A last word on --passphrase-fd

Frank Tobin ftobin@uiuc.edu
Fri, 21 Jan 2000 16:23:06 -0600 (CST)


Werner Koch, at 10:52 on Fri, 21 Jan 2000, wrote:


> Doing tricky stuff to feed the passphrase to gpg is futile and only
> makes the code more complex and error prone.
What I think some are wanting to say is that they don't only want 'tricky' ways to handle passing the passphrase to GnuPG; some languages don't have all the niceties of finding the numerical fd, and then being able to pass it down to GnuPG via a fd. I'm not saying that passphrase-fd is bad. Rather, I think it's a very good interface given the non-anonymity design of most unixes. However, I just don't think that there is anything inherently wrong with passing it in via an argument; it is only a problem if other users on the system can see the argument list of other users's processes. And this should not be taken for granted, just because most people use Linux where this is possible. Therefore, I think there is no reason _not_ to allow the information to passed in as an argument. It's the programmer's responsibility to handle the situation correctly for his environment. I feel that making this decision for him is a bad thing. There's More Than One Way To Do It (TMTOWTDI - Perl Motto).
> There are two scenarios I can see for that --passphrase-fd makes sense:
I could create other scenarios. For example, consider an example where the daemon process only has access to the secrets (passphrase and secret key) some of the time. What do I mean? Well, consider a scenario where the passphrase file is mounted over a networked filesystem. The host only allows clients to connect at certain times; the reasons for this could be several, including easier control, monitoring, analysis of what is going on. This also allows for separation of secrets. The secret key's passphrase file is mounted at certain times, allowing the daemon access to it. The same could be done with the secret keyfile. This separation of secrets could actually be useful in somesituation. I'm not saying this system is currently feasible or secure; I'm only using it to demonstrate that that there definitely could be situations that you don't think of. Once again, There's More Than One Way To Do It. -- Frank Tobin http://www.neverending.org/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus OpenPGP: 4F86 3BBB A816 6F0A 340F 6003 56FF D10A 260C 4FA3