Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#1032 -pw-stdin causes "The handle is invalid." error

closed
nobody
5
2012-09-08
2012-09-08
Alex Netkachov
No

1. Download KeePass 2.20 ZIP and unpack
2. Try:
KeePass.exe my.kdbx -pw-stdin
KeePass.exe -pw-stdin my.kdbx
KeePass.exe /pw-stdin my.kdbx

All these cause the "The handle is invalid." error to appear. And after it the app shows the usual dialog box.

Windows XP SP3.

Thanks,
Alex

Discussion

  • Dominik Reichl
    Dominik Reichl
    2012-09-08

    The -pw-stdin option is only useful when the StdIn stream exists. In your examples, the StdIn stream does not exist (keep in mind that KeePass is a GUI application and does not connect to the terminal it was started from).

    For a test, try on the command line:
    echo MySecretPassword | KeePass.exe -pw-stdin my.kdbx
    In this example, the StdIn stream exists (it contains "MySecretPassword").

    Best regards
    Dominik

     
  • Dominik Reichl
    Dominik Reichl
    2012-09-08

    • status: open --> closed
     
  • Dominik Reichl
    Dominik Reichl
    2012-09-09

    The -pw-stdin option is intended to allow other applications provide the master password over a channel that is probably a bit more secure than the command line (StdIn usually isn't logged, whereas the command line is accessible by other applications easily).

    I don't see the point of allocating a new console window or connecting StdIn to the terminal KeePass was started from, because the user isn't supposed to enter the master password manually anyway. If he wants to enter it manually, he can just enter it in the standard master key dialog of KeePass.

    Best regards
    Dominik

     
  • Alex Netkachov
    Alex Netkachov
    2012-09-09

    Thank you. This is very clear. I've just got confused by the "Added '-pw-stdin' command line option to make KeePass read the master password from the StdIn stream." notice. I assumed that StdIn is just the regular stdin and the app just read the characters from the console until just like other programs do.

    For example, in mysql client I can specify -p option and it will prompt the password from the console (I think that it reads the password from stdin, doesn't it?).
    http://dev.mysql.com/doc/refman/5.0/en/command-line-options.html
    > In the latter case (with no password value given), the program prompts you for the password.

    I also thought that this also may be more secure because there is no window in which user types the password - it just the command prompt. But I'm not sure about it. At least it just looks cool - type something in the black console window and keepass appears :)

    Anyway, you explanation clears the subject and currently I better understand the idea which is behind this option.

    Thanks,
    Alex