pipe output from interactive command to less

Question

I'd like to do something like

openssl enc -d -aes256 -in somefile | less

openssl requires a password from stdin. and this gets all messed up when less is involved.

Is there a way to take the output from an interactive command (like openssl asking for a password) and pipe the output into less?

Or is there a better technique using a bash script?

Answer 1

You can try this:

echo 'mypassword' | openssl enc -d -aes256 -in somefile | less

But this doesn't look secure.

I have not tried running openssl this way, but in case it is too verbose and if previous code is not going to work then you can always try using expect. Here's an example:

expect -c '
    spawn yourscript
    expect "Please enter your password:"
    send "$PASSWORD"
'

Answer 2

Perhaps have the shell script ask for the key, then store the key in a temp file and use openssl's -kfile option to find it. Hope your version of openssl supports -kfile.

I'd worry about security with this, but with a little care the security hole is perhaps smaller than you might think. (But do you trust your sysadmin and sudoers...?)

#!/bin/bash

INFILE=somefile

read -s -p "Enter key for $INFILE: " key
echo

# write the key to a temp file; use mktemp(1)
# for safer creation of a privately-owned file.
#
TMPKEY=$(mktemp -t) || exit 1
echo "$key" > "$TMPKEY"

# will remove the temp file on script exit
trap 'rm -f "$TMPKEY"' EXIT

# remove the key file a couple seconds after openssl runs
(sleep 2; rm -f "$TMPKEY") &

openssl enc -d -aes256 -in "$INFILE" -kfile "$TMPKEY" | less

[ -f "$TMPKEY" ] && rm -f "$TMPKEY"
trap - EXIT

# rest of script...

exit 0