From c63fca8581352028651f6bc9c2074620c3a27352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Cornell=C3=A0?= Date: Fri, 27 Dec 2019 02:47:26 +0100 Subject: [PATCH] otp: add README and use clipcopy --- plugins/otp/README.md | 22 ++++++++++++++++++++++ plugins/otp/otp.plugin.zsh | 19 +++++-------------- 2 files changed, 27 insertions(+), 14 deletions(-) create mode 100644 plugins/otp/README.md diff --git a/plugins/otp/README.md b/plugins/otp/README.md new file mode 100644 index 000000000..8331fd02b --- /dev/null +++ b/plugins/otp/README.md @@ -0,0 +1,22 @@ +# otp plugin + +This plugin allows you to create one-time passwords using [`oathtool`](https://www.nongnu.org/oath-toolkit/man-oathtool.html), +able to replace MFA devices. The oathtool key is kept in a GPG-encrypted file so the codes +can only be generated by a user able to decrypt it. + +To use it, add `otp` to the plugins array in your zshrc file: +```zsh +plugins=(... otp) +``` + +Provided aliases: + +- `otp_add_device`: creates a new encrypted storage for an oathtool key and stores it + on the disk. For encrypting the key, it will ask for a GPG user ID (your GPG key's + email address). Then the OTP key needs to be pasted, followed by a CTRL+D character + inserted on an empty line. + +- `ot`: generates a MFA code based on the given key and copies it to the clipboard + (on Linux it relies on xsel, on MacOS X it uses pbcopy instead). + +The plugin uses `$HOME/.otp` to store its internal files. diff --git a/plugins/otp/otp.plugin.zsh b/plugins/otp/otp.plugin.zsh index 4bce34fd3..8be125c93 100644 --- a/plugins/otp/otp.plugin.zsh +++ b/plugins/otp/otp.plugin.zsh @@ -12,32 +12,23 @@ function ot () { return 1 fi - if [[ `uname` == 'Darwin' ]] then # MacOS X - export COPY_CMD='pbcopy' - elif command -v xsel > /dev/null 2>&1; then # Any Unix with xsel installed - export COPY_CMD='xsel --clipboard --input' - else - COPY_CMD='true' - fi + COPY_CMD='true' - if [[ "x$1" == "x" ]]; then - echo "usage: otpw " + if [[ -z "$1" ]]; then + echo "usage: $0 " return 1 elif [ ! -f $OTP_HOME/$1.otp.asc ]; then echo "missing profile $1, you might need to create it first using otp_add_device" return 1 else totpkey=$(gpg --decrypt $OTP_HOME/$1.otp.asc) - oathtool --totp --b $totpkey | tee /dev/stderr | `echo $COPY_CMD` - if [[ $COPY_CMD == 'true' ]] then - echo "Note: you might consider installing xsel for clipboard integration" - fi + oathtool --totp --b $totpkey | tee /dev/stderr | clipcopy fi } function otp_add_device () { if [[ "x$1" == "x" ]] then - echo "usage: otp_add " + echo "usage: $0 " return 1 else echo "Enter an email address attached to your GPG private key, then paste the secret configuration key followed by ^D"