Support passing of passwords via file

ebourg / jsign

Java implementation of Microsoft Authenticode for signing Windows executables, installers & scripts

https://ebourg.github.io/jsign

Apache License 2.0

250 stars 107 forks source link

Support passing of passwords via file #153

Closed cpfeiffer closed 1 year ago

cpfeiffer commented 1 year ago

This PR adds support for supplying the password for keystore and private key through a file instead of passing them directly as a parameter to the CLI.

Passing them as a parameter makes them visible to everyone who can run ps -au, so pretty much to every user on the system. Using files with tight permissions OTOH can make this a bit more secure.

We're having this change for years already and I'm wondering if this would be applicable for your version as well.

ebourg commented 1 year ago

Thank you for the PR, but this is already implemented in KeyStoreBuilder:readPassword‎() when the password is prefixed with file:. It also supports loading from an environment variable with the env: prefix.

cpfeiffer commented 1 year ago

Ah, thank you, I will try using that instead.