Page MenuHome GnuPG
Create Task
Maniphest T6654

gpgsm: p12 passphrase visible in debug output
Closed, ResolvedPublic
Actions

Description

This was reported to me by a customer:

gpgsm: DBG: chan_4 -> GET_PASSPHRASE --data -- X X X Please+enter+the+passphrase+to+unprotect+the+PKCS#12+object.
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 31933 qt 1.2.1 /dev/pts/3 xterm-256color :1 20600/1000/5 1000/1000 0
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- D foobar,123456
gpgsm: DBG: chan_4 <- OK

Usually we do not log passphrases but for PKCS#12 we apparently do.

Revisions and Commits

rG GnuPG
rGdef8f5f3d28b gpg,gpgsm: Hide password in debug output also for asked passwords.
rGcdc28c59fe5d gpg,gpgsm: Hide password in debug output also for asked passwords.
rG3654fee3a457 gpg,sm: Set confidential in assuan communication for password.
rGbafa7bf27f7d gpg,sm: Set confidential in assuan communication for password.
rGec1446f94465 gpg,sm: Set confidential in assuan communication for password.

Related Objects

Event Timeline

aheinecke triaged this task as Normal priority.Aug 16 2023, 1:37 PM
aheinecke created this task.
gniibe added a subscriber: gniibe.Nov 8 2023, 6:04 AM

I guess that it's a case of specifying static passphrase. If so, here is the patch:

diff --git a/g10/call-agent.c b/g10/call-agent.c
index cb7053396..c44c1cddb 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -161,6 +161,7 @@ default_inq_cb (void *opaque, const char *line)
             || has_leading_keyword (line, "NEW_PASSPHRASE"))
            && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
     {
+      assuan_begin_confidential (parm->ctx);
       if (have_static_passphrase ())
         {
           s = get_static_passphrase ();
@@ -187,6 +188,7 @@ default_inq_cb (void *opaque, const char *line)
             err = assuan_send_data (parm->ctx, pw, strlen (pw));
           xfree (pw);
         }
+      assuan_end_confidential (parm->ctx);
     }
   else if ((s = has_leading_keyword (line, "CONFIRM"))
            && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 883c0c644..7f7205f26 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -222,7 +222,9 @@ default_inq_cb (void *opaque, const char *line)
            && have_static_passphrase ())
     {
       const char *s = get_static_passphrase ();
+      assuan_begin_confidential (parm->ctx);
       err = assuan_send_data (parm->ctx, s, strlen (s));
+      assuan_end_confidential (parm->ctx);
     }
   else
     log_error ("ignoring gpg-agent inquiry '%s'\n", line);

(I also found similar case for gpg as well as gpgsm.)

gniibe added a commit: rGec1446f94465: gpg,sm: Set confidential in assuan communication for password..Nov 9 2023, 5:39 AM
gniibe added a commit: rGbafa7bf27f7d: gpg,sm: Set confidential in assuan communication for password..
gniibe changed the task status from Open to Testing.Nov 9 2023, 5:41 AM
gniibe claimed this task.

Pushed the change to master/2.4.

aheinecke claimed this task.Nov 9 2023, 9:30 AM

Thanks, I will test this and if it works as expected I would also put it in 2.2. since it was pointed out to me from a customer at our approval institution and I think they will be glad if they see that this is gone in the next release and I don't see any regression risk associated with that change.

werner added projects: gnupg22, gnupg24.Nov 9 2023, 1:27 PM
werner moved this task from Backlog to WiP on the gnupg24 board.Nov 10 2023, 9:03 AM
werner moved this task from Backlog to WiP on the gnupg22 board.
werner added a commit: rG3654fee3a457: gpg,sm: Set confidential in assuan communication for password..Nov 10 2023, 9:04 AM
aheinecke added a project: vsd32.Nov 13 2023, 10:08 AM
aheinecke moved this task from Backlog to QA on the vsd32 board.
aheinecke moved this task from QA to WiP on the vsd32 board.Nov 13 2023, 10:13 AM

Need to check if this is in the beta or not before moving it to the QA board.

aheinecke moved this task from WiP to QA on the vsd32 board.Nov 13 2023, 11:45 AM

Yes it is in the gnupg beta235 which is part of vsd-beta 277

werner moved this task from WiP to QA on the gnupg22 board.Nov 13 2023, 3:49 PM
aheinecke added a subscriber: ebo.Nov 14 2023, 2:32 PM

Sorry @ebo tested this on Windows with 2.2. I myself should have tested it since the test is trivial and only took me about 30 seconds to type. Similar to T6701 this should have never reached the QA stage. I am including myself now that we have someone for QA that I test my own changes less. We need to talk / think about that in our whole team. We developers should test more before sending an issue into QA.

My test:

GNUPGHOME=$(mktemp -d) gpgsm --debug-level guru --import berta.boss@demo.gnupg.com.p12                 
.....
gpgsm: DBG: chan_4 -> GETINFO version
gpgsm: DBG: chan_4 <- D 2.4.4-beta63
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION allow-pinentry-notify
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> GET_PASSPHRASE --data -- X X X Please+enter+the+passphrase+to+unprotect+the+PKCS#12+object.
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 23356 qt 1.2.1-beta21 /dev/pts/6 xterm-256color :1 20600/1000/5 1000/1000 0
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- D abc,123456
gpgsm: DBG: chan_4 <- OK
werner changed the task status from Testing to Open.Nov 14 2023, 2:38 PM
werner claimed this task.
werner moved this task from QA to WiP on the gnupg22 board.
werner added a commit: rGcdc28c59fe5d: gpg,gpgsm: Hide password in debug output also for asked passwords..Nov 14 2023, 3:08 PM
werner added a commit: rGdef8f5f3d28b: gpg,gpgsm: Hide password in debug output also for asked passwords..
werner changed the task status from Open to Testing.Nov 14 2023, 3:10 PM
ebo moved this task from QA to WiP on the vsd32 board.Nov 15 2023, 10:36 AM
werner moved this task from WiP to QA on the gnupg22 board.Nov 17 2023, 10:55 AM
aheinecke moved this task from WiP to QA on the vsd32 board.Nov 20 2023, 10:31 AM
ebo added a comment.Nov 21 2023, 4:01 PM

is now hidden in VS-Desktop-3.1.90.287-Beta

ebo moved this task from QA to vsd-3.2.0 on the vsd32 board.Nov 21 2023, 4:02 PM
ebo edited projects, added vsd32 (vsd-3.2.0); removed vsd32.
ebo moved this task from QA to gnupg-2.2.42 on the gnupg22 board.Nov 21 2023, 4:50 PM
ebo edited projects, added gnupg22 (gnupg-2.2.42); removed gnupg22.
werner mentioned this in T6307: Release GnuPG 2.2.42.Nov 28 2023, 4:59 PM
werner moved this task from WiP to QA on the gnupg24 board.Jan 16 2024, 10:49 AM
ebo closed this task as Resolved.Jan 24 2024, 5:08 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Hidden for Gpg4win-4.3.0-beta571, too

ebo moved this task from QA to gnupg-2.4.4 on the gnupg24 board.Jan 24 2024, 5:08 PM
ebo edited projects, added gnupg24 (gnupg-2.4.4); removed gnupg24.
werner mentioned this in T6578: Release GnuPG 2.4.4.Jan 25 2024, 11:37 AM
werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM