Masking user input & encoding

Question

I wish to create a simple bash alias due to the amount of options & switches this particular set of functions requires. This is the background info and NOT the problem.

To perform the command in question requires a passphrase (often in multiple locations) which I would like to minimize and provide some privacy from other users at the same time.

Here is the alias example...

alias test="read -sp 'Enter passphrase: ' pass; gpg --batch --passphrase $pass --symmetric --cipher-algo aes256 -o file.ext.gpg file.ext"

The alias works fine, prompts the user to enter a passphrase and applies it to the decryption process.

THIS IS THE PROBLEM: If I encrypt the file and enter a passphrase (without using the read -sp utlity as shown in the above example) the encrypted files password is different than if I use the 'read' binary to mask the input.

If I display the contents of $pass that was captured with read -sp it displays just as I typed it without any additional line endings etc.

Anyone experience this?

Answer 1

A shell function will be simpler, as you eliminate a level of quoting, and allows parameters if the function needs to be generalized to other files.

# There is already a standard command called 'test'; use a different name
pass_encrypt () {
  in=$1
  out=$in.gpg
  read -rsp 'Enter passphrase: ' pass
  gpg --batch --passphrase-fd 3 --symmetric \
      --cipher-algo aes256 -o "$out" "$in" 3<<<$pass
}

(with mvds' suggestion of using --passphrase-fd)

Answer 2

Shouldn't you quote $pass? In case it contains spaces etc. Also, you need to escape the $ to make it not expand while setting the alias.

So:

alias test="read -sp 'Enter pp: ' pass; gpg --passphrase \"\$pass\" --batch --symmetric --cipher-algo aes256 -o file.ext.gpg file.ext"

Besides this, you may want to use --passphrase-fd so the passphrase doesn't end up in ps output:

alias test="read -sp 'pp: ' pass; gpg --passphrase-fd 3 --etc-etc 3<<< \$pass"