silent raw_input for passwords

Stephen Boulet

I need a password for a script and I would like to not have it stored in a
file or shown in a terminal.

"passphrase = raw_input()" still lets you see the input on the screen. Is
there a way to have it be hidden? It's my gpg passphrase, so I don't want
it anywhere except in my head.

If anyone's interested, I'm wrapping the command for the duplicity program
(incremental GPG encrypted backups to an FTP server;
http://www.nongnu.org/duplicity/):

===========================
#!/bin/env python

from ftplib import FTP
from os import popen

dirfile = '/usr/local/backups.txt'
dirs = file(dirfile).read().split('\n')

host = 'ftphost'
uname = 'ftpuname'
password = 'ftppass'

ftp = FTP(ftphost)
ftp.login(ftpuname,ftppass)
l=ftp.nlst()

for i,dir in enumerate(dirs):
if str(i+1) not in l:
print 'Directory "%s" is not on the FTP server.' % dir
print "Creating directory %d on server..." % (i+1)
ftp.mkd(str(i+1))
ftp.quit()

print "Starting duplicity synchronization ..."
print "Enter your passphrase:"
passphrase = raw_input()
passphrase = "PASSPHRASE=" + passphrase

for i in range(1,len(dirs)+1):
command = passphrase + ' duplicity ftp://'
command += ftpuname + '@' + ftphost + '/ "'
command += dirs[i-1] + '" ' + str(i)
print "Starting backup of directory %s" % dirs[i-1]
popen(command).read()

print "Done!"


--
Stephen
From here to there
and there to here,
funny things are everywhere. -- Dr Seuss

Jul 18 '05 #1

Heather Coppersmith

On Fri, 30 Apr 2004 21:26:40 -0500,
Stephen Boulet <stephen.no@spam.theboulets.net.please> wrote:
[color=blue]
> I need a password for a script and I would like to not have it
> stored in a file or shown in a terminal.[/color]
[color=blue]
> "passphrase = raw_input()" still lets you see the input on the
> screen. Is there a way to have it be hidden? It's my gpg
> passphrase, so I don't want it anywhere except in my head.[/color]

See the getpass module; it's part of the standard library.

Most GUI's have similar functionality.

HTH,,
Heather

--
Heather Coppersmith
That's not right; that's not even wrong. -- Wolfgang Pauli

Jul 18 '05 #2

Stephen Boulet

Thanks!

Heather Coppersmith wrote:
[color=blue]
> On Fri, 30 Apr 2004 21:26:40 -0500,
> Stephen Boulet <stephen.no@spam.theboulets.net.please> wrote:
>[color=green]
>> I need a password for a script and I would like to not have it
>> stored in a file or shown in a terminal.[/color]
>[color=green]
>> "passphrase = raw_input()" still lets you see the input on the
>> screen. Is there a way to have it be hidden? It's my gpg
>> passphrase, so I don't want it anywhere except in my head.[/color]
>
> See the getpass module; it's part of the standard library.
>
> Most GUI's have similar functionality.
>
> HTH,,
> Heather
>[/color]

--
Stephen
From here to there
and there to here,
funny things are everywhere. -- Dr Seuss

Jul 18 '05 #3

Dan Bishop

Stephen Boulet <stephen.no@spam.theboulets.net.please> wrote in message news:<B36dncCgsNfVkQ7d3cwC-g@speakeasy.net>...[color=blue]
> I need a password for a script and I would like to not have it stored in a
> file or shown in a terminal.
>
> "passphrase = raw_input()" still lets you see the input on the screen. Is
> there a way to have it be hidden? It's my gpg passphrase, so I don't want
> it anywhere except in my head.[/color]

There's probably an easier way, but you can use:

def input_password(echo=True):
chars = []
while True:
newChar = getch()
if newChar in '\r\n':
break
elif newChar in '\b\x7F':
if chars:
del chars[-1]
sys.stdout.write('\b')
else:
chars.append(newChar)
if echo:
sys.stdout.write('*')
return ''.join(chars)

Jul 18 '05 #4

Dominique Orban

On 2004-05-01, Dan Bishop <danb_83@yahoo.com> wrote:[color=blue]
> Stephen Boulet <stephen.no@spam.theboulets.net.please> wrote in message news:<B36dncCgsNfVkQ7d3cwC-g@speakeasy.net>...[color=green]
>> I need a password for a script and I would like to not have it stored in a
>> file or shown in a terminal.
>>
>> "passphrase = raw_input()" still lets you see the input on the screen. Is
>> there a way to have it be hidden? It's my gpg passphrase, so I don't want
>> it anywhere except in my head.[/color]
>
> There's probably an easier way, but you can use:
>
> def input_password(echo=True):
> chars = []
> while True:
> newChar = getch()
> if newChar in '\r\n':
> break
> elif newChar in '\b\x7F':
> if chars:
> del chars[-1]
> sys.stdout.write('\b')
> else:
> chars.append(newChar)
> if echo:
> sys.stdout.write('*')
> return ''.join(chars)[/color]

How is this different from getpass.getpass() ?

Jul 18 '05 #5