diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-09-04 20:19:02 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-09-04 20:19:02 +0200 |
commit | 814bbf95ea9fd98af4c41938c40a4235a3e478c4 (patch) | |
tree | 34c782dd9ade8bfd646124cfd83b4b678522175b | |
parent | e14c00af8edf8d4b90b46fda9bf733630ef85199 (diff) |
No echo mode.
Add a --no-echo flag to the insert operation so that the password isn't
echoed when entering it. This requires the user to echo the password
twice for confirmation.
Reported-by: Dominic Lüchinger <d.luechinger@snowgarden.ch>
-rw-r--r-- | man/pass.1 | 9 | ||||
-rwxr-xr-x | src/password-store.sh | 49 |
2 files changed, 42 insertions, 16 deletions
@@ -70,11 +70,12 @@ using .BR xclip (1) and then restore the clipboard after 45 seconds. .TP -\fBinsert\fP [ \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP +\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP Insert a new password into the password store called \fIpass-name\fP. This will -read the new password from standard in. If \fI--multiline\fP or \fI-m\fP is -specified, lines will be read until EOF or Ctrl+D is reached. Otherwise, only -a single line from standard in is read. +read the new password from standard in. If \fI--no-echo\fP or \fI-n\fP is specified, do +disable keyboard echo when the password is entered and confirm the password by asking +for it twice. If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until +EOF or Ctrl+D is reached. Otherwise, only a single line from standard in is read. .TP \fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP Generate a new password using diff --git a/src/password-store.sh b/src/password-store.sh index 28bd9d6..db1b5ce 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -23,8 +23,9 @@ Usage: $program [show] [--clip,-c] pass-name Show existing password and optionally put it on the clipboard. If put on the clipboard, it will be cleared in 45 seconds. - $program insert [--multiline,-m] pass-name - Insert new optionally multiline password. + $program insert [--no-echo,-n | --multiline,-m] pass-name + Insert new password. Optionally, the console can be enabled to not + echo the password back. Or, optionally, it may be multiline. $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length Generate a new password of pass-length with optionally no symbols. Optionally put it on the clipboard and clear board after 45 seconds. @@ -136,25 +137,49 @@ case "$command" in ;; insert) ml=0 - if [[ $1 == "--multiline" || $1 == "-m" ]]; then - ml=1 - shift - fi - if [[ $# -ne 1 ]]; then - echo "Usage: $program $command [--multiline,-m] pass-name" + noecho=0 + while true; do + if [[ $1 == "--multiline" || $1 == "-m" ]]; then + ml=1 + shift + elif [[ $1 == "--no-echo" || $1 == "-n" ]]; then + noecho=1 + shift + else + break + fi + done + if [[ ( $ml -eq 1 && $noecho -eq 1 ) || $# -ne 1 ]]; then + echo "Usage: $program $command [--no-echo,-n | --multiline,-m] pass-name" exit 1 fi path="$1" mkdir -p -v "$PREFIX/$(dirname "$path")" passfile="$PREFIX/$path.gpg" - if [[ $ml -eq 0 ]]; then - echo -n "Enter password for $path: " - head -n 1 | gpg -e -r "$ID" > "$passfile" - else + if [[ $ml -eq 1 ]]; then echo "Enter contents of $path and press Ctrl+D when finished:" echo cat | gpg -e -r "$ID" > "$passfile" + elif [[ $noecho -eq 1 ]]; then + stty -echo + echo -n "Enter password for $path: " + read password + echo + echo -n "Retype password for $path: " + read password_again + echo + stty echo + if [[ $password == $password_again ]]; then + gpg -e -r "$ID" > "$passfile" <<<"$password" + else + echo "Error: the entered passwords do not match." + exit 1 + fi + + else + echo -n "Enter password for $path: " + head -n 1 | gpg -e -r "$ID" > "$passfile" fi if [[ -d $GIT ]]; then git add "$passfile" |