From 814bbf95ea9fd98af4c41938c40a4235a3e478c4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Sep 2012 20:19:02 +0200 Subject: No echo mode. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a --no-echo flag to the insert operation so that the password isn't echoed when entering it. This requires the user to echo the password twice for confirmation. Reported-by: Dominic Lüchinger --- man/pass.1 | 9 +++++---- src/password-store.sh | 49 +++++++++++++++++++++++++++++++++++++------------ 2 files changed, 42 insertions(+), 16 deletions(-) diff --git a/man/pass.1 b/man/pass.1 index c43da59..7ffb540 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -70,11 +70,12 @@ using .BR xclip (1) and then restore the clipboard after 45 seconds. .TP -\fBinsert\fP [ \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP +\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP Insert a new password into the password store called \fIpass-name\fP. This will -read the new password from standard in. If \fI--multiline\fP or \fI-m\fP is -specified, lines will be read until EOF or Ctrl+D is reached. Otherwise, only -a single line from standard in is read. +read the new password from standard in. If \fI--no-echo\fP or \fI-n\fP is specified, do +disable keyboard echo when the password is entered and confirm the password by asking +for it twice. If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until +EOF or Ctrl+D is reached. Otherwise, only a single line from standard in is read. .TP \fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP Generate a new password using diff --git a/src/password-store.sh b/src/password-store.sh index 28bd9d6..db1b5ce 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -23,8 +23,9 @@ Usage: $program [show] [--clip,-c] pass-name Show existing password and optionally put it on the clipboard. If put on the clipboard, it will be cleared in 45 seconds. - $program insert [--multiline,-m] pass-name - Insert new optionally multiline password. + $program insert [--no-echo,-n | --multiline,-m] pass-name + Insert new password. Optionally, the console can be enabled to not + echo the password back. Or, optionally, it may be multiline. $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length Generate a new password of pass-length with optionally no symbols. Optionally put it on the clipboard and clear board after 45 seconds. @@ -136,25 +137,49 @@ case "$command" in ;; insert) ml=0 - if [[ $1 == "--multiline" || $1 == "-m" ]]; then - ml=1 - shift - fi - if [[ $# -ne 1 ]]; then - echo "Usage: $program $command [--multiline,-m] pass-name" + noecho=0 + while true; do + if [[ $1 == "--multiline" || $1 == "-m" ]]; then + ml=1 + shift + elif [[ $1 == "--no-echo" || $1 == "-n" ]]; then + noecho=1 + shift + else + break + fi + done + if [[ ( $ml -eq 1 && $noecho -eq 1 ) || $# -ne 1 ]]; then + echo "Usage: $program $command [--no-echo,-n | --multiline,-m] pass-name" exit 1 fi path="$1" mkdir -p -v "$PREFIX/$(dirname "$path")" passfile="$PREFIX/$path.gpg" - if [[ $ml -eq 0 ]]; then - echo -n "Enter password for $path: " - head -n 1 | gpg -e -r "$ID" > "$passfile" - else + if [[ $ml -eq 1 ]]; then echo "Enter contents of $path and press Ctrl+D when finished:" echo cat | gpg -e -r "$ID" > "$passfile" + elif [[ $noecho -eq 1 ]]; then + stty -echo + echo -n "Enter password for $path: " + read password + echo + echo -n "Retype password for $path: " + read password_again + echo + stty echo + if [[ $password == $password_again ]]; then + gpg -e -r "$ID" > "$passfile" <<<"$password" + else + echo "Error: the entered passwords do not match." + exit 1 + fi + + else + echo -n "Enter password for $path: " + head -n 1 | gpg -e -r "$ID" > "$passfile" fi if [[ -d $GIT ]]; then git add "$passfile" -- cgit v1.2.3-54-g00ecf