Page MenuHome GnuPG
Create Task
Maniphest T6068

clarify what a line is in --passphrase-fd and --passphrase-file
Open, LowPublic
Actions

Description

Hey.

Both, --passphrase-fd and --passphrase-file are documented as:

Only the first line will be read from file file.

I think it would be worth to clarify what a line is exactly, especially:

  • Is it platform dependent (i.e. only the native one of CRLF, LF, CR)?
  • If it's platform independent, is it only LF? Or LF and CR(LF)?

This is especially important, because if it would be always LF, then a CRLF terminated line would add an undesired extra CR to the passphrase.

Given that in POSIX terms, a line has a maximum length, it might perhaps also make sense to tell:

  • whether there is a maximum line (i.e. passphrase length) and if so which
  • whether gpg will error out if the maximum length is reached but no newline has been found (which likely indicates that the provided passphrase was longer then the maximum).

Thanks,
Chris.

Event Timeline

calestyo created this task.Jul 8 2022, 2:51 AM
ikloecker added a subscriber: ikloecker.Jul 8 2022, 9:37 AM

I'm not sure whether the manual page should be blown up to a full technical specification.

gpg is Open Source. Use the source. For your convenience: The passphrase is read here:
https://dev.gnupg.org/source/gnupg/browse/master/g10/passphrase.c$114

As you can see gpg reads from the fd/file until the first '\n'. Any other characters will become part of the passphrase. A '\0' will terminate the passphrase (but not the reading from fd). What reading the passphrase from fd concerns, the upper limit to the length is the amount of secure memory that can be allocated. Other parts of GnuPG may not work with large passphrases.

calestyo added a comment.Jul 8 2022, 1:57 PM

I wouldn't call that particular thing technical specification, because it really has potentially a strong user visible impact (i.e. expected passphrase works or not - both cases, whether any other newline characters are included or not, as well as whether it would simply ignore any characters beyond a maximum length).

And sure one can always read the code, but a) that's what documentation is there for, to explain important things for users ... and b) having it just in the code doesn't mean it’s guaranteed "API"... a future release of gpg could just silently change it to stop reading at e.g. any of CR or LF - while having it in the documentation makes it kind of a "promise".

ikloecker added a comment.Jul 10 2022, 11:58 AM

I suggest to submit a patch with the changes you'd like to see. Please read
https://dev.gnupg.org/source/gnupg/browse/master/doc/HACKING
for information how to contribute to gnupg.

You can find the manual page of gpg at:
https://dev.gnupg.org/source/gnupg/browse/master/doc/gpg.texi

werner triaged this task as Low priority.Jul 25 2022, 3:57 PM
werner edited projects, added Documentation; removed Bug Report.