commit 814bbf95ea9fd98af4c41938c40a4235a3e478c4
parent e14c00af8edf8d4b90b46fda9bf733630ef85199
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Tue, 4 Sep 2012 20:19:02 +0200
No echo mode.
Add a --no-echo flag to the insert operation so that the password isn't
echoed when entering it. This requires the user to echo the password
twice for confirmation.
Reported-by: Dominic Lüchinger <d.luechinger@snowgarden.ch>
Diffstat:
2 files changed, 42 insertions(+), 16 deletions(-)
diff --git a/man/pass.1 b/man/pass.1
@@ -70,11 +70,12 @@ using
.BR xclip (1)
and then restore the clipboard after 45 seconds.
.TP
-\fBinsert\fP [ \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP
+\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP
Insert a new password into the password store called \fIpass-name\fP. This will
-read the new password from standard in. If \fI--multiline\fP or \fI-m\fP is
-specified, lines will be read until EOF or Ctrl+D is reached. Otherwise, only
-a single line from standard in is read.
+read the new password from standard in. If \fI--no-echo\fP or \fI-n\fP is specified, do
+disable keyboard echo when the password is entered and confirm the password by asking
+for it twice. If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until
+EOF or Ctrl+D is reached. Otherwise, only a single line from standard in is read.
.TP
\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP
Generate a new password using
diff --git a/src/password-store.sh b/src/password-store.sh
@@ -23,8 +23,9 @@ Usage:
$program [show] [--clip,-c] pass-name
Show existing password and optionally put it on the clipboard.
If put on the clipboard, it will be cleared in 45 seconds.
- $program insert [--multiline,-m] pass-name
- Insert new optionally multiline password.
+ $program insert [--no-echo,-n | --multiline,-m] pass-name
+ Insert new password. Optionally, the console can be enabled to not
+ echo the password back. Or, optionally, it may be multiline.
$program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length
Generate a new password of pass-length with optionally no symbols.
Optionally put it on the clipboard and clear board after 45 seconds.
@@ -136,25 +137,49 @@ case "$command" in
;;
insert)
ml=0
- if [[ $1 == "--multiline" || $1 == "-m" ]]; then
- ml=1
- shift
- fi
- if [[ $# -ne 1 ]]; then
- echo "Usage: $program $command [--multiline,-m] pass-name"
+ noecho=0
+ while true; do
+ if [[ $1 == "--multiline" || $1 == "-m" ]]; then
+ ml=1
+ shift
+ elif [[ $1 == "--no-echo" || $1 == "-n" ]]; then
+ noecho=1
+ shift
+ else
+ break
+ fi
+ done
+ if [[ ( $ml -eq 1 && $noecho -eq 1 ) || $# -ne 1 ]]; then
+ echo "Usage: $program $command [--no-echo,-n | --multiline,-m] pass-name"
exit 1
fi
path="$1"
mkdir -p -v "$PREFIX/$(dirname "$path")"
passfile="$PREFIX/$path.gpg"
- if [[ $ml -eq 0 ]]; then
- echo -n "Enter password for $path: "
- head -n 1 | gpg -e -r "$ID" > "$passfile"
- else
+ if [[ $ml -eq 1 ]]; then
echo "Enter contents of $path and press Ctrl+D when finished:"
echo
cat | gpg -e -r "$ID" > "$passfile"
+ elif [[ $noecho -eq 1 ]]; then
+ stty -echo
+ echo -n "Enter password for $path: "
+ read password
+ echo
+ echo -n "Retype password for $path: "
+ read password_again
+ echo
+ stty echo
+ if [[ $password == $password_again ]]; then
+ gpg -e -r "$ID" > "$passfile" <<<"$password"
+ else
+ echo "Error: the entered passwords do not match."
+ exit 1
+ fi
+
+ else
+ echo -n "Enter password for $path: "
+ head -n 1 | gpg -e -r "$ID" > "$passfile"
fi
if [[ -d $GIT ]]; then
git add "$passfile"
