diff options
Diffstat (limited to 'bin/rbw-pinentry-keyring')
-rwxr-xr-x | bin/rbw-pinentry-keyring | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/bin/rbw-pinentry-keyring b/bin/rbw-pinentry-keyring new file mode 100755 index 0000000..1626853 --- /dev/null +++ b/bin/rbw-pinentry-keyring @@ -0,0 +1,72 @@ +#!/bin/bash + +[[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}" + +set -eEuo pipefail + +function help() { + cat <<EOHELP +Use this script as pinentry to store master password for rbw into your keyring + +Usage +- run "rbw-pinentry-keyring setup" once to save master password to keyring +- add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json) +- use rbw as normal +Notes +- needs "secret-tool" to access keyring +- setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well +- master passwords are stored into the keyring as plaintext, so secure your keyring appropriately +- supports multiple profiles, simply set RBW_PROFILE during setup +- can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable +EOHELP +} + +function setup() { + cmd="SETTITLE rbw\n" + cmd+="SETPROMPT Master Password\n" + cmd+="SETDESC Please enter the master password for '$rbw_profile'\n" + cmd+="GETPIN\n" + password="$(printf "$cmd" | pinentry | grep -E "^D " | cut -d' ' -f2)" + if [ -n "$password" ]; then + echo -n "$password" | secret-tool store --label="$rbw_profile master password" application rbw profile "$rbw_profile" type master_password + fi +} + +function getpin() { + echo 'OK' + + while IFS=' ' read -r command args ; do + case "$command" in + SETPROMPT|SETTITLE| SETDESC) + echo 'OK' + ;; + GETPIN) + secret_value="$(secret-tool lookup application rbw profile "$rbw_profile" type master_password)" + if [ -z "$secret_value" ]; then + exit 1 + fi + printf 'D %s\n' "$secret_value" + echo 'OK' + ;; + BYE) + exit + ;; + *) + echo 'ERR Unknown command' + ;; + esac + done +} + +command="$1" +case "$command" in + -h|--help|help) + help + ;; + -s|--setup|setup) + setup + ;; + *) + getpin + ;; +esac |