From 07c19981da0607dc442fadc4079b1d71fbef8f83 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 23 Sep 2018 14:10:17 -0400
Subject: gpg: add --passphrase-env VARNAME to read passphrase from environment

* g10/keydb.h: declare set_passphrase_from_environment_variable()
* g10/passphrase.c: set_passphrase_from_environment_variable() new
function
* g10/gpg.c: add new --passphrase-env argument, handle it.

--

There are problems or difficulties (to varying degrees) with all of
the techniques available for sending a passphrase directly to the
GnuPG process when --pinentry-mode=loopback:

 * Passphrases on the command line often leak into the process table.

 * Passphrases in a file often leak into the disk.

 * Using an extra file descriptor to send a passphrase works well on
   platforms that make it easy to allocate and use extra file
   descriptors, but is pretty awkward on platforms that don't
   facilitate this.

So this patch adds a new form of passphrase-passing, using an
environment variable.  In POSIX shell, this looks like (for example):

    mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback\
      --passphrase-env=mypass --decrypt < message.txt

Hopefully, this is easier to use than --passphrase-fd on platforms or
language toolkits that don't facilitate file descriptor manipulation.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 g10/gpg.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'g10/gpg.c')

diff --git a/g10/gpg.c b/g10/gpg.c
index f04a3400a..36adbaaa2 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -257,6 +257,7 @@ enum cmd_and_opt_values
     oBZ2CompressLevel,
     oBZ2DecompressLowmem,
     oPassphrase,
+    oPassphraseEnv,
     oPassphraseFD,
     oPassphraseFile,
     oPassphraseRepeat,
@@ -709,6 +710,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
 
   ARGPARSE_s_s (oPassphrase,      "passphrase", "@"),
+  ARGPARSE_s_s (oPassphraseEnv,   "passphrase-env", "@"),
   ARGPARSE_s_i (oPassphraseFD,    "passphrase-fd", "@"),
   ARGPARSE_s_s (oPassphraseFile,  "passphrase-file", "@"),
   ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
@@ -3151,6 +3153,9 @@ main (int argc, char **argv)
 	  case oPassphrase:
 	    set_passphrase_from_string(pargs.r.ret_str);
 	    break;
+	  case oPassphraseEnv:
+	    set_passphrase_from_environment_variable(pargs.r.ret_str);
+	    break;
 	  case oPassphraseFD:
             pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
             break;
-- 
cgit v1.2.3