[git] GnuPG - branch, dkg/passphrase-env, created. gnupg-2.2.7-216-g07c1998

by Daniel Kahn Gillmor cvs at cvs.gnupg.org
Sun Sep 23 20:28:25 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, dkg/passphrase-env has been created
        at  07c19981da0607dc442fadc4079b1d71fbef8f83 (commit)

- Log -----------------------------------------------------------------
commit 07c19981da0607dc442fadc4079b1d71fbef8f83
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Sun Sep 23 14:10:17 2018 -0400

    gpg: add --passphrase-env VARNAME to read passphrase from environment
    
    * g10/keydb.h: declare set_passphrase_from_environment_variable()
    * g10/passphrase.c: set_passphrase_from_environment_variable() new
    function
    * g10/gpg.c: add new --passphrase-env argument, handle it.
    
    --
    
    There are problems or difficulties (to varying degrees) with all of
    the techniques available for sending a passphrase directly to the
    GnuPG process when --pinentry-mode=loopback:
    
     * Passphrases on the command line often leak into the process table.
    
     * Passphrases in a file often leak into the disk.
    
     * Using an extra file descriptor to send a passphrase works well on
       platforms that make it easy to allocate and use extra file
       descriptors, but is pretty awkward on platforms that don't
       facilitate this.
    
    So this patch adds a new form of passphrase-passing, using an
    environment variable.  In POSIX shell, this looks like (for example):
    
        mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback\
          --passphrase-env=mypass --decrypt < message.txt
    
    Hopefully, this is easier to use than --passphrase-fd on platforms or
    language toolkits that don't facilitate file descriptor manipulation.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7f55cc7..55e31d2 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -670,7 +670,8 @@ used for no expiration date.
 If this command is used with @option{--batch},
 @option{--pinentry-mode} has been set to @code{loopback}, and one of
 the passphrase options (@option{--passphrase},
- at option{--passphrase-fd}, or @option{passphrase-file}) is used, the
+ at option{--passphrase-fd}, @option{--passphrase-env}, or
+ at option{passphrase-file}) is used, the
 supplied passphrase is used for the new key and the agent does not ask
 for it.  To create a key without any protection @code{--passphrase ''}
 may be used.
@@ -3172,6 +3173,14 @@ Note that since Version 2.0 this passphrase is only used if the
 option @option{--batch} has also been given. Since Version 2.1
 the @option{--pinentry-mode} also needs to be set to @code{loopback}.
 
+ at item --passphrase-env @var{string}
+ at opindex passphrase-env
+Use the value of the environment variable @var{string} as the passphrase.
+This can only be used if only one passphrase is supplied.
+
+This passphrase is only used if the option @option{--batch} has also
+been given, and if @option{--pinentry-mode} is set to @code{loopback}.
+
 @item --pinentry-mode @var{mode}
 @opindex pinentry-mode
 Set the pinentry mode to @var{mode}.  Allowed values for @var{mode}
diff --git a/g10/gpg.c b/g10/gpg.c
index f04a340..36adbaa 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -257,6 +257,7 @@ enum cmd_and_opt_values
     oBZ2CompressLevel,
     oBZ2DecompressLowmem,
     oPassphrase,
+    oPassphraseEnv,
     oPassphraseFD,
     oPassphraseFile,
     oPassphraseRepeat,
@@ -709,6 +710,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
 
   ARGPARSE_s_s (oPassphrase,      "passphrase", "@"),
+  ARGPARSE_s_s (oPassphraseEnv,   "passphrase-env", "@"),
   ARGPARSE_s_i (oPassphraseFD,    "passphrase-fd", "@"),
   ARGPARSE_s_s (oPassphraseFile,  "passphrase-file", "@"),
   ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
@@ -3151,6 +3153,9 @@ main (int argc, char **argv)
 	  case oPassphrase:
 	    set_passphrase_from_string(pargs.r.ret_str);
 	    break;
+	  case oPassphraseEnv:
+	    set_passphrase_from_environment_variable(pargs.r.ret_str);
+	    break;
 	  case oPassphraseFD:
             pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
             break;
diff --git a/g10/keydb.h b/g10/keydb.h
index 1def2bb..db88df9 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -279,6 +279,7 @@ gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr,
 unsigned char encode_s2k_iterations (int iterations);
 int  have_static_passphrase(void);
 const char *get_static_passphrase (void);
+void set_passphrase_from_environment_variable(const char *envvar);
 void set_passphrase_from_string(const char *pass);
 void read_passphrase_from_fd( int fd );
 void passphrase_clear_cache (const char *cacheid);
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 10574ec..17e2596 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -159,6 +159,19 @@ set_passphrase_from_string(const char *pass)
   strcpy (fd_passwd, pass);
 }
 
+void
+set_passphrase_from_environment_variable(const char *envvar)
+{
+  const char *val = getenv(envvar);
+  if (val == NULL)
+    val = "";
+  xfree (fd_passwd);
+  fd_passwd = xmalloc_secure(strlen(val)+1);
+  strcpy (fd_passwd, val);
+  /* clean up sensitive environment variable to avoid accidental
+     propagation: */
+  unsetenv(envvar);
+}
 
 void
 read_passphrase_from_fd( int fd )

-----------------------------------------------------------------------


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list