Feature Request: read key from stdin / executable stdout

[phryneas]

Hi, I have a rather special use case: I'm using a OpenGPG smartcard for most of my crypto operations, as it is more convenient for me than PKCS#11 (which I would almost exclusively use for gpg in the end... ;) )

So in Linux, I just call cat key.gpg | gpg | cryptsetup open /dev/sdb2 crypted and I'm golden.

Now I've stumbled over doxbox, and I'm really excited that I can access my encrypted device from windows, too.

But right now, to use doxbox, I would have to create a ramdisk, decrypt my keyfile there (which would at least keep it from the disk, but still potentially leak it to running software) and then use that keyfile with doxbox. Not really the use case I am intending.

So what I'm asking for is:

• would it either be possible to add the option to execute a program to get the key to the gui
• or add a switch to the command line tools to either execute a command for the key or read stdin?

I've written a similar patch for encfs4win, but my c++ sucks (really hard) and it never got reviewed/integrated (as that project seems to be dead), so I can't say much for the quality. Maybe it can be partly salvaged, either by you or I can try to integrate it myself if you can give me some hints on where to start to do it myself. That commit can be found here: https://github.com/phryneas/encfs4win/commit/ece8c18d333dc8cf12d630ff509e3410aa64de48

(on an unrelated sidenote: where do I get the CLI tools? they are mentioned in the FAQ but not installed with the default installation - do I have to compile them myself?)

[t-d-k]

I intend to improve the command line, which will include an option to read the key from stdin, which should solve your problem. The CLI tools are not included, they have to be built. They are also quite basic - they don't open arbitrary volumes or read passwords from stdin, so wouldn't solve the problem.

[phryneas]

Then I'll have to wait for that option for the command line (and play around a bit with the CLI tools in the meantime). :+1:

At one point I might have hit a language barrier: what do you mean by "arbitrary" volumes?

[t-d-k]

I mean the paths, volume types, even the passwords are hard-coded, and there's no parameters to set them. These are mostly meant for testing.

[phryneas]

Yuck xD Maybe I'll take a look at that when I've got some spare time :)

[linux-modder]

@phryneas: you mean in the way gpg uses askpass ?

[phryneas]

If you mean "starting an external program, let it do it's magic and expect a result on STDIN", then yes - but I'm not really familiar with anything called gpg askpass. Do you mean pinentry?

[linux-modder]

familiar with the gui prompt for gksudo / ksudo ? like that it runs with gpg and cryptsetup as well if confirmed to run in / with Xorg

[phryneas]

Mh, yes, but my idea would be to allow to specify just any such tool with it's command name and let that go on from there. If there is need for user-interaction, gpg (or any other tool) will display a gui. But if there is no need (cached password in gpg-agent or such), it will just decrypt the password and supply it to doxbox.

[linux-modder]

that is default behavior tho so should be easy enough... personally not a fan of gui with keys or passes

[linux-modder]

@phryneas, feel free to fork and make a pull request adding your master branch

[phryneas]

See my initial comment: the patch I linked was created for another crypto project, encfs4win - not for LibreCrypt. I just figured it may be salvageable for this project - so I have nothing worth a pull request right now. This was more of a feature request saying "hey, maybe that code could help you implement it more easily" than a pull request.

But further looking at the source tree I notice that most of this project is written in Delphi, not c++ as I initially assumed - a language I haven't touched in the last 12 years. So I fear it won't be of too much help, sorry :|

[linux-modder]

If you or anyone else is willing to help spin me up on delphi I'd be willing to convert and update for intregration (never touched delphi)

[phryneas]

It's not even the same company as back then (was Borland), so I doubt it is the same development environment I know - sorry, but I know as much there as you do.