twiss
commented
2 years ago Hey :wave: Thanks for the report! Should be fixed in 739d8bbc1abb0f98a21787b1028afb5452254150. I fixed a few other things as well, including expanding and fixing support for session key input and output. (There's still a lot of other things to be done, though..)
The spec refers to both
SESSIONKEYandPASSWORDdata types as indirect data types, not direct data types, meaning that they're read by reference (by default, as filenames), rather than being placed directly on the command line.However, I notice that gosop for sop accepts and expects passwords directly on the command line. For example:
will use the literal string
password.txtas the password instead ofabc123.gosop doesn't yet implement session-key input afaict, but when it does, it should also treat that as indirect, to avoid leakage of sensitive data on the command line.
See discussion at https://gitlab.com/dkg/openpgp-stateless-cli/-/issues/45 about how this was never extremely clear in the spec, sorry about that!
The gosop documentation makes it clear that it expects the passphrase as a string on the command line. An implementation that does this would leak this secret to the process table, which is not great on most multiuser systems:
https://github.com/ProtonMail/gosop/blob/046feea9867a570681c0ebb99ebeb23467ea6aba/README.md?plain=1#L28