balrog

A partial drop-in replacement for pass and pass-otp written in POSIX shell.
git clone https://git.stjo.hn/balrog
Log | Files | Refs | README | LICENSE

commit ae49ca64df0243ccf9bc826035f79533939d92c6
parent 17b155bab2914fbf4658497f84dfc2eeefa43b0e
Author: St John Karp <contact@stjo.hn>
Date:   Tue,  7 Sep 2021 22:15:04 -0400

Fix the edit command and add handling for some scenarios

- Fixed the gpg2 command used when editing a password.
- Create the password's folder if it doesn't already exist.
- Only try to encrypt/delete the temp file if it's been saved.

I'm currently using this in lieu of the "insert" command, which I
can't figure out how to implement securely. Either I read input
into a variable, which doesn't sound secure, or I have the user
input a password directly into gpg2, which requires doing CTRL-D
to end the input.

Diffstat:
Mbalrog | 16+++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/balrog b/balrog @@ -65,12 +65,22 @@ KEY_FILE="$STORE/$KEY.gpg" while [ -n "$ACTION" ] ; do case "$ACTION" in edit) + # Create the path. + mkdir -p "${KEY_FILE%/*}" + # Decrypt to a temporary file, allow the user to edit it, # then re-encrypt and delete the temp file. - gpg2 --decrypt --quiet "$KEY_FILE" --output "$TMP_FILE" + [ -f "$KEY_FILE" ] && + gpg2 --quiet --output "$TMP_FILE" --decrypt "$KEY_FILE" + + # Allow the user to edit a temporary file, + # then encrypt it and delete the temp file. "${EDITOR:-vi}" "$TMP_FILE" - gpg2 --quiet --encrypt --default-recipient-self --output "$KEY_FILE" 2> /dev/null - rm "$TMP_FILE" + + [ -f "$TMP_FILE" ] && + gpg2 --quiet --yes --encrypt --default-recipient-self --output "$KEY_FILE" "$TMP_FILE" 2> /dev/null && + rm "$TMP_FILE" || + echo "No changes..." ACTION='' ;;