GnuPG Security Disaster?
Bernard
bht@actrix.gen.nz
Wed Jan 2 10:20:01 2002
Hi Dmitri,
Thanks for your helpful reply.
Today the subject has become even more interesting since I have
managed the first time to get the passphrase through stdin.
So the batch file issue for _decryption_ is gone :)
The interesting part is that in comparison, _encryption_ does not seem
to cooperate in the same way.
Are you or is anybody else aware of a significant difference between
the transmission method of the passphrase during decryption via
--passphrase-fd n
and the transmission method of the input data during encryption via
default stdin?
You see, I cannot any longer blame Java or Win95 for the failure since
I know that 50% of GnuPG works under Java for me and 50% doesn't.
During encryption, stdout and stderr are empty after stdin was written
to and closed while gpg hangs, apparently still waiting for input on
stdin.
Everything works as expected from a Windows batch file outside Java.
No surprise, under Linux things work from within Java anyway.
Regards,
Bernard
On Tue, 1 Jan 2002 17:08:58 -0800, you wrote:
[snip]
>Quoting Bernard <bht@actrix.gen.nz>:
>
>> I am using gnupg decryption executed from within a Java application in
>> an external Win95 process.
>>=20
>> Due to a bug somewhere between Win95/98 and the Java Virtual Machine,
>> Java cannot write to stdin of the external gnupg process.
[snip]
>
>Java does not have DOS loader built in (it's part of the OS), therefore =
it
>has to pass the executable name and parameters to the OS for loading and
>starting the process (like system() call). At this moment you lose =
control
>of your command line parameters, passphrase included. The OS itself, and
>any 3rd party utilities (like pview and debuggers) can get to that data.
>
>> Can anyone suggest a more civilised approach to interfacing to the
>> Windows executable from within Java?
>
>Use GPGME? JNI would be nice.
[snip]
Sounds like an interesting project.
But I am not sure whether I should start a new approach (no experience
with JNI) while it appears that what I need is indeed possible with
the GnuPG command line tool.
Regards,
Bernard