0

I've been wanting to create a simple web application that would allow me to view certain text files that I've encryped with GnuPG residing on my webserver through any browser remotely.

I've figured that the best way to do this is to set up a login system with user and password (seperate from that to decrypt my private key).

Once I've logged in, the server would attempt to decrypt the encrypted file and request my private key password. I can then prompt the browser for private key pass. Then I'd send the decrypted file back in plaintext (over TLS)

While it would only be me using this setup, I'm thinking that the only way for me to send my password to the GnuPG program is for my server to take the string and then use in in the password prompt of GnuPG. Are there any security implications I should be aware of when piping input in a web form into bash when gpg asks for a password (or any security issues with this entire design).

The entire session would be encrypted with TLS. I would also probably disable the gpg-agent, not that there would be any concurrent users on my private server. The end goal is for me to be able to access my passwords from ZX2C4 pass from any browser.

rrego
  • 3
  • 2
  • Just a question for you, why not use something like sftp or ssh with a firewall rule to only allow your ip? Then you could have them encrypted and download them encrypted then decrypt on your client system? And the password client could still login to your sftp. – RB4 Feb 10 '16 at 03:23
  • This is mainly to access my files on library computers or computers where I cannot change settings. I have access to my passwords on my phone, but it would be easier for me to just access my passwords through the web. – rrego Feb 10 '16 at 07:11

1 Answers1

1

First of all, there's a pretty good chance that whatever you're trying to build, somebody else has built it already. That doesn't mean they built it right, but a solution probably exists.

Second, whatever web framework you intend to use, there's a pretty good chance that a GPG library exists for it, so you can call the gpg functions directly in code instead of shelling out to a command line.

Third, gpg command line has a --batch option that is specifically designed for non-interactive use where you have a program running the executable instead of a user at a terminal.

And finally, the primary danger with passing user input to command line programs is shell interpretation. If you execute the application directly (e.g. using execve or execle or any of the exec syscalls) where options are passed as a list not as a single space-delimited string, then no escaping or special treatment of parameters is needed, since the parameters are not being read and interpreted by a shell. As a rule, shell interpretation is bad unless you know otherwise, and should be avoided.

tylerl
  • 82,225
  • 25
  • 148
  • 226
  • Thanks for your thorough response. Unfortunately I haven't been able to find a readymade solution to decrypt and deliver GPG files. Thanks for pointing me in the right direction. There is a library for PHP which seems usable. – rrego Feb 10 '16 at 07:24