How to make an automated password file for perl script

**numberwhun** · Aug 4 '09, 01:34 PM

Originally posted by newperluser

Hi All,
Im new to perl programming and currently using a automation code written in perl by someone else.
My script uses an openssl client to perform some handshake operation using the client certificate, for the handshake to be successful it prompts for a passphrase. So I thought of keeping the passphrase in a file and at run time my ssl client should pick from the file. But I'm nt sure hw to go abt with it any suggestions guys??
Thanks.

Its not really recommended to keep such things in a file because its a password (phrase... semantics). But, in the interest of automation, I can see the need. So, what I would do is put it into a configuration file with the following structure (just my suggestion):

Code:

name     value

You can have as many name/value pairs as you like. Then, you just read in the configuration file as such:

Code:

use strict;
use warnings;

# Open the config file into a file handle
open(CFGFILE, "<test1.cfg");

# Initialize the variables you will be using in the code
my $key;
my $value;
my %config;

# Read each line in the config file, then split each line on the
# spaces and into the two variables $key and $value. Then, take
# each and use it to create the entries in the hash
while(<CFGFILE>)
{
    ($key, $value) = split(/\s+/, $_);
    $config{ $key } = $value;
}

Now, you have a hash that contains key value pairs. Say you used a config file like the following:

Code:

sslPass     mypass

Then you would simply reference your key in the code, where you need it, like so:

Code:

$config{sslPass}

That will input the value of mypass where needed. I hope this helps you. My only other suggestion is to make sure that that configuration file is ONLY readable by the user executing the script, that way nobody else can just open it and read it without root.

If you are on windows, then the security is definitely an issue.

Regards,

Jeff

**newperluser** · Aug 4 '09, 04:03 PM

Hi Jeff,

Thanks for your reply,

But even after trying out your code My code is not picking the passphrase from the file It stil prompts me for the passphrase

Code:

open(CFGFILE, "<../phrase.cfg");
while (<CFGFILE>)
{
  ($key,$value)=split(/\s+/,$_);
   $config{$key}=$value;
}
#My client code , following which it will prompt for passphrase
system("../client -cert ../pfx.pem  -host $ip_address -port $port -verbose -batch 1 >./tls/$ip_address/clientcerttest.log 2>&1");

$config{sslPass};
#close(CFGFILE) or die "Could not close file";

Can u pls point out whr im going wrong?

**numberwhun** · Aug 4 '09, 07:08 PM

Originally posted by newperluser

Hi Jeff,

Thanks for your reply,

But even after trying out your code My code is not picking the passphrase from the file It stil prompts me for the passphrase

Code:

open(CFGFILE, "<../phrase.cfg");
while (<CFGFILE>)
{
  ($key,$value)=split(/\s+/,$_);
   $config{$key}=$value;
}
#My client code , following which it will prompt for passphrase
system("../client -cert ../pfx.pem  -host $ip_address -port $port -verbose -batch 1 >./tls/$ip_address/clientcerttest.log 2>&1");

$config{sslPass};
#close(CFGFILE) or die "Could not close file";

Can u pls point out whr im going wrong?

Well, the first thing you need to do is to please learn to use the code tags that are required to surround code you post in the forums. You can read about it here.

Unfortunately, seeing as how I didn't have any code before, I can now see what is going on and what I gave you isn't going to work. The reason: you are running a system command that is going to prompt for information. One of the few ways to plan for that event is to use something like expect. There is an Expect module in Perl, but it is quite complicated and not very easy to understand, especially if you don't know what expect is.

I guess my only question would be, is does the client you are using have an option that can be added to provide the passphrase at execution? If so, you can add it and put in the variable sequence as the pass phrase and it would be interpolated into its value. That would be the only option I see, but I don't know how the client is coded and what it is using.

If the client is written wholly in Perl, then this might be an opportunity for you to extend it to accept a pass phrase, but again, I don't know what the code is using to do all of this.

Regards,

Jeff

**KevinADC** · Aug 4 '09, 10:26 PM

And if you are on Windows it can only work if you install cygwin as well and run in the cygwin environment. See the Expect modules documentation.

**newperluser** · Aug 5 '09, 03:34 AM

I know using expect in my code is going to be really very complex. Unfortunately the client does not have an option to provide the passphrase and the client is coded in C and we dont want to make any changes to it now. So the question nw is hw can this be implemented using perl in the automation script.

**numberwhun** · Aug 5 '09, 06:07 AM

Originally posted by newperluser

I know using expect in my code is going to be really very complex. Unfortunately the client does not have an option to provide the passphrase and the client is coded in C and we dont want to make any changes to it now. So the question nw is hw can this be implemented using perl in the automation script.

Since it is a client run from the system command, the only way I can imagine is via the Expect module. I would go to the link I provided and see if you can fashion a solution.

Regards,

Jeff

**newperluser** · Aug 5 '09, 06:21 AM

So this would mean I need to seperately install the expect module on every machine that I run this program on.... I run this on multiple platforms and this is going to be a time consuming thing for me :(

**KevinADC** · Aug 5 '09, 06:29 PM

Originally posted by newperluser

So this would mean I need to seperately install the expect module on every machine that I run this program on.... I run this on multiple platforms and this is going to be a time consuming thing for me :(

You might want to ask on a forum that discusses the operating system you are running, there might be an application you can use that has nothing to do with perl. But as far as perl goes, the only thing that I know of that sounds like it has a chance is Expect.

How to make an automated password file for perl script

How to make an automated password file for perl script

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment