Skip to content

Commit f082134

Browse files
estespestesp
authored
Merge pull request #3475 from stefanberger/gpg2-passphrase-via-file
ECI: gpg: Pass the passphrase to the gpg2 tool using a pipe
2 parents d3e539a + 5cf7991 commit f082134

1 file changed

Lines changed: 16 additions & 1 deletion

File tree

pkg/encryption/gpg.go

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -131,9 +131,24 @@ func (gc *gpgv2Client) GetGPGPrivateKey(keyid uint64, passphrase string) ([]byte
131131
args = append(args, []string{"--homedir", gc.gpgHomeDir}...)
132132
}
133133

134-
args = append(args, []string{"--pinentry-mode", "loopback", "--batch", "--passphrase", passphrase, "--export-secret-key", fmt.Sprintf("0x%x", keyid)}...)
134+
rfile, wfile, err := os.Pipe()
135+
if err != nil {
136+
return nil, errors.Wrapf(err, "could not create pipe")
137+
}
138+
defer func() {
139+
rfile.Close()
140+
wfile.Close()
141+
}()
142+
// fill pipe in background
143+
go func(passphrase string) {
144+
wfile.Write([]byte(passphrase))
145+
wfile.Close()
146+
}(passphrase)
147+
148+
args = append(args, []string{"--pinentry-mode", "loopback", "--batch", "--passphrase-fd", fmt.Sprintf("%d", 3), "--export-secret-key", fmt.Sprintf("0x%x", keyid)}...)
135149

136150
cmd := exec.Command("gpg2", args...)
151+
cmd.ExtraFiles = []*os.File{rfile}
137152

138153
return runGPGGetOutput(cmd)
139154
}

0 commit comments

Comments
 (0)