Secure password input without GUI?

[TechInterMezzo]

Is there any way to pass a password securely to the mount command? That could be really useful for pure command line usage.

[bailey27]

Do you mean you would like to input the password each time you mount from the command line (and have ***** echoed back)?

As it is now, if you specify a password on the command line, the password ends up getting passed through the windows OS process startup code, and then it ends up being sent in a windows message to the already-running instance of cppcryptfs. This is not secure.

Another issue is cppcryptfs is a windows GUI subsystem program, not a command line (console mode) program. I didn't want to make a separate command line program (e.g. cppcryptfsctl.exe), so I tried to make cppcryptfs mimic a command line program as much as possible.

I'm working on changing cppcryptfs to use a named pipe to send the command line arguments. I'm also working on a cppcryptfsctl.exe console mode program to handle the command line operations.

With the named pipe, I'm going to make cppcryptfs and cppcryptfsctl both verify that the process on the other end of the pipe is a signed instance of cppcryptfs. This should be secure.

cppcryptfsclt.exe command line program will be able to input the password securely (echo ****) .

For now, the most secure way to use a password from the command line is to use the save password feature.

If you enable saved passwords in the gui and mount with using the gui with save password checked, then if you mount from the command line using -P (no argument) instead of -p password, it will mount with the saved password.

The saved passwords feature uses the windows Data Protection API.

[TechInterMezzo]

My thought was about a way to let an external tool pass the password to cppcryptfs. So maybe one could be able to program a plugin for KeePass. It doesn't have to be maximum secure but better than passing a password as a cleartext command line argument.

[kbh81]

With the release of cppcryptfsctl.exe is there any update for this issue? I have the same usecase, calling cppcryptfs from KeePass by entering cmd://C:[...]\cppcryptfs.exe -m H:[...]\cfs -d s -p {PASSWORD} -t in their URL field. I do not want to use the -P and save password option, as then anybody that has system access could mount the FS. Would it be more secure to now change the call to utilize cppcryptfsctl.exe instead of cppcryptfs.exe for the call originating from KeePass? Thanks for your help and the great program, I appreciate it alot!

[bailey27]

The KeepPass plugin sounds interesting. I know a little C# and would like to learn more. I think it would be a fun project.

I use KeePass myself for other things, but I just remember my cppcryptfs password and type it in every time I mount.

The saved password feature uses Windows DPAPI to encrypt the saved passwords. Only the current logged in user should be able to use the saved passswords for their account. Another account on the system shouldn't be able to decrypt them.

cppcryptfsctl.exe is basically just a console program that only knows how to send command lines to cppcryptfs. So there is almost no difference between invoking cppcryptfsctl vs invoking another instance of cppcryptfs to send a command line to an already-running cppcryptfs. I did cppcryptfsctl so I pipe the output of the command to a file or to another program like findstr. It also sets the %ERRORLEVEL% for use in batch files.

Both cppcryptsf and cppcryptfsctl now use a Windows local named pipe to send the command line to the running cppcryptfs. Before this was done with a WM_COPYDATA message which was less secure. Also, both cppcryptfsctl and cppcryptfs, if they are signed, check that the program on the other end of the named pipe is also signed and the common name in the signatures are the same.

But you're still passing the password on a command line now with either cppcryptfs or cppcryptfsctl.

[kbh81]

Thanks for that explanation. I agree that a KeePass plugin sounds like a fun project. I am sure there are people out there besides me that would appreciate it.

[Mordo71]

@bailey27 Thank you for this efficient work ! I am a satisfied user of cppcryptfs. You told us in a previous post in this issue that you enter your password manually anytime you start cppcryptfs. I am doing the same but with an error at every start... Which options do you put in the command line ? I would like not having an error ("a password cannot be empty") and directly having the cursor set in the password field of the cppcryptfs dialog window. I did not found the answer in your read.md file.