token: use gpg for decryption#27
Open
ericchiang wants to merge 1 commit intotschuy:masterfrom
ericchiang:use-gpg
Open
token: use gpg for decryption#27ericchiang wants to merge 1 commit intotschuy:masterfrom ericchiang:use-gpg
ericchiang wants to merge 1 commit intotschuy:masterfrom
ericchiang:use-gpg
Conversation
tschuy
requested changes
Apr 30, 2018
| func Decrypt(encoded []byte) ([]byte, error) { | ||
| if hasGPG() { | ||
| var stderr, stdout bytes.Buffer | ||
| cmd := exec.Command("gpg", "--decrypt") |
Owner
There was a problem hiding this comment.
I'd prefer to use gpg --quiet --decrypt --batch and then catch on stderr. Here's what it looks like with a password-based key:
tschuy/projects/gotp → gpg --batch --quiet --decrypt < temp
gpg: gpg-agent is not available in this session
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: decryption failed: secret key not available
Owner
There was a problem hiding this comment.
my main thing here is that if you're using password based encryption with a local key and the key is in gpg-agent, without batch you get a bunch of error text:
tschuy/projects/gotp → gpg --quiet --decrypt < temp
You need a passphrase to unlock the secret key for
user: "Evan Tschuy <evan.tschuy@coreos.com>"
4096-bit RSA key, ID 0x0C590A882B35D2A4, created 2017-01-25
(subkey on main key ID 0xCE8111086BAD4E55)
[decrypted message here]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cc @tschuy
Can you see if this still works? If it does I'll switch the encryption too.