pw.html (1945B)
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="utf-8"> 5 <title>Write a Password Manager in POSIX Shell | Riaz's Website</title> 6 <link rel="stylesheet" href="/style.css"> 7 <link rel="icon" href="data:,"> 8 <meta name="description" content="How to write a simple password manager in POSIX shell that is more minimal than pass"> 9 <meta name="viewport" content="width=device-width, initial-scale=1"> 10 </head> 11 <body> 12 <h1>Write a Password Manager in POSIX Shell</h1> 13 <hr> 14 <article> 15 <p><a href="https://www.passwordstore.org/">pass</a> is over 600 SLOC, yet I don't use its nested hierarchy, git integration, nor password generation.</p> 16 <p>To encrypt and decrypt, pass does nothing too fancy that is a major security issue by omission. This is the code for showing a password</p> 17 <pre> 18 if [[ -f $passfile ]]; then 19 if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then 20 pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $? 21 echo "$pass" | $BASE64 -d 22 </pre> 23 <pre> 24 # This base64 business is because bash cannot store binary data in a shell 25 # variable. Specifically, it cannot store nulls nor (non-trivally) store 26 # trailing new lines. 27 </pre> 28 <p>and encrypting a password.</p> 29 <pre> 30 if [[ $multiline -eq 1 ]]; then 31 echo "Enter contents of $path and press Ctrl+D when finished:" 32 echo 33 $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." 34 </pre> 35 <p>Combining these two GPG commands sets the foundation for a bare bones and hackable password manager. I currently use <a href="/git/dotfiles/file/.local/bin/pw.html">the one I wrote</a>, inspired by dcat on GitHub. <a href="/git/dotfiles/file/.local/bin/pwm.html">This one-liner</a> allows for integration with dmenu: <code>pw get "$(pw ls | dmenu -l 10)" | xdotool type --clearmodifiers --file -</code>.</p> 36 </article> 37 <footer> 38 <hr> 39 <a href="/">Home Page</a></footer> 40 </body> 41 </html>