Home > Mac administration, Scripting > Using base64 encoding to include binary files inside scripts

Using base64 encoding to include binary files inside scripts

When writing scripts, it’s sometimes useful to be able to be able to include and deploy binary files as part of the script run. An example of this would be if you want to use MySQL 5.6 and later’s option for creating a MySQL connection file. This is a file that allows you to store MySQL authentication inside an encrypted file named .mylogin.cnf.

Rather than trying to script the creation of a MySQL connection file, where the creation process would involve placing the MySQL authentication credentials in a readable format inside the script, it is easier and more secure to build the connection file manually on one machine and then encode the encrypted MySQL connection file into ASCII text using base64 encoding. Once encoded, the ASCII text can be decoded as part of a script designed to deploy the still-encrypted MySQL connection file to a desired location.

For more details on how to use base64 encoding, please see below the jump.

To encode files, you can use the openssl utility’s base64 function to encode them as ASCII characters. For example, a file named hello_world.txt with the following contents needs to be copied to the same location on multiple Macs:

--------

Hello, World!

---------

To encode the file, run the following command:

openssl base64 < /path/to/hello_world.txt

That will give you a ASCII string like that shown below:

LS0tLS0tLS0KCkhlbGxvLCBXb3JsZCEKCi0tLS0tLS0tLQo=

Screen Shot 2017 05 02 at 12 57 49 PM

You can then embed the string in a script and have it read back into a new file. For example, the script shown below will decode and store a copy of the hello_world.txt file inside the /Users/Shared directory:

#!/bin/bash

# Decode hello_world.txt stored in base64 format
# and store it as /Users/Shared/hello_world.txt.

openssl base64 -d <<HELLOWORLD > /Users/Shared/hello_world.txt
LS0tLS0tLS0KCkhlbGxvLCBXb3JsZCEKCi0tLS0tLS0tLQo=
HELLOWORLD

Running the script on the desired machines will allow the hello_world.txt file to be deployed into the desired location inside the /Users/Shared directory.

As files get larger, the block of ASCII text will also grow. Encoding the script shown above will produce a block of ASCII text that looks similar to this:

IyEvYmluL2Jhc2gKCiMgRGVjb2RlIGhlbGxvX3dvcmxkLnR4dCBzdG9yZWQgaW4g
YmFzZTY0IGZvcm1hdCAKIyBhbmQgc3RvcmUgaXQgYXMgL1VzZXJzL1NoYXJlZC9o
ZWxsb193b3JsZC50eHQuCgpvcGVuc3NsIGJhc2U2NCAtZCA8PEhFTExPV09STEQg
PiAvcGF0aC90by9oZWxsb193b3JsZC50eHQKTFMwdExTMHRMUzBLQ2tobGJHeHZM
Q0JYYjNKc1pDRUtDaTB0TFMwdExTMHRMUW89CkhFTExPV09STEQK

Screen Shot 2017 05 02 at 1 01 44 PM

This encoding technique can also be used to deploy entire executable binaries, where the program in question is encoded using the technique described above, then deployed to a desired location.

  1. JayB
    May 2, 2017 at 6:25 pm

    You can also use the the program base64

    echo $HELLOWORLD_ASCII > helloworld.base64 && /usr/bin/base64 -D -i helloworld.base64 -o helloworld.txt && rm -rf helloworld.base64

    Needless to say, it also does the encoding, and stdin pipe.

    • May 2, 2017 at 9:48 pm

      More secure than passing passwords in the clear, which is the alternative.

  2. May 5, 2017 at 12:48 pm

    Beware! This is not secure – ok, it just does not show a password in the plain text but anyone with basic technical skills can recover it.

  3. May 5, 2017 at 7:22 pm

    To the other commenters asking about security: The “hello world” example given is a proof-of-concept and is not secure AT ALL.

    The only way this is secure is by using *encryption*. base64 *encodes*, not *encrypts*.

    The “hello world” example must then be extended by the reader of this article to use the *encrypted* .mylogin.conf file. The only thing that makes this secure is that the .mylogin.conf file itself is an encrypted file.

    base64 is NOT encryption. It is exactly as insecure as sending plain text. If the contents of the file you are encoding are encrypted, though, then using base64 is secure. All base64 does is convert “binary” computer files to “ascii” computer files, which can be pasted into the body of an email, or placed inline in a shell script.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: