💾 Archived View for entalpi.net › posts › 2021-02-20-rofi-password-manager.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

Rofi is awesome

Rofi is an amazing piece of software. I appreciate how well it integrates in my

I3-based desktop environment.

I use the built-in app launcher for some time now. Some months ago, I was

worried by the fact that passmenu, a dmenu wrapper for pass, the UNIX password

manager, copy the chosen password to the graphical server clipboard.

The problem is that any application running on my linux system with my UID, or

even web JS scripts, can access the content of the clipboard, and then potentially get my passwords.

I then searched for solutions involving keyboard typing simulation to avoid

this inconvenience. Unfortunately, I found that most existing solutions built on

pass were unsatisfying, as they required a specific format for pass files or

were only handling qwerty keymap.

Then I decided to build up a custom solution.

I came with that script :

#!/bin/env bash

# Set the good keywap - should be done when X11 or the WM is initialized
setxkbmap fr bepo

# Pass store directory
STORE=~/.password-store/

# Get the different passwords key/name
PASSLIST=$(find $STORE -type f -name "*.gpg" | cut -d/ -f 5- | sed 's\.gpg\\g') &&

# Pipe the password into rofi for user selection
REQPASS=$(echo "$PASSLIST" | rofi -show -dmenu -) &&

# Query pass to get the first line of password file, containing the password
PASSWORD=$(pass "$REQPASS" | head -n 1) &&


#If the password is found,
if [[ $PASSWORD != "" ]] ; then
  #Get the last word and every other words
  LASTWORD=$(echo $PASSWORD | rev | cut -d ' ' -f 1 | rev ) &&
  WORDS=$(echo $PASSWORD | rev | cut -s -d ' ' -f 2- | rev ) &&

  #type every word and the in-between space.
  for word in $WORDS ; do
    printf "%s" $word | xdotool type --clearmodifiers --window=$WID --delay 12 --file - &&
    xdotool key --clearmodifiers --window=$WID --delay 12 space
  done
  
  #print the last word
  printf "%s" $LASTWORD | xdotool type --clearmodifiers --window=$WID --delay 12 --file - &&
  #send a notification with dunst
  notify-send "Password Yanked"
fi

Then I binded a key in I3 to that script. Now I have a convenient, more secure

and application agnostic way to grab my passwords, that are uniques and very

long.

Lucas