How can I either encrypt or render my shell script unreadable?

If you want to encrypt a shell script, use GPG. Whoever wants to run your script will of course have to decrypt it first.

If you want someone to be able to run the script but not read it, that's a completely different problem which has nothing to do with encryption. It's called obfuscation.

If you have a password or other confidential information in that script, no amount of obfuscation is going to hide it. Sooner or later the script will use the password to do something and at that point the password will appear clearly to anyone looking for it.

If you want to hide how your script works because you're afraid someone will copy it, forget about it. Nobody cares.

If you want to hide your script because you're ashamed of its quality, fix it.

If you want to hide how your script works because you want to hide what it does, it's not doable. Someone can look at your script while it's executed and watch what it's doing.

If you've read that far and still want to “encrypt” your script, you're misunderstanding something major. Don't send your script to anyone, or send it in plain text.


Got this while searching internet,courtesy Claudio P.

  1. Write your script (script-base.sh)

    #!/bin/sh 
    echo "Hello World" 
    
  2. Encrypt your script (give a password):

    openssl enc -e -aes-256-cbc -a -in script-base.sh > script-enc 
    
  3. Write de Wrapper (script-final.sh):

    #!/bin/sh 
    openssl enc -d -aes-256-cbc -a -in script-enc | sh - 
    
  4. Run "script-final.sh", enter the password, and the script will run without write the plain text script on disk.


SHC

You can try the steps outlined on this website, titled: How to Encrypt Your Bash Shell Script on Linux Using SHC. This article discusses the use of a tool called SHC - Shell script Compiler.

URL resources

  • the shc tar ball
  • the man page

This is an executable that you'll have to build using gcc/g++.

Usage

$ ./shc -f random.sh

Once you run it your shell script, random.sh will get converted into this file:

-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x

Is this foolproof?

No there is a good analysis of the method used by the SHC tool which shows that it's not overly strong and can be circumvented if you know what you're doing. The article was post on the linuxjournal.com website, titled: Paranoid Penguin - Limitations of shc, a Shell Encryption Utility.

NOTE: These classes of tools are probably better described as obfuscators.

Tags:

Shell Script