Closed VPanteleev-S7 closed 1 year ago
Here is a bash script which speaks a minimal subset of the pinentry protocol and fetches a secret from rbw. It seems to be enough for GPG.
#!/bin/bash
set -eEuo pipefail
# Shim between rbw and a program which speaks pinentry.
# Specify the name of the secret that we should produce on standard output.
secret_name=$1
echo 'OK'
while IFS=' ' read -r command args ; do
case "$command" in
GETPIN)
printf 'D '
rbw get "$secret_name" | jq -sRr @uri | head -c -4
printf '\n'
echo 'OK'
;;
BYE)
exit
;;
*)
echo 'ERR Unknown command'
;;
esac
done
To use it, save it somewhere, then create a script (e.g. rbw-pinentry-gpg
) which runs it with the name of the secret (e.g. "Encryption key for my GPG key"
) as the parameter. Set pinentry-program
to the path of the second script.
@VPanteleev-S7 Does it work? I'm getting an error when I try.
Here is a bash script which speaks a minimal subset of the pinentry protocol and fetches a secret from rbw. It seems to be enough for GPG.这是一个 bash 脚本,它说出 pinentry 协议的最小子集,并从 rbw 获取密钥。对于GPG来说,这似乎已经足够了。
#!/bin/bash set -eEuo pipefail # Shim between rbw and a program which speaks pinentry. # Specify the name of the secret that we should produce on standard output. secret_name=$1 echo 'OK' while IFS=' ' read -r command args ; do case "$command" in GETPIN) printf 'D ' rbw get "$secret_name" | jq -sRr @uri | head -c -4 printf '\n' echo 'OK' ;; BYE) exit ;; *) echo 'ERR Unknown command' ;; esac done
To use it, save it somewhere, then create a script (e.g.
rbw-pinentry-gpg
) which runs it with the name of the secret (e.g."Encryption key for my GPG key"
) as the parameter. Setpinentry-program
to the path of the second script.要使用它,请将其保存在某个地方,然后创建一个脚本(例如rbw-pinentry-gpg
),该脚本以密钥的名称(例如"Encryption key for my GPG key"
)作为参数运行它。设置为pinentry-program
第二个脚本的路径。
Would it be possible to somehow make rbw talk the pinentry protocol with programs which attempt to read a secret, so that the secret is fed directly out of rbw?
For example, I would like to encrypt a GPG private key and store the encryption password in Bitwarden. I would then set
pinentry-program
ingpg-agent.conf
to the path of a script which runsrbw pinentry-get "Encryption key for my GPG key"
.