Hi all,
I use a python script to (a) open a file encrypted with a symmetric
cipher using a passphrase, (b) do some operations on it, and (c)
re-encrypt it.
So far i've had GnuPG handle the user input of the passphrase, e.g.:
os.system('gpg foo.gpg')
# Do something with file 'foo'
os.system('gpg -c foo')
However, this obliges the user to enter the password three times
--rather annoying. I am looking for a way to avoid this.
An obvious, but probably unsafe, solution would be to use python's
passphrase-reading facility along with GnuPG's --passphrase option,
e.g.:
passwd = getpass.getpass()
os.system('gpg --batch --passphrase ' + passwd + ' foo.gpg')
# Do something with file 'foo'
os.system(''gpg -c --batch --passphrase ' + passwd + ' foo')
But then the passwd variable would be lying unprotected in memory during
script execution (and perhaps beyond)... Is there a nice way to do this
operation safely? I looked around a little, and i suspect that GPGME
might offer the way, but from the provided online API documentation i am
not sure exactly how :) Any hints appreciated!
That said, i am wondering whether there is actually a point in taking
this extra precaution: Once foo.gpg is decrypted and opened by the
python script, its decrypted contents will find their way in memory...
which is about as bad as having the passphrase lying around in memory,
is it not?...
Should i be thinking about this in a completely different framework? Is
there any semi-automated way (external libraries?) to guarantee that the
application memory is protected from things like paging, core dumps,
ptrace attacks and so on? Or am i just giving you a good laugh? :)
I would probably be quite happy if i could guarantee that the passphrase
and file contents are no longer accessible once the script terminates.
Thanks!
Chris
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
