gpg: add --passphrase-env VARNAME to read passphrase from environmentdkg/passphrase-env

* g10/keydb.h: declare set_passphrase_from_environment_variable()
* g10/passphrase.c: set_passphrase_from_environment_variable() new
function
* g10/gpg.c: add new --passphrase-env argument, handle it.

--

There are problems or difficulties (to varying degrees) with all of
the techniques available for sending a passphrase directly to the
GnuPG process when --pinentry-mode=loopback:

 * Passphrases on the command line often leak into the process table.

 * Passphrases in a file often leak into the disk.

 * Using an extra file descriptor to send a passphrase works well on
   platforms that make it easy to allocate and use extra file
   descriptors, but is pretty awkward on platforms that don't
   facilitate this.

So this patch adds a new form of passphrase-passing, using an
environment variable.  In POSIX shell, this looks like (for example):

    mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback\
      --passphrase-env=mypass --decrypt < message.txt

Hopefully, this is easier to use than --passphrase-fd on platforms or
language toolkits that don't facilitate file descriptor manipulation.

Signed-off-by: Daniel Kahn Gillmor <[email protected]>

1 files changed, 13 insertions, 0 deletions

diff --git a/g10/passphrase.c b/g10/passphrase.c
index 10574ec6a..17e259695 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -159,6 +159,19 @@ set_passphrase_from_string(const char *pass)
   strcpy (fd_passwd, pass);
 }
 
+void
+set_passphrase_from_environment_variable(const char *envvar)
+{
+  const char *val = getenv(envvar);
+  if (val == NULL)
+    val = "";
+  xfree (fd_passwd);
+  fd_passwd = xmalloc_secure(strlen(val)+1);
+  strcpy (fd_passwd, val);
+  /* clean up sensitive environment variable to avoid accidental
+     propagation: */
+  unsetenv(envvar);
+}
 
 void
 read_passphrase_from_fd( int fd )