diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2018-09-23 18:10:17 +0000 |
|---|---|---|
| committer | Daniel Kahn Gillmor <[email protected]> | 2018-09-23 18:25:01 +0000 |
| commit | 07c19981da0607dc442fadc4079b1d71fbef8f83 (patch) | |
| tree | 27f9623a71189b8aac8dd7896f5ca75794dea23e /g10 | |
| parent | g10: Fix memory leak for --card-status. (diff) | |
| download | gnupg-dkg/passphrase-env.tar.gz gnupg-dkg/passphrase-env.zip | |
gpg: add --passphrase-env VARNAME to read passphrase from environmentdkg/passphrase-env
* g10/keydb.h: declare set_passphrase_from_environment_variable()
* g10/passphrase.c: set_passphrase_from_environment_variable() new
function
* g10/gpg.c: add new --passphrase-env argument, handle it.
--
There are problems or difficulties (to varying degrees) with all of
the techniques available for sending a passphrase directly to the
GnuPG process when --pinentry-mode=loopback:
* Passphrases on the command line often leak into the process table.
* Passphrases in a file often leak into the disk.
* Using an extra file descriptor to send a passphrase works well on
platforms that make it easy to allocate and use extra file
descriptors, but is pretty awkward on platforms that don't
facilitate this.
So this patch adds a new form of passphrase-passing, using an
environment variable. In POSIX shell, this looks like (for example):
mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback\
--passphrase-env=mypass --decrypt < message.txt
Hopefully, this is easier to use than --passphrase-fd on platforms or
language toolkits that don't facilitate file descriptor manipulation.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | g10/gpg.c | 5 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/passphrase.c | 13 |
3 files changed, 19 insertions, 0 deletions
@@ -257,6 +257,7 @@ enum cmd_and_opt_values oBZ2CompressLevel, oBZ2DecompressLowmem, oPassphrase, + oPassphraseEnv, oPassphraseFD, oPassphraseFile, oPassphraseRepeat, @@ -709,6 +710,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"), ARGPARSE_s_s (oPassphrase, "passphrase", "@"), + ARGPARSE_s_s (oPassphraseEnv, "passphrase-env", "@"), ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"), ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"), ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"), @@ -3151,6 +3153,9 @@ main (int argc, char **argv) case oPassphrase: set_passphrase_from_string(pargs.r.ret_str); break; + case oPassphraseEnv: + set_passphrase_from_environment_variable(pargs.r.ret_str); + break; case oPassphraseFD: pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0); break; diff --git a/g10/keydb.h b/g10/keydb.h index 1def2bb81..db88df9f8 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -279,6 +279,7 @@ gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr, unsigned char encode_s2k_iterations (int iterations); int have_static_passphrase(void); const char *get_static_passphrase (void); +void set_passphrase_from_environment_variable(const char *envvar); void set_passphrase_from_string(const char *pass); void read_passphrase_from_fd( int fd ); void passphrase_clear_cache (const char *cacheid); diff --git a/g10/passphrase.c b/g10/passphrase.c index 10574ec6a..17e259695 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -159,6 +159,19 @@ set_passphrase_from_string(const char *pass) strcpy (fd_passwd, pass); } +void +set_passphrase_from_environment_variable(const char *envvar) +{ + const char *val = getenv(envvar); + if (val == NULL) + val = ""; + xfree (fd_passwd); + fd_passwd = xmalloc_secure(strlen(val)+1); + strcpy (fd_passwd, val); + /* clean up sensitive environment variable to avoid accidental + propagation: */ + unsetenv(envvar); +} void read_passphrase_from_fd( int fd ) |