/cisco-encrypt

Password obfuscator for vpnc config files (beware that passwords can be deobfuscated using cisco-decrypt!!!)

Primary LanguageC

cisco-encrypt

Password encoder for Cisco VPN client.

This is a small command line utility to obfuscate passwords for storage in VPNC config files such as /etc/vpnc/default.conf.

IMPORTANT: Using an obfuscated password does not protect your password if someone gets access to your config file! Obfuscation's only purpose is to make it harder to guess your password by just taking a superficial glance at your config file.

Build

The only dependency other than gcc are the libgcrypt development files, which e.g. on ubuntu can be installed as:

apt install libgcrypt20-dev

Build with gcc:

gcc -o cisco-encrypt cisco-encrypt.c -lgcrypt

or simply type:

make

Usage

Call the utility with your credentials:

$ ./cisco-encrypt mygroupsecret
7F407242A6A26402FFAB80AE33EFB61988873B7DA8C930FE599AC158E5CE9B50653D081216BFFB587C38C29E02684BF5039E80D9807CC1D6

$ ./cisco-encrypt myusersecret
3822F82D77C7CD8B6B617B54B13183C00A1E4B998D66E3BDA25182A1C1D331EF99B22FCC57C4248688D5926A29FE18D21819FB55E2E35EEF

and use its output instead of the plaintext password in your config file with an obfuscated statement, e.g.:

# group secret:
IPSec obfuscated secret 7F407242A6A26402FFAB80AE33EFB61988873B7DA8C930FE599AC158E5CE9B50653D081216BFFB587C38C29E02684BF5039E80D9807CC1D6

# user password:
Xauth obfuscated password 3822F82D77C7CD8B6B617B54B13183C00A1E4B998D66E3BDA25182A1C1D331EF99B22FCC57C4248688D5926A29FE18D21819FB55E2E35EEF

rather than:

IPSec secret mygroupsecret
Xauth password myusersecret

You can verify the passwords using cisco-decrypt:

$ cisco-decrypt 7F407242A6A26402FFAB80AE33EFB61988873B7DA8C930FE599AC158E5CE9B50653D081216BFFB587C38C29E02684BF5039E80D9807CC1D6
mygroupsecret

$ cisco-decrypt 3822F82D77C7CD8B6B617B54B13183C00A1E4B998D66E3BDA25182A1C1D331EF99B22FCC57C4248688D5926A29FE18D21819FB55E2E35EEF
myusersecret

Beware that everyone can do this!

Copyright

Copyright (C) 2009 Sebastian Wicki

Derivated from cisco-decrypt - Copyright (C) 2005 Maurice Massar
Thanks to HAL-9000@evilscientists.de for decoding and posting the algorithm!

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA