I'm attempting to write a bash routine that tests whether or not a user's input is the correct password to my certificate database.
Originally I imagined I'd first execute a benign certutil or pk12util operation on the certificate database that required a password. Then test the return code to see if it was successful.
However, c开发者_如何学运维ertutil's password argument takes a password file (which is undesirable). I could use pk12util to export a certifcate and private key to test (not really happy with extra pk12 files lying around either).
Any suggestions of other methods to test the database password?
PR
Use certutil's password file along with mktemp(1). This generates a temporary file which is only readable by the current user (which should be the same person who already knows the password).
Also add a trap "rm $tmpfile" EXIT to the script to make sure the password gets deleted when the script exits for whatever reason.
If that is still not secure enough, you must write a small C program which operates on the certificate DB.
Try using Process Substitution. Example
read -s -p "Enter Password: " pass
if certutil -f <(echo "$pass"); then
# Password correct, do stuff here
else
# Password incorrect, do stuff here
fi
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论