Script encryption allows script files to be encoded so as to be unreadable without a password. This allows OEMs to provide script packages to users while maintaining confidentiality of the script content.
The encryption method is strong enough to foil most attempts at breaking the code by average users, however it is probably easily broken by experts. The encryption algorithm is not export-restricted.
Encryption and decryption of script files is implemented with two utilities, which are provided in the Accessories distribution. Also provided with the accessories is a utility for changing the default password compiled into the Xic executable. There is also a related script function, and a related command-line argument to Xic.
The encryption/decryption utilities are:
wrencode file [files ...]
wrdecode file [files ...]
Both programs take as arguments lists of files to encode or decode. At least one file must be specified.
The wrencode program will prompt the user for a password, and
for a repetition of the password. The files on the command line will
be encrypted using this password.
WARNING: since the encryption is done in-place, be sure to save a non-encrypted backup of the files.
The wrdecode program will prompt once for a password, and will decrypt the files listed in the command line which have been encrypted with this password. They are not touched otherwise.
The encryption/decryption should be portable between all systems that can run these two utilities.
Xic will read plain-text and encrypted scripts. Encrypted scripts can be read only if Xic has the correct password, i.e., the one used in the wrencode utility to encrypt the scripts. At present, Xic can only retain one password at a time.
Xic has a built-in default password, which is active if no other password is specified. This is built into the Xic executable file (in encrypted form) and can be changed with the wrsetpass utility. The ``factory'' default password is:
Default password: qwerty
The password can be given to Xic on the command line with the -K option:
-KpasswordNote that there is no space between the ``-K'' and the password. As the password can contain almost any character, if the password contains characters which could be misinterpreted by the shell, the password should be quoted, e.g., -K'password'. The password set with the -K option overrides the default password.
If the .xicinit or .xicstart file, or the function library file, or a script run from batch mode, is encrypted, the encryption password must be given to Xic with the -K option, or be the default password. As the password can be changed with the SetKey script function, User Menu scripts can in principle use different passwords, which must be set before the script is executed.
It is possible the change the password when Xic is running with the SetKey script function:
This function sets the key used by Xic to decrypt encrypted scripts. The password must be the same as that used to encrypt the scripts. This function returns 1 on success, i.e., the key has been set, or 0 on failure, which shouldn't happen as even an empty string is a valid password.
At most one password is active at a time. If the file can not be opened with the current password, Xic will behave as if the file was empty.