BestHub
Sign in
Information Security 5 min read

Encrypt Linux Shell Scripts with SHC: A Complete Step‑by‑Step Guide

This tutorial explains how to install the SHC tool on CentOS 8, create a simple shell script, encrypt it into a binary executable, verify the file types, run the encrypted script, and optionally set an expiration date or custom expiration message.

Liangxu Linux
Liangxu Linux
Liangxu Linux
Encrypt Linux Shell Scripts with SHC: A Complete Step‑by‑Step Guide

Introduction

When a shell script contains sensitive information such as passwords, you may want to prevent other users with read permissions from viewing the script source. The SHC (Shell Script Compiler) tool can compile a script into a binary that ordinary users cannot easily inspect.

Install SHC on CentOS 8

# yum -y install shc

Create a Sample Shell Script

# vim welcome.sh
#!/bin/sh

echo "Welcome to linux world"

Encrypt the Script with SHC

# shc -v -f welcome.sh
shc shll=sh
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc   welcome.sh.x.c -o welcome.sh.x
shc: strip welcome.sh.x
shc: chmod ug=rwx,o=rx welcome.sh.x

After encryption you will have three files: welcome.sh – the original script. welcome.sh.x – the encrypted binary. welcome.sh.x.c – the generated C source that was compiled to produce welcome.sh.x.

Verify File Types

# file welcome.sh
welcome.sh: POSIX shell script, ASCII text executable

# file welcome.sh.x
welcome.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, stripped

# file welcome.sh.x.c
welcome.sh.x.c: C source, ASCII text

Run the Encrypted Script

# ./welcome.sh.x
Welcome to linux world

Set an Expiration Date

You can make the binary stop working after a specific date using the -e option. The date format is dd/mm/yyyy.

# rm -rf welcome.sh.x*
# shc -e 01/02/2021 -v -f welcome.sh

Attempting to run the expired binary yields:

# ./welcome.sh.x
./welcome.sh.x: has expired!
Please contact your provider [email protected]

Custom Expiration Message

Use the -m option to provide a custom message displayed after expiration.

# shc -e 01/02/2021 -m "Please contact [email protected]!" -v -f welcome.sh

Conclusion

The SHC tool provides a straightforward way to protect shell scripts on Linux by converting them into binary executables, optionally limiting their use with expiration dates and custom messages, thereby enhancing script confidentiality.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxencryptionBashExpirationshc
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment