crypto Passcode option (command-line)

Passcode option (command-line)

Open chrisidefix opened this issue 9 years ago • 6 comments

It could be useful at times to allow the user to provide the passcode at the time of calling crypto. It is partially related to issue #8, but not really a solution to it. Right now I basically am imagining the same option that gpg provides on the command-line with --passphrase.

Of course the passphrase will be visible on the commandline (and in the commandline history), if you are using this option, but the same is true if you use it with gpg directly. There are many scenarios though, where I would like to be able to call crypto, but not have to wait for it to ask for a passphrase or I might want to call it multiple times from another script and not have to manually type in the passphrase.

I already have a rough implementation for this, if you like to have a look.

Apr 11 '15 02:04 chrisidefix

To solve the visibility on the command line, I regularly use for gpg --passphrase-file with a temporary file containing the passphrase.

May 24 '15 15:05 tbloo

Christoph submitted a PR addressing this issue. we are planning to pipe the passphrase through stdin using --passphrase-fd 0 . Discussing it over on Slack if you're interested in getting involved. be happy to send an invite.

May 24 '15 16:05 chrissimpkins

Writing an actual file to disk with the plaintext pswd inside is probably more useful for long keys (such as your private ssh key). When it comes to crypto, maybe we should also have a --passphrase-fd option (since I only implemented the fix for gpg)?

May 26 '15 07:05 chrisidefix

think that this is widely used?

May 27 '15 16:05 chrissimpkins

Not really :) I was thinking the whole --passphrase option may not be a good idea in the end and we could probably still PIPE the passphrase to crypto, if we wanted to script it. (One thing we might want to consider is disabling the passphrase authentication, which could be annoying at times)

May 28 '15 11:05 chrisidefix

Definitely agree about the passphrase option given this issue. I like the authentication on the encryption end, agree that it is unnecessary on the decryption side. Will create a new issue and remove it.

— Chris

On Thu, May 28, 2015 at 7:41 AM, chrisidefix [email protected] wrote:

Not really :) I was thinking the whole --passphrase option may not be a good idea in the end and we could probably still PIPE the passphrase to crypto, if we wanted to script it. (One thing we might want to consider is disabling the passphrase authentication, which could be annoying at times)

Reply to this email directly or view it on GitHub: https://github.com/chrissimpkins/crypto/issues/10#issuecomment-106286503

May 28 '15 12:05 chrissimpkins

crypto
crypto copied to clipboard

Passcode option (command-line)

Not really :) I was thinking the whole `--passphrase` option may not be a good idea in the end and we could probably still PIPE the passphrase to crypto, if we wanted to script it. (One thing we might want to consider is disabling the passphrase authentication, which could be annoying at times)

crypto crypto copied to clipboard

Passcode option (command-line)

Not really :) I was thinking the whole --passphrase option may not be a good idea in the end and we could probably still PIPE the passphrase to crypto, if we wanted to script it. (One thing we might want to consider is disabling the passphrase authentication, which could be annoying at times)

crypto
crypto copied to clipboard

Not really :) I was thinking the whole `--passphrase` option may not be a good idea in the end and we could probably still PIPE the passphrase to crypto, if we wanted to script it. (One thing we might want to consider is disabling the passphrase authentication, which could be annoying at times)