Function readpassphrase 

pub fn readpassphrase<'a>(
    prompt: &CStr,
    buf: &'a mut [u8],
    flags: RppFlags,
) -> Result<&'a str, Error>

Reads a passphrase using readpassphrase(3).

This function tries to faithfully wrap readpassphrase(3) without overhead; the only additional work it does is:

1. It converts from a Rust byte slice to a C pointer/length pair going in.
2. It converts from a C char * to a Rust UTF-8 &str coming out.
3. It translates errors from errno (or string conversion) into Result.

This function reads a passphrase of up to buf.len() - 1 bytes. If the entered passphrase is longer, it will be truncated.

Security

The passed buffer might contain sensitive data even if this function returns an error (for example, if the contents are not valid UTF-8.) Therefore it should be zeroed as soon as possible. This can be achieved, for example, with zeroize::Zeroizing:

use zeroize::Zeroizing;
let mut buf = Zeroizing::new(vec![0u8; PASSWORD_LEN]);
let pass = readpassphrase(c"Pass: ", &mut buf, RppFlags::default())?;

Examples found in repository

examples/inplace.rs (lines 14-18)

fn main() {
    let mut buf = Zeroizing::new(vec![0u8; 256]);
    let password = readpassphrase(
        c"Password: ",
        &mut buf,
        RppFlags::FORCEUPPER | RppFlags::ECHO_ON,
    )
    .expect("failed reading passphrase");
    println!("{password}");
}

examples/owned.rs (line 15)

fn main() -> Result<(), Error> {
    let mut buf = vec![0u8; PASSWORD_LEN];
    let pass =
        Zeroizing::new(readpassphrase(c"Password: ", &mut buf, RppFlags::ECHO_ON)?.to_string());
    let mut buf = Some(buf);
    loop {
        let mut res = readpassphrase_owned(
            c"Confirmation: ",
            buf.take().unwrap(),
            RppFlags::REQUIRE_TTY,
        )?;
        if *pass == res {
            res.zeroize();
            break;
        }
        buf = Some(res.into());
    }
    Ok(())
}