I am having problems using a program called ‘ccrypt’ which is used to encrypt files. The way in which I am using it is as follows:
ccrypt -e -E $cryptograph `find . -type f | sed -n -e '$i{p;q}'`
where -e means that the program is running in encrypt mode. My problem is as follows:
The manual for the command says that -E is used to read the passphrase for the encryption from an environment variable using this syntax:
-E var
and as such I have set it to be the passphrase I want as below:
cryptograph="Example_passphrase"
However, when I run the code as shown above, an error message appears as follows:
ccrypt: environment variable Example_passphrase does not exist.
Does anybody have any idea what I am doing wrong?
EDIT:
Thanks for the answers, exporting the variable and removing the “$” worked but now I face a new problem:
"sed -n -e '$i{p;q}'"
The shell says:
ccrypt: {p;q}: No such file or directory
However, if I exchange $i for a number then the program works to an extent. What is the correct syntax for using the variable ‘i’ here?
Don’t forget to export the environment variable (until it is exported, it is just a variable, not an environment variable).
Specifying just the name is crucial (no
$). Otherwise, the value of the variable — the passphrase itself — is in the command line arguments and visible topsetc. We can debate whether the environment is secure (think of the/procfile system), but it is several steps better than including the passphrase itself on the command line.From the comments, it appears that you might be best off doing something like:
One major advantage of this is that it sidesteps all the problems with blanks and other odd-ball characters in file names. If the
ccryptcommand accepts multiple files, you can probably replace the quoted';'with+(which doesn’t need quotes) and a single command will encrypt all the files.