From c65a5cc723b490609010411ce96c604a097418d7 Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Fri, 19 Apr 2019 17:47:20 -0400 Subject: [PATCH] pass now used for password management --- README.md | 1 + bin/getmuttpass | 5 ----- mw | 52 +++++++++---------------------------------------- 3 files changed, 10 insertions(+), 48 deletions(-) delete mode 100755 bin/getmuttpass diff --git a/README.md b/README.md index af8852e..621f28e 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ Install these required programs: - `neomutt` - the email client. - `isync` - downloads and syncs the mail. - `msmtp` - sends the email. +- `pass` - safely encrypts passwords You also need a GPG key pair to encrypt passwords. If you don't know what that is, just run `gpg --full-gen-key` (or `gpg2 --full-gen-key`) to get one. diff --git a/bin/getmuttpass b/bin/getmuttpass deleted file mode 100755 index 006115f..0000000 --- a/bin/getmuttpass +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -GPG="gpg"; command -v gpg >/dev/null || GPG="gpg2" -pass=$(printf '%q' "$("$GPG" --decrypt --quiet "$HOME/.local/share/muttwizard/$1.gpg")") -echo "set smtp_pass=\"$pass\"" -echo "set imap_pass=\"$pass\"" diff --git a/mw b/mw index 991b853..d2f5318 100755 --- a/mw +++ b/mw @@ -2,15 +2,12 @@ muttdir="$HOME/.config/mutt" # Main mutt config location accdir="$muttdir/accounts" # Directory for account settings maildir="$HOME/.local/share/mail" # Location of mail storage -creddir="$HOME/.local/share/muttwizard" # Location of encrypted credentials bindir="$HOME/.config/mutt/bin" # Location of scripts run by mutt or the wizard namere="^[a-z_][a-z0-9_-]*$" # Regex to ensure viable username emailre=".\+@.\+\\..\+" # Regex to confirm valid email address mbsyncrc="$HOME/.mbsyncrc" [ ! -f "$muttdir/domains.csv" ] || [ ! -d "$bindir" ] && printf "Read the README. Be sure to put the repo in the right place before running.\\n" && exit 1 -gpgemail="$(grep "$emailre" "$creddir/gpgemail" 2>/dev/null)" # Get previously set gpg email address tmpdir="$(mktemp -d)" -GPG="gpg"; command -v gpg >/dev/null || GPG="gpg2" # Ensure proper gpg command # Get certificate location depending on OS. Linux is elsewhere condition. case "$(uname)" in @@ -34,13 +31,13 @@ host $smtp port $sport from $login user $login -passwordeval \"$GPG -d --quiet --for-your-eyes-only --no-tty $creddir/$title.gpg | sed -e '\$a\\'\" +passwordeval \"pass mutt-wizard-$title\" " mbsync_profile="IMAPAccount $title Host $imap User $login Port $iport -PassCmd \"gpg -q --for-your-eyes-only --no-tty -d ~/.local/share/muttwizard/$title.gpg\" +PassCmd \"pass mutt-wizard-$title\" SSLType IMAPS CertificateFile /etc/ssl/certs/ca-certificates.crt @@ -72,7 +69,8 @@ set folder = \"$maildir/$title\" set header_cache = $accdir/$title/cache/headers set message_cachedir = $accdir/$title/cache/bodies set certificate_file = $accdir/$title/certificates -source \"$bindir/getmuttpass $title |\" +set imap_pass = \`pass mutt-wizard-$title\` +set smtp_pass = \`pass mutt-wizard-$title\` alias me $realname <$fulladdr> @@ -177,39 +175,7 @@ EOF [ "$accounttype" = "offline" ] || sed -i "/IMAPAccount $title$/,/# End profile/d" "$mbsyncrc" } -getpass() { \ - printf "Now enter your password for the \"%s\" account. Don't worry, this will be encrypted and only you with your GPG key can view it.\\n\tPassword: " "$title" - stty -echo - read -r password - stty echo - echo "$password" > "$tmpdir/$title" - printf "Encrypting your password with %s..." "$GPG" - "$GPG" -r "$gpgemail" --encrypt "$tmpdir/$title" - printf "DONE\\nShredding all memory of your password for safety's sake..." - unset password - shred -u "$tmpdir/$title" - mkdir -p "$creddir" - mv "$tmpdir/$title.gpg" "$creddir/" - printf "DONE.\\n" -} - -askgpg() { \ - printf "To safely encrypt passwords, mutt-wizard requires that you have a GPG public/private key pair.\\n\\nPlease input the email address of your GPG key pair below.\\nEmail: \033[36m\t" - read -r gpgemail - printf "\033[0m" - while ! echo "$gpgemail" | grep "$emailre" >/dev/null; do - printf "That is not a valid email address. Please try again.\\nEmail: \033[36m\t" - read -r gpgemail - printf "\033[0m" - done - if "$GPG" -K | grep "<$gpgemail>" >/dev/null; then - mkdir -p "$creddir" - echo "$gpgemail" > "$creddir/gpgemail" - else - printf "You do not appear to have a private key associated with \033[33m%s\033[0m.\\nPlease generate a GPG key pair by running \`\033[32m%s --full-gen-key\033[0m\` and rerun the wizard.\\n" "$gpgemail" "$GPG" - exit 1 - fi -} +getpass() { pass rm -f "mutt-wizard-$title" 2>/dev/null ; pass insert "mutt-wizard-$title" ;} formatShortcut() { \ while read -r data; do { echo "macro index,pager g$1 \"$data\" \"Go to $2.\" # autogenerated" @@ -277,7 +243,7 @@ pick() { numbered="$(ls $accdir/*muttrc | sed "s/.*\///;s/\..*//" | nl)" return 0 ;} delete() { sed -i "/IMAPAccount $title$/,/# End profile/d" "$mbsyncrc" - rm -rf "${accdir:?}/${title:?}" "$creddir/$title.gpg" "$accdir/$title.muttrc" + rm -rf "${accdir:?}/${title:?}" "$accdir/$title.muttrc" sed -i "/$title.muttrc/d" "$muttdir/personal.muttrc" sed -i "/account $title/,/^\(\s*$\|account\)/d" "$HOME/.config/msmtp/config" #confirm "delete the local mail repository as well?" && rm -rf "${maildir:?}/${title:?}" @@ -326,8 +292,8 @@ addtype() { \ main() { \ while : ; do - [ -z "$gpgemail" ] && askgpg - printf "Current GPG key email: %s\\n\033[34m" "$gpgemail" + [ ! -f "$HOME/.password-store/.gpg-id" ] && printf "\`pass\` must be installed and initialized to encrypt passwords.\\nBe sure it is installed and run \`pass init \`.\\nIf you don't have a GPG public private key pair, run \`gpg --full-gen-key\` first.\\n" && exit + printf "Welcome to:\\n\033[34m" cat << "EOF" _ __ ___ _ _| |_| |_ __ _(_)______ _ _ __ __| | | '_ ` _ \| | | | __| __|___\ \ /\ / / |_ / _` | '__/ _` | @@ -354,7 +320,7 @@ Input a number to continue or press ctrl-c.\\n" 2) pick "change the password of" && confirm "change the password of" && getpass ;; 3) pick delete && confirm "delete the \`$title\` profile" && delete ;; 4) askgpg ;; - 5) confirm "delete all account data" && rm -ri "$mbsyncrc" "$accdir" "$creddir" "$muttdir/personal.muttrc" && echo "All configs and account settings have been purged." ;; + 5) confirm "delete all account data" && rm -ri "$mbsyncrc" "$accdir" "$muttdir/personal.muttrc" && echo "All configs and account settings have been purged." ;; 6) choosecron ;; 0) break ;; *) printf "Invalid input.\\n"