul 19 '13 at 15:59

You could use shc. Here is an example. Not really sure if this is a great place to ask this question though. Doesn't seem super programming-related. Super User might be a better place for it. :)

http://www.thegeekstuff.com/2012/05/encrypt-bash-shell-script/

score 0 · Answer 4 · answered Aug 12 '13 at 08:51

Other answers and comments have already said that encryption isn't feasible so I won't go into that. I don't think that path even addresses the problem you are trying to solve.

You haven't given a practical example of what you are trying to achieve, so the suggestions below may not be sufficient.

With almost any problem it's best to start of with the simplest approach first and add complexity as needed. First of all, you may not need to do anything at all! When you execute a shell script, the process list will only show the name of the shell executing the script (bash) and the name of the script. No-one will be able to see the contents of the script this way.

If that doesn't meet your needs then the next step would be to use standard file permissions to ensure that no-one can look at the contents of the file. ie. Remove read/write/execute permissions for group and other

chmod go-rwx <name of script>

If neither of these are enough, you will have to provide more details about what you are trying to do and what your concerns are.

score 0 · Answer 5 · answered Apr 17 '17 at 02:12

0

I recommend you try submitting your script to this site if you wish to protect it from public view.

While many will disagree with the idea of hiding the source code of a script written in an interpreted language, i understand why there's a desire for this work.

As someone who has had his work stolen many times, I just dont care if "obfuscation" or "encryption" is a taboo. As long as my script is protected and it works as it did before encryption, I'm happy. Never again will I allow someone else to take credit for my work. And no, writing my script in a compiled language is not an option. I do not know how to.

Anyway, if you do not want to use the site mentioned above, try the latest version of shc. I believe they've updated it in github to address the many security concerns others have mentioned. Type the following into google "shc github" and you'll see a host of available options you can try out.

answered Apr 17 '17 at 02:12

RoyMWell

199
1
9

The comments saying encryption won't work aren't saying that because they think it's a bad policy to adopt; they're saying it because they think it has non-obvious but ultimately unavoidable practical flaws. – Nathan Tuggy Apr 17 '17 at 02:35
actually, most of the comments or responses you'll come across on the topic of hiding source code, are exactly that. personally, i feel its totally unacceptable to tell someone who doesnt know an advanced language that they must rewrite their shell script in that language if they wish to conceal its source code. my work has been stolen in the past and it was a very painful experience. one, that is very had to forget. for that reason alone, any method that prevents theft, or at least dissuades it, is a welcome solution. with the careful use of various tools, script protection is possible. – RoyMWell Apr 17 '17 at 16:25
It can't be "totally unacceptable" to tell someone that something they think works actually has fatal flaws. Either it really does, or it doesn't. If it does, trusting it is a mistake. Exactly what one should do other than that is another story, but it's not sensible to start with a need to get something done in a particular way and tell all those who claim that for technical reasons it's impossible that such claims are "totally unacceptable". The world does not bend to an individual's need to use their current languages. – Nathan Tuggy Apr 17 '17 at 16:32
i understand your stance. but the answer should not be "it cant be done". the answers should be on "how" to get it done. ignoring a "need" no matter how "unreasonable" you think it is, is simply not the the way to go. so to reiterate, if anyone out there wishes to encrypt or obfuscate their code, i will not dissuade them. their reasons are their reasons. shc or enscryption are good way to go. anyone who chooses not to run a script encrypted by either of these is not mandated to. when it comes to programming, or anything technical for that matter, i dont believe anything is impossible. – RoyMWell Apr 17 '17 at 18:07
Many things in programming have been rigorously proven to be flat-out impossible (or impossible given certain constraints). Many other things are close to that. A proof of impossibility is not a bad answer; in fact it's a good answer, provided it's *correct*, reasonably complete, and not uselessly terse or unintelligible. I *strongly suspect*, but do not know for sure, that in fact anything more than obfuscation for client-side programs is impossible in principle, and still more so for interpreted languages, which have fewer tricks to play. – Nathan Tuggy Apr 17 '17 at 22:17

score 0 · Answer 6 · answered Aug 26 '23 at 10:30

Use shc - a tool from EPEL that builds a C binary ELF executable for your bash code. The only caveat is that you cannot source other bash scripts into it that are also built with SHC because the shell envrionment in side the running C binary is its own instance of bash.

Works very well - bit slower on the start up at the embedded code is read and fed to bash.

NOTE: the original code will be visible while running in a process list.

IF you want that completely solved you need the commercial product from www.atshai.com

How can i encrypt bash script source code?

6 Answers6

Linked