Another idea (was Re: Password on command line?)

Daniel Carrera dcarrera@math.toronto.edu
Tue Aug 6 19:03:02 2002


On Tue, 6 Aug 2002, Steve Butler wrote:

> And now somebody can do a 'ps -ef' and see it on the command for many
> flavors of Unix.

Yeah, the best thing is to write the program entirely in Perl.
That is, unless the shell has some method of turning off output to the
screen.

Furthermore, if we do an 'echo "password" | gpg ...", that too would show
up on 'ps'.

Andrzej had a good idea about using an "HereDoc".

gpg --passphrase-f 0 --decrypt test.gpg <<EOH
passphrase
EOH

Because the passphrase is in STDIN, it won't show up on ps (is that
right?).

In Perl we can call programs effectively using an EOH:

`program <<EOH\nsome imput\nEOH`;

Therefore, the Perl program could be something like:

#!/usr/bin/perl -w

use strict;

use Term::ReadKey;
ReadMode('noecho');  # Turn off output to the screen.

print "Please enter your passphrase: ";
chomp( my $passphrase = ReadLine(0) );

`gpg --passphrase-f 0 --decrypt test.gpg <<EOH\n$passphrase\nEOH`;

# And so on


Daniel.