Reading Passwords From /dev/tty

Evan Klitzke evan at
Tue Aug 1 07:26:03 CEST 2017

Hi all,

I have a question about something I've seen in the GnuPG source code, and I
hope someone here knows the answer.

Many Unix programs, including GPG, read from /dev/tty when reading a
password. In GnuPG the code for this lives in common/ttyio.c, in particular
via tty_get_hidden() which calls do_get(). As I understand it, you get a
pseudo-TTY (pty) file descriptor when you open /dev/tty, and then that fd
is put into no echo mode before reading the password. This is also how sudo
reads passwords (by default anyway, it has a mode to fall back to stdin).

I have seen some other projects that read passwords by putting stdin into
no echo mode, and then literally just reading from stdin. This *does* seem
to work (assuming you make sure to restore echoing after reading the
password!), but I am curious why projects like GPG and sudo prefer using
/dev/tty. Does anyone know what the argument is for using a pseudo-TTY?

Evan Klitzke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170801/efdb8b96/attachment.html>

More information about the Gnupg-devel mailing list