Feature #4588
closed
ndnsec export/import: accept passphrase from command line option
100%
Description
ndnsec export and ndnsec import require a passphrase to encrypt and decrypt the SafeBag, and they use getpass function to receive passphrase input from an interactive terminal. It is difficult to invoke these programs using an automated process such as NFD IntegrationTests.
This issue introduces a command line option to these programs, to enable passphrase entry from an automated process.
Updated by Junxiao Shi over 6 years ago
- Assignee set to Junxiao Shi
I plan to introduce ndnsec export --passout and ndnsec import --passin options. The syntax will be a subset of openssl pass phrase options:
pass:passwordsets the passphrase to the given string. This option is insecure.env:varsets the passphrase to the environment variable. This option is insecure.fd:numberreads the passphrase from the given file descriptor using C API. This option is secure.file:pathnameandstdinare not supported.
The programs would not attempt to cleanse the memory used by command line option or environment variable.
All passphrase entry facilities, including existing getpass, will be encapsulated into src/util/passphrase.hpp. Its API looks like:
class PassPhrase
{
public:
static optional<PassPhrase> prompt(const std::string& command_line_option, const std::string& prompt_for_getpass);
// does not include "confirm" step; return nullopt if failure; blank password is allowed
~PassPhrase(); // cleanse
const char* get() const;
size_t size() const;
};
Passphrases are limited to 255 chars excluding NUL terminator. I believe this is a reasonable limit.
Updated by Davide Pesavento over 6 years ago
- Has duplicate Feature #4633: Allow password to be specified to ndnsec-import/export on command line added
Updated by Davide Pesavento over 6 years ago
- Related to Bug #4379: integration tests: fix broken tests added
Updated by Eric Newberry over 6 years ago
Can this issue be expedited? It's causing the integration tests to be unavoidably broken.
Updated by Davide Pesavento over 6 years ago
- Assignee deleted (
Junxiao Shi) - Priority changed from Normal to High
I don't think Junxiao is working on this. I suggest you find another assignee or implement it yourself :)
Updated by Davide Pesavento over 6 years ago
- Related to deleted (Bug #4379: integration tests: fix broken tests)
Updated by Davide Pesavento over 6 years ago
- Blocks Bug #4379: integration tests: fix broken tests added
Updated by Davide Pesavento over 6 years ago
- Status changed from New to In Progress
- Assignee set to Alex Afanasyev
Updated by Junxiao Shi over 6 years ago
It’s a partial solution. I do intend to work on the full note-1 solution at some point, so reassign this issue to me once that change merges.
Updated by Alex Afanasyev over 6 years ago
- Status changed from In Progress to New
- Assignee changed from Alex Afanasyev to Junxiao Shi
- Priority changed from High to Normal
- % Done changed from 0 to 40
Updated by Junxiao Shi over 6 years ago
- Blocks deleted (Bug #4379: integration tests: fix broken tests)
Updated by Junxiao Shi over 3 years ago
- Status changed from New to Closed
- Assignee changed from Junxiao Shi to Alex Afanasyev
- % Done changed from 40 to 100
Junxiao Shi wrote in #note-9:
It’s a partial solution. I do intend to work on the full note-1 solution at some point, so reassign this issue to me once that change merges.
Plan canceled.