From e718bd4ca538d6967b8bbc39f75fa98b42fe3e70 Mon Sep 17 00:00:00 2001 From: Kai Frische Date: Thu, 15 Jun 2023 16:28:29 +0200 Subject: Add script to store master password in keyring. --- bin/rbw-pinentry-keyring | 59 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100755 bin/rbw-pinentry-keyring diff --git a/bin/rbw-pinentry-keyring b/bin/rbw-pinentry-keyring new file mode 100755 index 0000000..9e319b8 --- /dev/null +++ b/bin/rbw-pinentry-keyring @@ -0,0 +1,59 @@ +#!/bin/bash + +# Use as pinentry to store master password for rbw into keyring +# Usage +# - run "rbw-pinentry-keyring setup" once to save master password to keyring +# - add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json) +# - use rbw as normal +# Notes +# - setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well +# - master passwords are stored into the keyring as plaintext, so secure your keyring appropriately +# - supports multiple profiles, simply set RBW_PROFILE during setup +# - can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable + +[[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}" + +set -eEuo pipefail + +function setup() { + cmd="SETTITLE rbw\n" + cmd+="SETPROMPT Master Password\n" + cmd+="SETDESC Please enter the master password for '$rbw_profile'\n" + cmd+="GETPIN\n" + password="$(printf "$cmd" | pinentry | grep -E "^D " | cut -d' ' -f2)" + if [ -n "$password" ]; then + echo -n "$password" | secret-tool store --label="$rbw_profile master password" application rbw profile "$rbw_profile" type master_password + fi +} + +function getpin() { + echo 'OK' + + while IFS=' ' read -r command args ; do + case "$command" in + SETPROMPT|SETTITLE| SETDESC) + echo 'OK' + ;; + GETPIN) + secret_value="$(secret-tool lookup application rbw profile "$rbw_profile" type master_password)" + if [ -z "$secret_value" ]; then + exit 1 + fi + printf 'D %s\n' "$secret_value" + echo 'OK' + ;; + BYE) + exit + ;; + *) + echo 'ERR Unknown command' + ;; + esac + done +} + +if [ "$1" == "setup" ]; then + setup +else + getpin +fi -- cgit v1.2.3-54-g00ecf From c0c171d22159688e5264e70d1b3c9b61b1030fc9 Mon Sep 17 00:00:00 2001 From: Kai Frische Date: Thu, 15 Jun 2023 16:46:55 +0200 Subject: Add help to rbw-pinentry-keyring. --- bin/rbw-pinentry-keyring | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/bin/rbw-pinentry-keyring b/bin/rbw-pinentry-keyring index 9e319b8..1626853 100755 --- a/bin/rbw-pinentry-keyring +++ b/bin/rbw-pinentry-keyring @@ -1,20 +1,26 @@ #!/bin/bash -# Use as pinentry to store master password for rbw into keyring -# Usage -# - run "rbw-pinentry-keyring setup" once to save master password to keyring -# - add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json) -# - use rbw as normal -# Notes -# - setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well -# - master passwords are stored into the keyring as plaintext, so secure your keyring appropriately -# - supports multiple profiles, simply set RBW_PROFILE during setup -# - can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable - [[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}" set -eEuo pipefail +function help() { + cat <