This patch provides a way to use rsa_respond from a script on a key with
a passphrase.  This is insecure, but the likelihood of losing a passphrase
is low.

To apply this patch, in the rsa_respond directory, run
$ patch -p1 </path/to/rsa_respond-insecure.diff

and rebuild the respond tool.

-Hwy

diff -uNrd rsa_respond.dist/README rsa_respond/README
--- rsa_respond.dist/README	Mon Sep 16 08:36:35 2002
+++ rsa_respond/README	Mon Sep 16 08:53:15 2002
@@ -6,13 +6,17 @@
 to pass back to the server.
 
 Syntax:
-$ ./respond <private key> <challenge>
+$ ./respond <private key> <challenge> [passphrase]
 
 Notes:
 
 The private key file is protected by a passphrase, entered when the key is
 created.  The passphrase is prompted for whenever respond is called.
 
+If the passphrase is passed on the command line (insecure mode), the
+program will not prompt for a passphrase.  This is primarily for running
+rsa_respond from a script.
+
 Compiling:
 
 Untar the distribution
@@ -25,7 +29,7 @@
 was installed there, instead of one of the system library paths.
 
 System support:
-genkey and respond compile properly, and have been tested on FreeBSD 4.x,
-Linux glibc, and Cygwin 1.2 or higher.
+respond compiles properly, and have been tested on FreeBSD 4.x, Linux glibc,
+Solaris 8, and Cygwin 1.2 or higher.
 
 # $Id: rsa_respond-insecure.diff,v 1.1 2002/09/20 10:29:51 leeh Exp $
diff -uNrd rsa_respond.dist/respond.c rsa_respond/respond.c
--- rsa_respond.dist/respond.c	Mon Sep 16 08:36:35 2002
+++ rsa_respond/respond.c	Mon Sep 16 08:47:48 2002
@@ -26,10 +26,27 @@
 #include <openssl/md5.h>
 #include <unistd.h>
 
+static int insecure_mode = 0;
+static char *pass_param = NULL;
+
 static int pass_cb(char *buf, int size, int rwflag, void *u)
 {
 	int len;
         char *tmp;
+
+	if (insecure_mode != 0)
+	{
+		if (pass_param == NULL)
+			return 0;
+		len = strlen(pass_param);
+		if (len <= 0)  /* This SHOULDN'T happen */
+			return 0;
+		if (len > size)
+			len = size;
+		memcpy(buf, pass_param, len);
+		return len;
+	}
+
 	tmp = getpass("Enter passphrase for challenge: ");
         len = strlen(tmp);
         if (len <= 0) 
@@ -40,7 +57,6 @@
         return len;
 }
 
-                                                                                        
 static void
 binary_to_hex( unsigned char * bin, char * hex, int length )
 {
@@ -92,8 +108,22 @@
 	/* respond privatefile challenge */
 	if (argc < 3)
 	{
-		puts("Usage: respond privatefile challenge");
+		puts("Usage: respond privatefile challenge [passphrase]");
 		return 0;
+	}
+
+	if (argc == 4)
+	{
+		/* This is TOTALLY insecure and not recommended, but for
+		** interfacing with irc client scripts, it's either this
+		** or don't use a passphrase.
+		**
+		** The likelihood of a passphrase leaking isn't TOO great,
+		** only ps auxww will show it, and even then, only at the
+		** precise moment this is called.
+		*/
+		insecure_mode = 1;
+		pass_param = argv[3];
 	}
 
 	if (!(kfile = fopen(argv[1], "r")))