1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-16 12:03:03 -05:00
Simon Tatham 0fadffe0cb Add command-line passphrase-file options to command-line PuTTYgen.
Patch due to Colin Watson.

Putting the passphrase in a file avoids exposing it to 'ps' which can
print out every process's command line, while at the same time not
being as platform-specific as the approach of providing an fd number
(since cmdgen.c is in principle a potential cross-platform PuTTYgen,
not just a Unix one, which is why it's not in the 'unix' directory).

Of course it introduces its own risks if someone can read the file
from your disk after you delete it; probably the best approach to
avoiding this, if possible, is to point the option at a file on an
in-memory tmpfs type file system. Or better still, use bash-style
/dev/fd options such as

  puttygen --new-passphrase <(echo -n "my passphrase") [options]

Failing that, try a secure file-wipe utility, as the man page change
mentions.

(And a use case not to be overlooked, of course, is the one where you
actually want to generate an unprotected key - in which case, just
pass /dev/null as the filename.)
2016-03-17 18:55:57 +00:00
..
2006-12-19 10:28:44 +00:00
2016-02-29 19:59:59 +00:00