Feature #4588
closed
ndnsec export/import: accept passphrase from command line option
Added by Junxiao Shi over 6 years ago.
Updated over 3 years ago.
Description
ndnsec export and ndnsec import require a passphrase to encrypt and decrypt the SafeBag, and they use getpass function to receive passphrase input from an interactive terminal. It is difficult to invoke these programs using an automated process such as NFD IntegrationTests.
This issue introduces a command line option to these programs, to enable passphrase entry from an automated process.
- Assignee set to Junxiao Shi
I plan to introduce ndnsec export --passout and ndnsec import --passin options. The syntax will be a subset of openssl pass phrase options:
pass:password sets the passphrase to the given string. This option is insecure.env:var sets the passphrase to the environment variable. This option is insecure.fd:number reads the passphrase from the given file descriptor using C API. This option is secure.file:pathname and stdin are not supported.
The programs would not attempt to cleanse the memory used by command line option or environment variable.
All passphrase entry facilities, including existing getpass, will be encapsulated into src/util/passphrase.hpp. Its API looks like:
class PassPhrase
{
public:
static optional<PassPhrase> prompt(const std::string& command_line_option, const std::string& prompt_for_getpass);
// does not include "confirm" step; return nullopt if failure; blank password is allowed
~PassPhrase(); // cleanse
const char* get() const;
size_t size() const;
};
Passphrases are limited to 255 chars excluding NUL terminator. I believe this is a reasonable limit.
- Has duplicate Feature #4633: Allow password to be specified to ndnsec-import/export on command line added
- Related to Bug #4379: integration tests: fix broken tests added
Can this issue be expedited? It's causing the integration tests to be unavoidably broken.
- Assignee deleted (
Junxiao Shi)
- Priority changed from Normal to High
I don't think Junxiao is working on this. I suggest you find another assignee or implement it yourself :)
- Related to deleted (Bug #4379: integration tests: fix broken tests)
- Blocks Bug #4379: integration tests: fix broken tests added
- Status changed from New to In Progress
- Assignee set to Alex Afanasyev
- Status changed from In Progress to New
- Assignee changed from Alex Afanasyev to Junxiao Shi
- Priority changed from High to Normal
- % Done changed from 0 to 40
- Blocks deleted (Bug #4379: integration tests: fix broken tests)
- Target version deleted (
v0.7)
- Status changed from New to Closed
- Assignee changed from Junxiao Shi to Alex Afanasyev
- % Done changed from 40 to 100
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by