diff options
author | Kai Frische <kfr@x-integrate.com> | 2023-06-15 16:28:29 +0200 |
---|---|---|
committer | Kai Frische <kfr@x-integrate.com> | 2023-06-15 16:28:29 +0200 |
commit | e718bd4ca538d6967b8bbc39f75fa98b42fe3e70 (patch) | |
tree | f0cce7e9fcd0ec93e344e3d84b7e8c6b8199c982 | |
parent | 8aa7e36a4f2746b314b0a582f3c59cc8b6b03ca2 (diff) | |
download | rbw-e718bd4ca538d6967b8bbc39f75fa98b42fe3e70.tar.gz rbw-e718bd4ca538d6967b8bbc39f75fa98b42fe3e70.zip |
Add script to store master password in keyring.
-rwxr-xr-x | bin/rbw-pinentry-keyring | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/bin/rbw-pinentry-keyring b/bin/rbw-pinentry-keyring new file mode 100755 index 0000000..9e319b8 --- /dev/null +++ b/bin/rbw-pinentry-keyring @@ -0,0 +1,59 @@ +#!/bin/bash + +# Use as pinentry to store master password for rbw into keyring +# Usage +# - run "rbw-pinentry-keyring setup" once to save master password to keyring +# - add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json) +# - use rbw as normal +# Notes +# - setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well +# - master passwords are stored into the keyring as plaintext, so secure your keyring appropriately +# - supports multiple profiles, simply set RBW_PROFILE during setup +# - can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable + +[[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}" + +set -eEuo pipefail + +function setup() { + cmd="SETTITLE rbw\n" + cmd+="SETPROMPT Master Password\n" + cmd+="SETDESC Please enter the master password for '$rbw_profile'\n" + cmd+="GETPIN\n" + password="$(printf "$cmd" | pinentry | grep -E "^D " | cut -d' ' -f2)" + if [ -n "$password" ]; then + echo -n "$password" | secret-tool store --label="$rbw_profile master password" application rbw profile "$rbw_profile" type master_password + fi +} + +function getpin() { + echo 'OK' + + while IFS=' ' read -r command args ; do + case "$command" in + SETPROMPT|SETTITLE| SETDESC) + echo 'OK' + ;; + GETPIN) + secret_value="$(secret-tool lookup application rbw profile "$rbw_profile" type master_password)" + if [ -z "$secret_value" ]; then + exit 1 + fi + printf 'D %s\n' "$secret_value" + echo 'OK' + ;; + BYE) + exit + ;; + *) + echo 'ERR Unknown command' + ;; + esac + done +} + +if [ "$1" == "setup" ]; then + setup +else + getpin +fi |