How to use Symantec's camouflage tool
search cancel

How to use Symantec's camouflage tool


Article ID: 172708


Updated On:


VIP Service


Using the Symantec VIP camouflage tool


The VIP camouflage tool is used to mask sensitive shared secrets for RADIUS communication. Various VIP 3rd-party integration guides contain instructions on using this tool to generate a protected password for use within that integration.

The camouflage tool can be downloaded from VIP Manager > Account > Download files... > Third_Party_Integrations > Pugins >

The following architectures are supported:




There are four versions of the "camouflage" tool for Windows. It is important that the correct version of camouflage.exe is used. Refer to the table below: 

Windows Server 2016
Windows Server 2012
Windows 8, 8.1
Windows Server 2008
Windows 7
Windows Server 2008
Windows 7, XP
Windows 8, 8.1 Tools\windows8\camouflage.exe


Generating a camouflaged shared secret

  • Open an elevated command prompt and navigate to the appropriate folder (see table above).
  • Type camouflage sharedsecret where "sharedsecret" is the value of the shared secret to be camouflaged. Store both the shared secret and the camouflaged value in a secure location. Alternatively, the shared secret can be piped directly to a file camouflage sharedsecret > secret.txt
  • Exit the command prompt and purge the command history. 
  • The camouflaged password can now be used. 


In most instances, the shared secret is entered directly in both the VIP Enterprise Gateway configuration console and the configuration file or settings for the integration. 



Two versions of camouflage are available for Linux: 32-bit and 64-bit.

32-bit Linux: Tools/linux/camouflage
64-bit Linux: Tools/linux_x86-64/camouflage

Sample syntax:

$ cd Tools/linux/camouflage
$ touch secret; chmod 600 secret;
$ cat > secret
$ cat secret | ./camouflage - > sharedsecret.txt


  • To test connectivity to the validation server, run the vsradiusclient_test utility included with the file. (see: How to test a VIP Enterprise Gateway validation server using vsradiusclient_test.exe)
  • Run the camouflage tool on the server where the masked password will be used.
  • Test with a simple camouflaged password with no special characters. One successful, proceed with using a more complex password. 
  • If possible, temporarily stop or pause command line history caching. Or, purge the command history on the server once complete. This will prevent retrieval of the shared secret by others with access to the system. 
  • If there is any risk of other users potentially accessing the camouflaged password, use the tool on a system where that risk is diminished.
  • VIP EG 9.8.4 and later supports 32-character passwords. Earlier versions support 30-characters. 
  • The RADIUS shared secret cannot contain spaces or any of the following special characters: " & =