Reputation: 2352
Start 7Zip executable in a new process and pass encryption password in a secure manner
As the title mentions, I want to start 7z.exe and give it all the parameters, including a password, because I want to generate an encrypted archive.
In case it matters, I'm doing this on a Windows Server.
I've been trying all sorts of things, but the -p parameter refuses to accept anything but the plain-text password. The reason I can't have this, is because the command-line of the process might be visible to other accounts on the same server, and having a plain-text password in there is the last thing I want them to see.
Things I've tried so far:
var psi = new ProcessStartInfo("7z.exe", "a ... -p%MYSECRET%")
{
CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = false,
EnvironmentVariables =
{
{ "MYSECRET", password }
}
};
var process = Process.Start(psi);
process.WaitForExit();
This one uses the literal '%MYSECRET%' as the password instead of the password variable's value.
Next attempt was letting 7z.exe prompt me for password and filling it in using standard input redirection:
var psi = new ProcessStartInfo("7z.exe", "a ... -p")
{
CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = false,
RedirectStandardInput = true
};
var process = Process.Start(psi);
process.StandardInput.Write(password);
process.StandardInput.Close();
process.WaitForExit();
This one encrypted the archive with an unknown password. I tried to decrypt it with the actual one as well as an empty one, but none worked. My guess is that 7z.exe doesn't support anything other than interactive keyboard entry.
My question is: was I close with any of the methods or have I completely missed?
My next idea is to try building a simple BATCH file and executing it via cmd.exe to see if environment variable gets resolve that way. But I'm already pretty sure this would thwart my initial goal of avoiding the plain-text password in the command-line of the spawned 7z.exe process, because cmd.exe would replace the variable with its value before spawning the final process.
What else is there to try?
UPDATE
One additional way (which I was trying to avoid, if possible) seems to be building my own wrapper executable in C# that links the 7z.dll and invokes it via COM interface by passing the appropriate parameters.
As this would mean that I myself control the way the parameters are passed to my process, I could enforce the environment variable and avoid passing the plain-text password on the command line.
Now... Is this amount of effort worth it? Well... that will have to remain to be seen.
I'm still open to suggestions!
Upvotes: 1
Views: 70
Answers (0)
Related Questions
- C# I can't get CreateNoWindow to work - not even the msdn.com example
- ASP.NET Identity's default Password Hasher - How does it work and is it secure?
- C# fetch all text from git log command
- Call garbage collector after ImageList.Items.Clear()?
- Start background process as a different user without showing window
- Hiding the Console Window When Running Process as a User with DllImports
- Store password securely and retrieve it later
- Windows 8 Execute .exe From Service Without User?
- Hide Console Window while using Process.StartInfo with diffent Username
- Open file in background mode using Process