Bash script to generate and change Java keystore passwords

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
2
down vote

favorite












This is the first Bash script I've written, so I'm looking for feedback on best practices, conventions, things like that.



This script makes a few assumptions



  1. There is a java keystore stored at ~/.keystore

  2. There is an alias for an entry in that keystore with a value of test

  3. Both the keystore and entry share the same initial password

  4. That shared password is test

After that, for both the keystore and key entry, it pulls a number of bytes from /dev/urandom, Base64 encodes them, and sets that as the password.



#!/bin/bash

keystore_file=~/.keystore
config_file=~/.keystore.config
alias_name=test
initial_password=test

generate_password() base64 -w 0)"
 echo $password


set_keystore_password() 
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -storepasswd -keystore $keystore_file -storepass $initial_password -new $password
 echo $password >> $config_file
 echo $password


set_key_password() 
 local keystore_password=$1
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -keypasswd -keystore $keystore_file -storepass $keystore_password -alias $alias_name -keypass $initial_password -new $password
 echo $password >> $config_file


initialize_keystore() 
 if [ -f $config_file ]
 then
 rm $config_file
 touch $config_file
 fi

 local keystore_password=$(set_keystore_password)
 set_key_password $keystore_password


initialize_keystore



beginner bash




share|improve this question

















  • 1




    I generally separate my list w/ code by using --- (horizontal rule)
    – hjpotter92
    Apr 5 at 1:48
















up vote
2
down vote

favorite












This is the first Bash script I've written, so I'm looking for feedback on best practices, conventions, things like that.



This script makes a few assumptions



  1. There is a java keystore stored at ~/.keystore

  2. There is an alias for an entry in that keystore with a value of test

  3. Both the keystore and entry share the same initial password

  4. That shared password is test

After that, for both the keystore and key entry, it pulls a number of bytes from /dev/urandom, Base64 encodes them, and sets that as the password.



#!/bin/bash

keystore_file=~/.keystore
config_file=~/.keystore.config
alias_name=test
initial_password=test

generate_password() base64 -w 0)"
 echo $password


set_keystore_password() 
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -storepasswd -keystore $keystore_file -storepass $initial_password -new $password
 echo $password >> $config_file
 echo $password


set_key_password() 
 local keystore_password=$1
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -keypasswd -keystore $keystore_file -storepass $keystore_password -alias $alias_name -keypass $initial_password -new $password
 echo $password >> $config_file


initialize_keystore() 
 if [ -f $config_file ]
 then
 rm $config_file
 touch $config_file
 fi

 local keystore_password=$(set_keystore_password)
 set_key_password $keystore_password


initialize_keystore



beginner bash




share|improve this question

















  • 1




    I generally separate my list w/ code by using --- (horizontal rule)
    – hjpotter92
    Apr 5 at 1:48












up vote
2
down vote

favorite









up vote
2
down vote

favorite











This is the first Bash script I've written, so I'm looking for feedback on best practices, conventions, things like that.



This script makes a few assumptions



  1. There is a java keystore stored at ~/.keystore

  2. There is an alias for an entry in that keystore with a value of test

  3. Both the keystore and entry share the same initial password

  4. That shared password is test

After that, for both the keystore and key entry, it pulls a number of bytes from /dev/urandom, Base64 encodes them, and sets that as the password.



#!/bin/bash

keystore_file=~/.keystore
config_file=~/.keystore.config
alias_name=test
initial_password=test

generate_password() base64 -w 0)"
 echo $password


set_keystore_password() 
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -storepasswd -keystore $keystore_file -storepass $initial_password -new $password
 echo $password >> $config_file
 echo $password


set_key_password() 
 local keystore_password=$1
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -keypasswd -keystore $keystore_file -storepass $keystore_password -alias $alias_name -keypass $initial_password -new $password
 echo $password >> $config_file


initialize_keystore() 
 if [ -f $config_file ]
 then
 rm $config_file
 touch $config_file
 fi

 local keystore_password=$(set_keystore_password)
 set_key_password $keystore_password


initialize_keystore



beginner bash




share|improve this question













This is the first Bash script I've written, so I'm looking for feedback on best practices, conventions, things like that.



This script makes a few assumptions



  1. There is a java keystore stored at ~/.keystore

  2. There is an alias for an entry in that keystore with a value of test

  3. Both the keystore and entry share the same initial password

  4. That shared password is test

After that, for both the keystore and key entry, it pulls a number of bytes from /dev/urandom, Base64 encodes them, and sets that as the password.



#!/bin/bash

keystore_file=~/.keystore
config_file=~/.keystore.config
alias_name=test
initial_password=test

generate_password() base64 -w 0)"
 echo $password


set_keystore_password() 
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -storepasswd -keystore $keystore_file -storepass $initial_password -new $password
 echo $password >> $config_file
 echo $password


set_key_password() 
 local keystore_password=$1
 local password_length=80
 local password=$(generate_password $password_length)
 keytool -keypasswd -keystore $keystore_file -storepass $keystore_password -alias $alias_name -keypass $initial_password -new $password
 echo $password >> $config_file


initialize_keystore() 
 if [ -f $config_file ]
 then
 rm $config_file
 touch $config_file
 fi

 local keystore_password=$(set_keystore_password)
 set_key_password $keystore_password


initialize_keystore




beginner bash





share|improve this question












share|improve this question




share|improve this question








edited Apr 5 at 1:47









hjpotter92

4,95611539




4,95611539









asked Apr 5 at 0:27









Zymus

1213




1213







  • 1




    I generally separate my list w/ code by using --- (horizontal rule)
    – hjpotter92
    Apr 5 at 1:48












  • 1




    I generally separate my list w/ code by using --- (horizontal rule)
    – hjpotter92
    Apr 5 at 1:48







1




1




I generally separate my list w/ code by using --- (horizontal rule)
– hjpotter92
Apr 5 at 1:48




I generally separate my list w/ code by using --- (horizontal rule)
– hjpotter92
Apr 5 at 1:48










2 Answers
2






active

oldest

votes

















up vote
2
down vote













It is a good practice to have the script tested on shellcheck.net so that you have a convention.



In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:



echo "" > $config_file


The password_length can become a global value instead of being local to set_key_passphrase.



You can avoid the double echo in the set_keystore_password by using tee:



echo "$password" | tee -a "$config_file"





share|improve this answer





















  • I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
    – Zymus
    Apr 5 at 18:24

















up vote
0
down vote













This looks pretty good already. I only have two things to add:




  1. Replace



    rm $config_file
    touch $config_file


    with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.



  2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.





share|improve this answer





















    Your Answer




    StackExchange.ifUsing("editor", function ()
    return StackExchange.using("mathjaxEditing", function ()
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
    );
    );
    , "mathjax-editing");

    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "196"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f191290%2fbash-script-to-generate-and-change-java-keystore-passwords%23new-answer', 'question_page');

    );

    Post as a guest

















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    It is a good practice to have the script tested on shellcheck.net so that you have a convention.



    In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:



    echo "" > $config_file


    The password_length can become a global value instead of being local to set_key_passphrase.



    You can avoid the double echo in the set_keystore_password by using tee:



    echo "$password" | tee -a "$config_file"





    share|improve this answer





















    • I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
      – Zymus
      Apr 5 at 18:24














    up vote
    2
    down vote













    It is a good practice to have the script tested on shellcheck.net so that you have a convention.



    In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:



    echo "" > $config_file


    The password_length can become a global value instead of being local to set_key_passphrase.



    You can avoid the double echo in the set_keystore_password by using tee:



    echo "$password" | tee -a "$config_file"





    share|improve this answer





















    • I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
      – Zymus
      Apr 5 at 18:24












    up vote
    2
    down vote










    up vote
    2
    down vote









    It is a good practice to have the script tested on shellcheck.net so that you have a convention.



    In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:



    echo "" > $config_file


    The password_length can become a global value instead of being local to set_key_passphrase.



    You can avoid the double echo in the set_keystore_password by using tee:



    echo "$password" | tee -a "$config_file"





    share|improve this answer













    It is a good practice to have the script tested on shellcheck.net so that you have a convention.



    In the initialise section, you are cleaning up the keystore file (if it exists). Use the shell-builtin echo and redirect to achieve this:



    echo "" > $config_file


    The password_length can become a global value instead of being local to set_key_passphrase.



    You can avoid the double echo in the set_keystore_password by using tee:



    echo "$password" | tee -a "$config_file"






    share|improve this answer













    share|improve this answer



    share|improve this answer











    answered Apr 5 at 2:07









    hjpotter92

    4,95611539




    4,95611539











    • I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
      – Zymus
      Apr 5 at 18:24
















    • I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
      – Zymus
      Apr 5 at 18:24















    I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
    – Zymus
    Apr 5 at 18:24




    I left password_length in both of the functions in case we want to change the length of the passwords independently (ie. 80 bytes for the keystore, maybe 90 bytes for the key entry).
    – Zymus
    Apr 5 at 18:24












    up vote
    0
    down vote













    This looks pretty good already. I only have two things to add:




    1. Replace



      rm $config_file
      touch $config_file


      with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.



    2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.





    share|improve this answer

























      up vote
      0
      down vote













      This looks pretty good already. I only have two things to add:




      1. Replace



        rm $config_file
        touch $config_file


        with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.



      2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.





      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        This looks pretty good already. I only have two things to add:




        1. Replace



          rm $config_file
          touch $config_file


          with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.



        2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.





        share|improve this answer













        This looks pretty good already. I only have two things to add:




        1. Replace



          rm $config_file
          touch $config_file


          with : > "$config_file". This has a few advantages over hjpotter92's suggestion, as detailed here.



        2. Quote all your variables. See https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells/171347#171347 for more information.






        share|improve this answer













        share|improve this answer



        share|improve this answer











        answered Apr 5 at 13:00









        Gao

        686516




        686516






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f191290%2fbash-script-to-generate-and-change-java-keystore-passwords%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            Chat program with C++ and SFML

            Image
            Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 2 down vote favorite This is my client code: (My server is very similar at the moment but I will upload it below this one just in case somebody wants to run it) #include <SFML/Graphics.hpp> #include <SFML/Network.hpp> #include <thread> int main() sf::RenderWindow main_win(sf::VideoMode(800, 800), "Chatcy!"); main_win.setPosition(sf::Vector2i(sf::VideoMode::getDesktopMode().width/2 -400, sf::VideoMode::getDesktopMode().height/2 -400)); main_win.setVerticalSyncEnabled(true); //chatcy logo sf::Texture chatcy; chatcy.loadFromFile("image_chatcy.png"); sf::Sprite logo; logo.setTexture(chatcy); //200x800 //font sf::Font font; font.loadFromFile("FreeSerif.ttf"); //name sf::String name("Client"); name += ": "; //text input area and background sf::RectangleShape in_backg
            Read more

            Function to Return a JSON Like Objects Using VBA Collections and Arrays

            Image
            Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 1 down vote favorite My goal is to create a compact function that can create a JSON Like object from JSON string. I want a function with a small footprint that I or anyone who wants to use it, can simply paste into a module and use. At 61 lines of code, I am happy with its size and portability. Here is an image of JSON Object created from string data using a ScriptControl . Although the Locals Window displays the properties and values correctly, the object itself is extremely difficult to work with. This image shows an object created using getJSONCollection . Because it is made of VBA Collections and Arrays, it is very easy to work with. Option Explicit Private Function getJSONCollection(ByVal Value As Variant, Optional ScriptEngine As Object) As Variant Const DELIMITER As String = "||" Dim col As Collection, JSON As Object, KeyNam
            Read more

            Will my employers contract hold up in court?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 8 down vote favorite 2 When I started a new job back in July of 2017, I signed a contract that had the following bindings or restrictions if I was ever to leave the company: Cannot work for a competitor within 25 miles of current companies location for the next two years Cannot offer my services to any organization within 25 miles of current companies location for the next two years Now, when mentioned “my services” this can be related to my profession of website design. This contract seems incredibly binding, 2 years in length, and I’m looking to see if it would actually hold up in an Arizona court. contract employment non-compete arizona share | improve this question edited Aug 7 at 15:35 feetwet ♦ 13.8k 9 37 85 asked Aug 6 at 19:05 Alex S. 46 2 What does your company do and what services do they provide? What is your role (i.e. internal work or work for customers).
            Read more