Encrypt password in script file.

Hello,

I will like make automation with winscp scripting but i'dont like show password in the script.

What is the best way to encrypt password directly in the scrypt...?

open scp://mart:PASSWORD ENCRYPTED@server -hostkey="ssh-rsa 2048 ..."

Regard,

mart

Teh best way is to encrypt the script using Windows file-level encryption.

Is it possible to hide the script within, and access it directly from, an SSIS package?

Thanks,
David

You can specify the commands directly on command-line using /command parameter instead of using separate script file.
https://winscp.net/eng/docs/commandline#scripting

That was just what I was looking for. Thanks Martin!

Does your software have encryption included?

scrablevision2 wrote:

Does your software have encryption included?

Can you explain us, what you mean specifically?

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

ScriptFile.scp:

We want like this type of script file solution (if some one access it noting to steal in file)
EncryptedScriptFile.escp:

Buffavento wrote:

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

That's technically impossible. How can you encrypt something in a way that only WinSCP can decrypt it?

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

martin wrote:

Buffavento wrote:

is there any chance to encrypt script file (I don't want to share password of FTP server to t others)? If someone access the script file they can see all details about remote server so we don't want it. WINSCP should process self encrypted script file.

That's technically impossible. How can you encrypt something in a way that only WinSCP can decrypt it?

See https://winscp.net/eng/docs/guide_protecting_credentials_for_automation

I mean, WinCSP can encrypt the normal text script file then it can read their own encrypted file.

Ex: I can write normal script file.
WinSCP can ask me "do you want to encrypt this text file?"
if I say Yes, WinSCP can create encrypted file that can used as script file as well.
It means that I can use encrypted or plain text file as a script.

Look at the other product examples.

Buffavento wrote:

I mean, WinCSP can encrypt the normal text script file then it can read their own encrypted file.

Ex: I can write normal script file.
WinSCP can ask me "do you want to encrypt this text file?"
if I say Yes, WinSCP can create encrypted file that can used as script file as well.
It means that I can use encrypted or plain text file as a script.

How? To encrypt something you need a password. Where would WinSCP take the password from?

Look at the other product examples.

What other product?

martin wrote:

How? To encrypt something you need a password. Where would WinSCP take the password from?

Think that WinSCP can read txt files and encrypted files that encrypted with WinSCP.
Let me explain via example I've mentioned earlier.

Ex: normal-script.txt
open ftp://adminuser:xyzpassword@10.10.10.10
lcd "C:\temp"
cd /buffavento
put *
close
exit

normal-script.txt file can read WinSCP also if your developers add one feature to WinSCP that WinSCP can convert this text file to encrypted text file like below
encrypted-file.txt
Ency32487239723948!
32894u32984uwekfjwekfhkjfhwkejf3287498327498987987987@@£@!£!@£!@£!@£
23jkne213871236871263871263
dsfnsdfjbmsdfb!@£!@£!
sdfjhskjdfh213123123@£@£
dsfjjk
dsfjkhksjdfh


As you know we can use WinSCP in command line like
WinSCP.exe" /console /script=normal-script.txt

if WinSCP encrypted the text script file like above then we can copy the encrypted file to untrusted environment and we can run the WinSCP like
WinSCP.exe" /console /script=encrypted-file.txt

The logic is so simple actually.

What other product?

I dont know the full name but it should be called Pyro

You didn't answer my question, so once again: To encrypt something you need a password. Where would WinSCP take the password from?

martin wrote:

You didn't answer my question, so once again: To encrypt something you need a password. Where would WinSCP take the password from?

Hi Martin,

I think you did not understand the topic. There is no password for encryption. We are talking about built in function for WinSCP.exe. Basically WinSCP encrypt a text file using with its own algorithm that only decrypt with WinSCP as well for converting encrypted file to text file line by line while processing.

Thats it. Thanks.

Buffavento wrote:

We are talking about built in function for WinSCP.exe. Basically WinSCP encrypt a text file using with its own algorithm that only decrypt with WinSCP as well for converting encrypted file to text file line by line while processing.

I understand the topic very well. What would prevent an attacker from using the same algorithm as WinSCP to decrypt the password? An encryption without a password (or any other form of a secret key) is not an encryption. It's just an obfuscation.
See also https://en.wikipedia.org/wiki/Security_through_obscurity