Re: [PATCH v2 1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD... | linux-integrity

[PATCH v2 0/8] ima-evm-utils: Add support for signing with pkcs11 URIs · Stefan Berger <hidden> · 2021-08-10
[PATCH v2 2/8] evmctl: Handle engine initialization properly · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 2/8] evmctl: Handle engine initialization properly · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
[PATCH v2 3/8] evmctl: Move code setting up engine to own funtion · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 3/8] evmctl: Move code setting up engine to own funtion · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
[PATCH v2 7/8] tests: Extend sign_verify test with pkcs11-specific test · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 7/8] tests: Extend sign_verify test with pkcs11-specific test · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
Re: [PATCH v2 7/8] tests: Extend sign_verify test with pkcs11-specific test · Stefan Berger <stefanb@linux.ibm.com> · 2021-09-03
[PATCH v2 5/8] evmctl: Setup the pkcs11 engine if key has pkcs11: prefix · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 5/8] evmctl: Setup the pkcs11 engine if key has pkcs11: prefix · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
[PATCH v2 8/8] tests: Get the packages for pkcs11 testing on the CI/CD system · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 8/8] tests: Get the packages for pkcs11 testing on the CI/CD system · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
Re: [PATCH v2 8/8] tests: Get the packages for pkcs11 testing on the CI/CD system · Stefan Berger <stefanb@linux.ibm.com> · 2021-09-03
[PATCH v2 6/8] libimaevm: Add support for pkcs11 private keys for signing a v2 hash · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 6/8] libimaevm: Add support for pkcs11 private keys for signing a v2 hash · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
[PATCH v2 1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable · Mimi Zohar <zohar@linux.ibm.com> · 2021-08-27
Re: [PATCH v2 1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable · Vitaly Chikunov <hidden> · 2021-09-04
[PATCH v2 4/8] evmctl: Extend libimaevm_params with ENGINE field and use it · Stefan Berger <hidden> · 2021-08-10
Re: [PATCH v2 4/8] evmctl: Extend libimaevm_params with ENGINE field and use it · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03
Re: [PATCH v2 0/8] ima-evm-utils: Add support for signing with pkcs11 URIs · Mimi Zohar <zohar@linux.ibm.com> · 2021-09-03

Re: [PATCH v2 1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-08-27 21:37:46

[Cc: Vitaly]

On Tue, 2021-08-10 at 09:45 -0400, Stefan Berger wrote:

From: Stefan Berger <stefanb@linux.ibm.com>

If the user did not use the --pass option to provide a key password,
get the key password from the EVMCTL_KEY_PASSWORD environment variable.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Thanks, Stefan.

Vitaly, I'm not sure that there's any benefit of using secure heap for
a password stored as an environment variable, but it needs to at least
be documented.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help