gen-auth - generate various authentication strings
gen-auth [--help|--version] | <type> ...
gen-auth is tool to assist in all kinds of authentication / encoding / decoding
/ encrypting tasks. It began life as an smtp-specific tool, but has drifted in
functionality over time.
The program actions are broken down into types of encoding to generate. Each
<type> then takes its own specific args. The arguments are expected in a
specific order on the command line. Every argument that isn't available on the
command line will be prompted for. One benefit to this is arguments
corresponding to passwords will not be echoed to the terminal when prompted
The program action is controlled by the first argument. The meaning of the
following arguments is specified by this type
- PLAIN <username> <password>
- This type generates a PLAIN (RFC 2595) authentication
string. It accepts supplemental arguments of username and password. It
generates a Base64 encoded string
- LOGIN <username> <password>
- This method accepts username and password as supplemental
args. It simply returns each string Base64 encoded. This provides only
minimal advantages over using ENCODE twice. One advantage is hiding the
password if you provide it on STDIN
- CRAM-MD5 <username> <password>
- CRAM-MD5 (RFC 2195) accepts three supplemental arguments.
The first is the username and the second is the password. The third is the
challenge string provided by the server. This string can be either Base64
encoded or not. The RFC states that all (unencoded) challenge strings must
start w/ '<'. This is used to whether the string is Base64 encoded or
CRAM-MD5 uses the challenge and the supplied password to generate a digest.
it then returns the Base64 encoded version of the string
This authentication method requires the Digest::MD5 perl module to be
- CRAM-SHA1 <username> <password>
- This behaves the same as CRAM-MD5 but uses SHA1 digesting
rather than MD5.
This authentication method requires the Digest::SHA1 perl module to be
- NTLM/SPA/MSN <username> <password>
- Although it may be advertised as one of the above types,
this method of authentication if refered to singularly as NTLM. This is a
multi-step authentication type. The first 3 arguments must be supplied up
front. They are username, password, and domain, in that order. These three
strings are used to generate an "Auth Request" string. This
string should be passed verbatim to the server. The server will then
respond with a challenge. This challenge is the fourth argument. After
receiving the server challenge, gen-auth will produce an "Auth
Response". Posting this response to the server completes the NTLM
This authentication method requires the Authen::NTLM perl module to be
installed. See EXAMPLES for an example of this transaction. Note also that
'domain' is often blank from client or ignored by server.
- HTTP-BASIC <username> <password>
- Returns the value
base64("<username>:<password>"). Used for HTTP Basic
authentication (RFC 2617). Used by adding a header "Authorization:
Basic <string>" to a HTTP request where <string> is the
output of this command.
- APOP <challenge> <password>
- This implements the APOP authentication for the POP3
protocol as described in RFC 1939. <challenge> is the challenge
string presented by the POP3 server in the greeting banner.
<password> is the "secret" (usually a password) used to
authenticate the user. This method returns a digest
md5("<challenge><password>"). This can be used to
authenticate to a POP3 server in a string like "APOP <user>
<digest>" where <digest> is the string generated by this
APOP required the Digest::MD5 perl module.
- ENCODE <string>
- Simply Base64 encodes a plaintext string. Provided as a
- DECODE <string>
- Decodes a Base64 encoded string. Provided as a convenience
- MD5/MD5-HEX <string>
- Provides an MD5 digest of the supplied string in hex.
- MD5-BASE64 <string>
- Provides an MD5 digest of the supplied string in
- ENCRYPT <string>
- Returns a crypt(3) string generated from the input
- SALTENCRYPT <string> <salt>
- Same as ENCRYPT but you provide the salt as the second
argument. See crypt(3) man page for details.
- ROT13 <string>
- This performs a rot13 action on <string>. This
implementation only performs the action on ASCII 65-90,97-123. Any other
character value is left untouched. Therefore this method is primarily for
LOCALE=C, ASCII only. Feel free to send patches if you care to have it
work in another setting.
- ATBASH <string>
- This performs an atbash action on <string>. Atbash
mirrors a string such that 'a'=='z', 'b'=='y', etc. See the comments on
locale and character set under ROT13.
- Supresses echo on all input fields read from standard
input. If this option is not used, echo is suppressed on fields which are
known to be password fields but this may not be secure enough.
- this screen.
- version info.
- generate a PLAIN AUTH string for user 'tim', password
> gen-auth plain tim tanstaaftanstaaf
Auth String: AHRpbQB0YW5zdGFhZnRhbnN0YWFm
- generate a CRAM-MD5 string for user 'tim', password
'<email@example.com>', using prompt to hide
> gen-auth cram-md5
- use the DECODE method to ensure we provided the correct
output in our last example
> gen-auth decode dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
- use the NTLM (MSN) method to authenticate to a mail server
using user 'tim', password 'tanstaaftanstaaf', and domain MAIL. Both the
gen-auth transaction and SMTP transaction are shown to demonstrate the
interaction between the two.
334 NTLM supported
235 Authentication succeeded
> gen-auth spa
Auth Request: TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
Auth Response: TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==
- Required for all functionality
- Required for MD5, MD5-BASE64, CRAM-MD5, APOP
- Required for CRAM-SHA1
- Required for NTLM/MSN/SPA
- 0 - no errors occurred
- 1 - unrecognized type specified