Page MenuHome GnuPG

allow setting passphrase from an environment variable
Closed, WontfixPublic


There are problems or difficulties (to varying degrees) with all of the techniques available for sending a passphrase directly to the GnuPG process when --pinentry-mode=loopback:

  • Passphrases on the command line often leak into the process table.
  • Passphrases in a file often leak into the disk.
  • Using an extra file descriptor to send a passphrase works well on platforms that make it easy to allocate and use extra file descriptors, but is pretty awkward on platforms that don't facilitate this.

So this patch adds a new form of passphrase-passing, using an environment variable. In POSIX shell, this looks like (for example):

mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback \
  --passphrase-env=mypass --decrypt < message.txt

Hopefully, this is easier to use than --passphrase-fd on platforms or language toolkits that don't facilitate file descriptor manipulation.

Event Timeline

dkg created this object in space S1 Public.

I tried to push commit 07c19981da0607dc442fadc4079b1d71fbef8f83 to branch dkg/passphrase-env on playfair, but i got this complaint:

remote: error: invalid key: hooks.denypush.branch.dkg/passphrase-env
remote: error: invalid key: hooks.denymerge.dkg/passphrase-env

so instead, i'm attaching the patch here:

seems like it would be easier all around if i could push branches to playfair directly.

i note that my patch doesn't include an addition to the test suite, which it probably should, though i'm not fluent in gpgscm. if someone could update it to include a test, i'd appreciate that, and would probably learn from the commit. I imagine the test would do something like:

  • encrypt a file symmetrically using gpg --symmetric --batch --pinentry-mode loopback --passphrase foo
  • decrypt it using example=foo gpg --decrypt --batch --pinentry-mode loopback --passphrase-env example
  • compare the result with the original input

Maybe not on Linux but the environment is visible from other processes in the same way as the command line. So I don't see why we should add yet more clumsy passphrase workarounds to gpg. We already have PINENTRY_USER_DATA which can fulfill the same task.

ok, feel free to close this ticket then. It's disappointing that there
seems to be no sane, simple, private multi-channel communication
mechanism avaiable cross-platform that GnuPG can rely on.

werner claimed this task.