0

Considering using echo -n "passphrase" | gpg --batch --passphrase-fd 0 ... inside of Bash script (which should mitigate leaking passphrase to process list given echo is a built-in command, right?).

I need to know passphrase to create shares of it using Shamir Secret Sharing later in the script.

How can I supply string to encrypt to GnuPG? I usually use stdin for that.

Edit: following script appears to achieve what I want, but is it secure*?

*Passphrase and string are not leaked to other users nor written to file system and passphrase is cleared from memory once script exits.

*Script would run as non-admin with sudo privileges on read-only offline Raspberry Pi.

All feedback is welcomed as I might be naively considering an insecure approach.

#! /bin/bash

printf "%s\n" "Please type passphrase and press enter "

read -s passphrase

echo -n "bar" | gpg --batch --passphrase-fd 3 --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo sha512 --cipher-algo AES256 --symmetric --armor 3<<<"$passphrase"

According to ps ax, above script doesn’t leak passphrase to other users.

sunknudsen
  • 169
  • 1
  • 8
  • When you ask "Is it secure?" the counter-question always is "Secure from what?". What is the threat you're worrying about? –  Apr 12 '21 at 13:52
  • Thanks for helping out @MechMK1. Good point... I am looking for a way to achieve above without leaking passphrase or string to other users and without writing them to file system. I am aware above is likely not memory safe. – sunknudsen Apr 12 '21 at 13:55
  • Having a hard time finding good docs for Bash here-string stored in file descriptor. According to [this](https://askubuntu.com/a/678919) answer, here-strings are usually temporarily written to `/tmp`. – sunknudsen Apr 12 '21 at 13:56
  • So, another user on the same machine? Limited? Or with root capabilities? –  Apr 12 '21 at 14:34
  • @MechMK1 I would like to avoid limiting the scope of this question too much as I am trying to learn as much as possible from you guys... Which threat models are obvious to your give the above script and use case? – sunknudsen Apr 12 '21 at 14:38
  • That's the one thing you have to decide. Securing a script running on a machine where you are a limited user, with a potentially adversarial administrator is a *completely* different ball game than a script running on your machine, where you are the admin. And aside from that, limiting the scope of the answer is a *good* thing: It leads to answerable questions. Questions get closed when they are too broad, because answers would need to be as long as a book. –  Apr 12 '21 at 14:41
  • @MechMK1 Script would run on single-user read-only offline Raspberry Pi. – sunknudsen Apr 12 '21 at 14:44
  • Your answers are there: https://unix.stackexchange.com/questions/232063/what-is-most-secure-and-simplest-way-to-have-a-user-typed-password-on-bash-becom – nethero Apr 13 '21 at 13:41
  • not so much an answer, but a question: could you solve your problem with asymmetric encryption? if yes, you can quite readily encrypt something using `gpg` that can't be decrypted on that particular host – brynk Apr 19 '21 at 08:09

0 Answers0