--passphrase and command line

hymie! hymie at lactose.homelinux.net
Thu Jan 15 13:33:28 CET 2015


In our last episode, the evil Dr. Lacto had captured our hero,
  Werner Koch <wk at gnupg.org>, who said:
>On Wed, 14 Jan 2015 17:23, hymie at lactose.homelinux.net said:
>
>> I'm sorry... "Don't set a passphrase on my key" ?  How is that possibly a
>> good idea?
>
>Why do you need a passpharse stored somewhere on your system to protect
>a key stored somewhere on the system?  As easy as it is to read the key,
>as easy it is to read the passphrase.

Ah, OK.  I'm confused because you're making assumptions because I was
trying not to be overly verbose.

My preferred vi clone ("vile") has macros to encrypt, decrypt, and
clearsign buffers.   Part of this macro is to ask the user to type in
the key passpharse, which is then passed to the gpg2 command.
Unfortunately, the method this macro uses is to add the passphrase into
the buffer itself, then use this line (containing only the passphrase)
as "stdin" for an external command "gpg2 blah blah --passphrase-fd 0".

This has two unfortunate side effects:
1. I can sometimes see the passphrase when it is briefly added to the buffer
2. If I "undo" the last command (sign), the passphrase is left in the buffer

I was hoping to see if I could adjust the macro to use a command-line
passphrase instead, which would resolve both side effects.  It worked
correctly, except for the "ps" problem that I originally described.

I'm not storing the passphrase anywhere.  I'm typing it on demand into
a macro that is then going to put it into a command.  The question is,
"What is the most secure way that I can do this?"  I suppose a temp file
could work, but I don't like the idea of having the passphrase written to
the disk.  A temp file on a ram disk would be better, but I don't currently
have any ram disks set up.  I could depend on the gpg-agent and pinentry,
as long as my X client is running properly and reasonably securely.  But
I'm still thinking that --passphrase is the best compromise between
reasonably secure and reasonably portable.

--hymie!    http://lactose.homelinux.net/~hymie    hymie at lactose.homelinux.net




More information about the Gnupg-devel mailing list