KeyczarTool private key export reveals passphrase

[GoogleCodeExporter]

When exporting a private key as a PKCS8 file, the user has to specify the 
passphrase on the command line with --passphrase="my password".  This makes it 
possible for users of arcane hacking tools like "ps" to discover the 
passphrase.  Not good.

I had intended to use --passphrase as a boolean flag indicating "prompt me for 
a passphrase" and then to have KeyczarTool prompt twice, without echo, etc.  
But then I got busy and forgot.

Filing this bug to make sure I don't continue to forget.

Original issue reported on code.google.com by swillden@google.com on 14 Oct 2011 at 2:42

[GoogleCodeExporter]

I refactored the code a bit and added this fix to pbe (--pass) as well as 
import and export passphrases (--passphrase). 

Couple things I still want to change, but are a bit more complicated/change the 
interface:
1) change the --pass and --passphrase to something more clear to specify that 
pass relates to pbe encryption of a keyczar key and passphrase relates to 
imported and exported pem/der files. Also pass and passphrase don't seem like 
good names for boolean args. perhaps --pbe and --import_pbe and --export_pbe

2) Add password callbacks to the import and export functions in openssl that 
will force an error if a password is not supplied instead of prompting on NULL 
when a file requires a password. KeyczarTool should be triggering all password 
prompts. The actual import/export should use the keys it was supplied as input. 
This will allow our code to be more usable as library code.

https://code.google.com/p/keyczar/source/detail?r=3402d9dd6931b0980cdb17f9f0fd53
8455533043&name=cpp_pbe_refactor

Original comment by dlundb...@google.com on 10 Sep 2013 at 4:56

• Added labels: ****
• Removed labels: ****