15 comments

[ 3.8 ms ] story [ 42.5 ms ] thread
This seems to be the same functionality that pass[0] offers.

[0] https://www.passwordstore.org/

pass doesn't have a command to directly source contents of a stored password into shell variables. But it would be great to bring that functionality from this tool into pass.
Nice, must have been a fun project! I'm not sure, though, whether it adds enough distinct functionality to warrant a project?

Lazy version:

    $ encfs $HOME/Dropbox/creds $HOME/.creds
    $ cat >~/bin/creds <<<'EOF'
    #!/bin/sh

    $CREDS=$HOME/.creds/$2.sh

    case "$1" in
    add|edit)
        $EDITOR $CREDS
        [ -f $CREDS ] && chmod +x $CREDS
        ;;
    list)
        echo $HOME/.creds/*.sh \
            | xargs -I '{}' -n1 basename {} .sh \
            | less -SRFX
        ;;
    esac
    EOF
    $ chmod +x ~/bin/creds
EDIT: lessen <pre> width
I wish there was an alternative to GPG or at least some bare-minimum implementation with a decent API. The only "libraries" are wrappers on top of the gpg executable.

Maybe there is an alternative that I don't know of?

Library? Do you mean something like gpgme?

https://www.gnupg.org/documentation/manuals/gpgme/

GPGME is a wrapper on top of the GPG executable. It also has a horrendous API. I'm still currently fighting with it just to simply encrypt/decrypt a tarball going to S3. It's really badly designed.
I know exactly what you are going though.

Don't look at the source code of GPG, it will give you nightmares.

GPGME is still just a wrapper around the gpg exeutable and the source code is 961 kB (!). It's not a real "library".
Yeah this is a common complaint. I don't have direct experience with NaCL/libsodium or Keyczar but check them out. Do you mean a bitstream-compatible thing, or a GPG/PGP alternative?
libsodium is pretty GPG compatible. Diffie-Hellman key exchange function[X25519]: int crypto_scalarmult(unsigned char q, const unsigned char n, const unsigned char p);

crypto_secretbox_easy() for both encrypting + signing in the traditional public-key fashion. AES-256-GCM is there for symmetric sessions. Even OTP's are supported. I don't think there's the full PKI/WoT implementation in there, at the moment, but it's definitely sufficient to do most of the heavy lifting.

(N.b. the documentation is only like 70 pages long, read the relevant sections on: sodium_memzero(), sodium_mlock(), the notes on VMs, the notes if you have swapon, the notes on disabling coredumps, don't use malloc, use sodium_malloc() (and with that, the appropriate padding precautions should be taken if you use sodium_allocarray()), and source your entropy properly. All of this is covered in the API guide. Consult it, because I'm likely misremembering one or two things.)

Reop is not really the answer, but I think it (and NaCl with it) is the best starting point for building a GPG replacement. Of course it does not fit if you need compatibility with actual GPG for some reason.

http://www.tedunangst.com/flak/post/reop

hunter2 ( https://chiselapp.com/user/rkeene/repository/hunter2/ ) does not rely on (or even directly support) GPG. It's written in mostly Tcl with some C glue to call any PKCS#11 module. I tend to use CACKey, which talks directly to my smartcard using PC/SC from pcsc-lite and performs RSA on the card itself. Hope this helps !
Dopesauce. I always welcome a new command line tool - it's the most effective place to do things.