How to generate Encrypt/Decrypt Random Passwords
To generate/Encrypt/Decrypt Random Passwords in Linux
In this article we can see how to generate encrypted random passwords using some cryptography concepts. Pwgen, mkpasswd and openssl are the cryptography concepts shown below. Along with OpenSSL two more ciphers such as enc and aes-256-cbc are used.
pwgen
Install the pwgen package using yum command for CentOS or apt-get for Ubuntu systems.
[root@linuxhelp~]# yum install pwgen
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: centos.webwerks.com
* epel: epel.mirror.net.in
* extras: centos.webwerks.com
* updates: centos.webwerks.com
Resolving Dependencies
--> Running transaction check
---> Package pwgen.x86_64 0:2.07-1.el6 will be installed
&hellip
&hellip
&hellip
Installed:
pwgen.x86_64 0:2.07-1.el6
Complete!
Use simply pwgen to generate a password which length is equal to 10 characters.
[user1@linuxhelp~]$ pwgen
Ahn1Oopa geipooK4 gai0Eith iRou0Ooc sootah3T Ceenei2u oPio1ohL ohJei1wi
ach1Ashu roJ8yae4 Feinie2i TahGh4ge Eezee6sh quiaS7Ei Cangoh1I Chiegu5i
Aizee9vu voh8Ohng Ea6ahf3i heiNah0c ifuTh3oo iekai1Ah Quei0nah ohHae2ul
rah9gooM tijeeH0r Choon4Ph Iengeik7 foh6Ohna quoiW6tu Gohmei6A Ha5eesii
lohvooR9 uxique9W mee8ou6Z Ian8jae0 dooQu4eT iech9Lae Usee5aiJ ifee7aiN
chash9Ai aey6aYuT quaeP4he aeBae9Ee Ii1cui1n JeeQua8F xov7EeFi poagh7Ee
coipoo2E uQu1aice Iab1xeey Oogaico1 wailooJ0 Huu2weeP tai7tiGh cae5Weim
phee3iSi Ne8kahTa Acai1gei dahQuo8u ohPh5Foh JuePhu2a Ij2ziegh Aeph0gie
Ojee0Pei Eogh8ooz eev4Uca0 ooph9Dai aeYooyo3 na1ieXai pie5beiW eigh3Fie
Ea3zusic oi6IeNoo cujah2Bu yaSiepo4 oci3Don2 sa0Neiz6 igeiPay6 aig2Yei6
sae7ohFe zaKae7ra OoLoo0am ohy4Aesh ohh1Aiho hier4Egh eiy4ohS8 laiKuo5e
ceiF4iun Inautoh8 vah6ieN6 aiXoh5Xu Si8muu3w Ooboo9ei elaw1uVu EeSee4am
ahp7Seib auSh6hie hee4eu3A beiT9Adu iumeeW2a oequi2Yu Ooce4tie esooWui8
Ki1iec4j Ooph5Oo6 AhM6Ut8I rail5aeJ mei8Oonu ioVugig6 efuj2Pho xu9Ixesh
paChaut5 yai7aiFo oob2ohMi zoon7ieY ei3Sah1i oi1foS4i LaiZ8uQu maH7quah
Aich0foc aid4ir6R ta8Mo9eM vaesh6Zo xo7ooMah ech8ooKa iaX0eev8 Oogh9Oos
Phik9zah Kee7yaeF yoo4OjiZ Ov7eij4g fahV5oth Quua6Oow Uriehiu5 Maiboh4c
iKux8lee phu1UGha hash3aiS heteePh2 Moo3doht quae8De3 ookupe5A Xai4eupu
Oi8Wee2O ja9eiNg3 Eewai6oh hie6Oobu ahYou9ja roox7Doh Raid4Eef za7quaeM
leph8Ree eusiqu7U Faiz2een yahsim6U dah7Shu9 Hu4EeN3t uSh7eile IduMahv2
So by default it will generate the passwords with 8 characters and 8 columns for 20 rows.
If you want to generate the single password with 10 characters, enter the command as follows
[user1@linuxhelp~]$ pwgen 10 1
chuPhew2ch
Whereas to generate 4 passwords with 6 characters each then, enter the values accordingly
[user1@linuxhelp~]$ pwgen 6 4
ai5EiT thai7O oPhoo6 hequ6U
Now to generate a single password for a length of 55 characters then, the output will be as follows
[user1@linuxhelp~]$ pwgen 55
ohqui1Euch4quie4Aexoo0ViephouseiQue1jeijaecui5tee8peiCh
Aes7aigaeJahjahshohquohShaimuucoojiew3thaepev7Shohb6Thu
oa3ohx4phae1mei2Aeyoo6eenaiD1aiv0iqueif7tophe4fahy8gahg
ru0oofieb6aeghiengee6ahJeiGhee1ung4eeC6jaitiSiuF5igha4T
choo1ebahPitiex4theenia8yoo2uSio8uagooKuoR6onieshai6du0
keeMahph1ahw2PeiNahpaithenaexov9Ie2sha2gaenei4gohy4Ai0c
AiMeeg5koh1cai1quieQu3ej9aeMioPoh2kahPh5ohhoh5luKohbeja
eeyeid4ongo6aeph9togohm9uash8ad9caiteesha8aDoovai1saz7a
saeru9aeLosh8fiesheeheen1seiza1uvoit3Tei2Mieth7aex7eNga
uup7ahw0Ahj7ohmuize9evaimi4xajeegheigaewohkochaeri3oing
ahgieto2uxie1ahghoopooSohpai4heosas1faiw8jeidoyahj9eeth
saewe8Yei6oocie9fae6iefaeMoo6ohWabeifoo1ahN1pheu6IThied
RuD0aingahc7zuofi7Voh8uvoon7ieye3QuooShieJeiraeKiezei7j
aiphooP1AshequeiRequau6xei5xishuuPohpahboopethei6Tieyeb
eeQu6ithahthoghochoht8poyahc9Ahku4chediexaeghaSohBohfah
pooh0Yeecairai8hahP2ooy2shaiyo8reish8fohch1Caejaevi5hoh
kootee6oech3thei9Phohpae2neelieZoom9fiejuSh2ohhaic5vah2
ohw6ea6quae4oongoodei6Uo0jie5zi8phoh3eiceemeeN8eeyochuk
iipae6ooyoheenileesha4saeyohZaCh9eeCu1ungaez6cheiwa9Agi
ahNgooh5aiNga8ujuK4OhLouvu8Eileephohthie2oog6moZeeXeeph
mkpasswd
The mkpasswd installation process can’ t be done directly since its not available in yum. It is located as a dependency of another package. To check, run the following command.
[root@linuxhelp~]# yum whatprovides */mkpasswd
&hellip
&hellip
expect-5.44.1.15-5.el6_4.x86_64 : A program-script interaction and testing utility
Repo : base
Matched from:
Filename : /usr/bin/mkpasswd
&hellip
&hellip
So it will show that the mkpasswd is located in expect package, at first we need to install that package.
[root@linuxhelp~]# yum install expect
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: centos.webwerks.com
* epel: epel.mirror.net.in
* extras: centos.webwerks.com
* updates: centos.webwerks.com
Resolving Dependencies
--> Running transaction check
---> Package expect.x86_64 0:5.44.1.15-5.el6_4 will be installed
&hellip
&hellip
Installed:
expect.x86_64 0:5.44.1.15-5.el6_4
Complete!
Just run mkpasswd command to generate the encrypted password, it will generate a character value length of 10 since it’ s the default value.
[user1@linuxhelp~]$ mkpasswd
#63aJWtsz
To Generate a random password of character length of 25
[user1@linuxhelp~]$ makepasswd -l 25
mqjvjJP0zwih7pad[vhztkwlt
It will generate the password with two digits in it.
To generate a password with 4 digits with the length of 25
[user1@linuxhelp~]$ makepasswd -l 25 -d 4
ibo7Mr~V1azava87zsdxjlenw
To generate some special characters in the password
Use -s option to generate some special characters in the password.
[user1@linuxhelp~]$ mkpasswd -s 3
m 3f& 1WH(
It generates the password with 3 special characters.
We can also set the encrypted password for the user,
[root@linuxhelp~]# mkpasswd user1
kn1Y[yJ1n
It will generate the password and will be assigned to the user1.
Openssl
It is one of the important cryptography concept to encrypt and decrypt the contents.
To encrypt the given content using openssl
[user1@linuxhelp ~]$ echo helloworld | openssl enc -aes-256-cbc -a
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX18uIbo6xS9XcD+GLR0C1P5O0y5jd6+C6Wc=
Here, enc stands for Encoding with Cipher and aes-256-cbc is also an encryption cipher.
-a option is to intimate OpenSSL to encrypt in Base64-ensode format.
To decrypt follow the same command with the encrypted content as input
[user1@linuxhelp ~]$ echo U2FsdGVkX18uIbo6xS9XcD+GLR0C1P5O0y5jd6+C6Wc= | openssl enc -aes-256-cbc -a -d
enter aes-256-cbc decryption password:
hello world
We can give the password from the command itself for that -pass option is to be used at last with password mentioned.
[user1@linuxhelp ~]$ echo hello world | openssl enc -aes-256-cbc &ndash a -pass pass:linux U2FsdGVkX18uIbo6xS9XcD+GLR0C1P5O0y5jd6+C6Wc= [user1@linuxhelp ~]$ echo U2FsdGVkX18uIbo6xS9XcD+GLR0C1P5O0y5jd6+C6Wc= | openssl enc -aes-256-cbc &ndash a &ndash d &ndash pass pass:linux hello world
To encrypt the contents of the file
[user1@linuxhelp test]$ cat test.txt Hello linuxhelp [user1@linuxhelp test]$ openssl enc -aes-256-cbc -in test.txt -out test.txt.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
Now the file is encrypted and saved into the new file called test.txt.enc, we can remove the original file.
[user1@linuxhelp test]$ cat test.txt
Salted__" R ?
~ ` g b?
So the content is encrypted with the Salt cryptography format.
To decrypt the file
[user1@linuxhelp~]$ openssl enc -aes-256-cbc -d -in test.txt.enc -out test.txt
enter aes-256-cbc decryption password:
Now the test.txt file is generated.
[user1@linuxhelp test]$ cat test.txt
Hello linuxhelp