NapoleonDynamite/voidrice
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
voidrice/.local/bin/otp
appeasementPolitik 7871fd80b2
Make otp script more secure + other improvements (#1190) 
Make a temporary directory in $XDG_RUNTIME_DIR instead of $PASSWORD_STORE_DIR. 

$XDG_RUNTIME_DIR defaults to /run/user/$uid/. This directory has the security advantage of only being readable and writable by the current user and being mounted in RAM, causing the screenshot to be fully wiped on shutdown and not needing shred, which doesn't work reliably on SSD's. 

Also quoted $dir, for the off chance someone has spaces in their $PASSWORD_STORE_DIR.

Removed the check for xclip and the $issuer and $name variables, as they are unused.

If you're wondering why echo is piped into dmenu, on my system dmenu hung when called without the pipe, causing the whole script to freeze.
2022-09-20 11:42:54 +00:00

50 lines
1.7 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
# Get a one-time password, or add a OTP secret to your pass-otp store.
# The assumption of this script is that all otp passwords are stored with the
# suffix `-otp`. This script automatically appends newly added otps as such.
# For OTP passwords to be generated properly, it is important for the local
# computer to have its time properly synced. This can be done with the command
# below which requires the package `ntp`.
ifinstalled pass pass-otp
dir="${PASSWORD_STORE_DIR}"
choice="$({ echo "🆕add" ; echo "🕙sync-time" ; ls "$dir"/*-otp.gpg ;} | sed "s/.*\///;s/-otp.gpg//" | dmenu -p "Pick a 2FA:")"
case $choice in
🆕add )
ifinstalled maim zbar || exit 1
temp=$(mktemp -p "$XDG_RUNTIME_DIR" --suffix=.png)
otp="otp-test-script"
trap 'rm -f $temp; pass rm -f $otp' HUP INT QUIT TERM PWR EXIT
notify-send "Scan the image." "Scan the OTP QR code."
maim -s "$temp" || exit 1
info="$(zbarimg -q "$temp")"
info="${info#QR-Code:}"
if echo "$info" | pass otp insert "$otp"; then
while true ; do
export name="$(echo | dmenu -p "Give this One Time Password a one-word name:")"
echo "$name" | grep -q -- "^[A-z0-9-]\+$" && break
done
pass mv "$otp" "$name-otp"
notify-send "Successfully added." "$name-otp has been created."
else
notify-send "No OTP data found." "Try to scan the image again more precisely."
fi
;;
🕙sync-time )
ifinstalled ntp || exit 1
notify-send -u low "🕙 Synchronizing Time..." "Synching time with remote NTP servers..."
updatedata="$(sudo ntpdate pool.ntp.org)" &&
notify-send -u low "🕙 Synchronizing Time..." "Done. Time changed by ${updatedata#*offset }"
;;
*) pass otp -c ${choice}-otp ;;
esac
Reference in a new issue View git blame Copy permalink