Page MenuHome GnuPG
Create Task
Maniphest T4154

allow setting passphrase from an environment variable
Closed, WontfixPublic
Actions

Description

There are problems or difficulties (to varying degrees) with all of the techniques available for sending a passphrase directly to the GnuPG process when --pinentry-mode=loopback:

  • Passphrases on the command line often leak into the process table.
  • Passphrases in a file often leak into the disk.
  • Using an extra file descriptor to send a passphrase works well on platforms that make it easy to allocate and use extra file descriptors, but is pretty awkward on platforms that don't facilitate this.

So this patch adds a new form of passphrase-passing, using an environment variable. In POSIX shell, this looks like (for example):

mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback \
  --passphrase-env=mypass --decrypt < message.txt

Hopefully, this is easier to use than --passphrase-fd on platforms or language toolkits that don't facilitate file descriptor manipulation.

Event Timeline

dkg created this task.Sep 23 2018, 8:32 PM
dkg created this object in space S1 Public.
dkg added a comment.Sep 23 2018, 8:36 PM

I tried to push commit 07c19981da0607dc442fadc4079b1d71fbef8f83 to branch dkg/passphrase-env on playfair, but i got this complaint:

remote: error: invalid key: hooks.denypush.branch.dkg/passphrase-env
remote: error: invalid key: hooks.denymerge.dkg/passphrase-env

so instead, i'm attaching the patch here:

0001-gpg-add-passphrase-env-VARNAME-to-read-passphrase-fr.patch5 KBDownload

seems like it would be easier all around if i could push branches to playfair directly.

dkg added a comment.Sep 23 2018, 9:31 PM

i note that my patch doesn't include an addition to the test suite, which it probably should, though i'm not fluent in gpgscm. if someone could update it to include a test, i'd appreciate that, and would probably learn from the commit. I imagine the test would do something like:

  • encrypt a file symmetrically using gpg --symmetric --batch --pinentry-mode loopback --passphrase foo
  • decrypt it using example=foo gpg --decrypt --batch --pinentry-mode loopback --passphrase-env example
  • compare the result with the original input
werner added a subscriber: werner.Sep 24 2018, 9:06 AM

Maybe not on Linux but the environment is visible from other processes in the same way as the command line. So I don't see why we should add yet more clumsy passphrase workarounds to gpg. We already have PINENTRY_USER_DATA which can fulfill the same task.

dkg added a comment.Oct 7 2018, 6:45 AM

ok, feel free to close this ticket then. It's disappointing that there
seems to be no sane, simple, private multi-channel communication
mechanism avaiable cross-platform that GnuPG can rely on.

werner triaged this task as Low priority.Oct 29 2018, 9:42 AM
matheusmoreira added a subscriber: matheusmoreira.May 9 2019, 9:42 PM
werner closed this task as Wontfix.Feb 10 2021, 2:55 PM
werner claimed this task.