readpassphrase-3

This crate endeavors to expose a thin wrapper around the OpenBSD readpassphrase(3) function. Two interfaces are exposed:

1. readpassphrase, which allocates and returns its own fixed-size buffer for the passphrase; and
2. readpassphrase_buf, which takes a preallocated buffer that it consumes and returns as the output String.

These may be customized using RppFlags, which expose the original API’s flags using the bitflags library.

Errors are exposed via thiserror, and memory zeroing is done via zeroize. To try to reduce churn in this library itself and dependencies on multiple versions of libraries in dependent packages, we do not lock the versions of these dependencies; it is recommended that you vet their current versions yourself to guard against software supply chain attacks. If you would rather not do that, consider instead using the excellent rpassword crate, which vendors its own dependencies.

NFAQ

I’m getting a “mismatched types” error!

That’s not a question, but it’s okay. You are probably passing a Rust &str as the prompt argument. To avoid needing to take a dynamically allocated string or make a copy of the prompt on every call, this library takes a &CStr (i.e. a null-terminated span of characters) as its prompt argument.

If you’re passing a literal string, you can just prepend c to your string:

let _ = readpassphrase(c"Prompt: ", RppFlags::default())?;
//                     ^
//                     |
//                     like this

Why is this named readpassphrase-3?

There is already an unmaintained readpassphrase crate that was not to my liking. Rather than try to invent a new name for this standard C function, I decided to pick a number. The number I picked, 3, corresponds to the “library calls” man section, in which readpassphrase’s man page is located.