New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
read raw key from stdin if --key isn't specified #271
Conversation
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
@googlebot I signed it! |
Sorry for the slow response. A couple comments: Storing a "raw key type" on disk feels like the wrong approach. This is really just another way of passing a raw key to the program, so there shouldn't be any need to store anything on-disk. Why not just make Also, please ensure that all tests are passing. See CONTRIBUTING.md for how to run them yourself. E.g., |
You mean we should remove the currently supported option of passing a raw key file that's stored on disk ? Also writing to standard input a raw data will mess up bash environment. The terminals are not optimized to process binary data. Is this what you mean? |
No, that's not necessary. In noninteractive mode, if --key is specified then read the key from the specified file, otherwise read the key from stdin.
This is only true in interactive mode. It would be possible to make the interactive mode ask whether the user wants to provide the key as a key file or as a base64-encoded string. However, would this actually be useful? I think the main benefit of supporting providing the key on stdin is for noninteractive mode. |
Last commit includes reading raw key from stdin but you need to pass The dash character argument to point to stdin is barrowed from cryptsetup for exactly the same purpose which is reading key files. I think we should change
|
Any reason not to just read the key from stdin if Also, please drop any obsolete changes from the pull request (and squash together commits as needed). There are still changes to add RawKeyType, but that shouldn't be needed as I explained earlier, right? |
Done ! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please update cli-tests/t_encrypt_raw_key.sh
to test this new feature?
Also, this breaks interactive use of raw_key:
$ fscrypt encrypt dir/
Should we create a new protector? [y/N] y
The following protector sources are available:
1 - Your login passphrase (pam_passphrase)
2 - A custom passphrase (custom_passphrase)
3 - A raw 256-bit key (raw_key)
Enter the source number for the new protector [2 - custom_passphrase]: 3
Enter a name for the new protector: raw_key
The program just hangs after that because it is reading from stdin.
As I suggested earlier, reading the key from stdin should only happen in noninteractive mode.
} | ||
} | ||
key := bytes.NewReader(buf) | ||
return crypto.NewFixedLengthKeyFromReader(key, metadata.InternalKeyLen) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not just:
return crypto.NewFixedLengthKeyFromReader(bufio.NewReader(os.Stdin), metadata.InternalKeyLen)
I think you can just use |
Hello everyone,
This pull request contains some additions to fscrypt so you can now pass base64 encoded raw key and use it without the need to create the raw key file on the file system and worry about its security.
Best