search

doy / rbw

unofficial bitwarden cli
https://git.tozt.net/rbw
Other
581 stars 83 forks source link

Use rbw as a pinentry program #108

Closed VPanteleev-S7 closed 1 year ago

VPanteleev-S7 commented 1 year ago

Would it be possible to somehow make rbw talk the pinentry protocol with programs which attempt to read a secret, so that the secret is fed directly out of rbw?

For example, I would like to encrypt a GPG private key and store the encryption password in Bitwarden. I would then set pinentry-program in gpg-agent.conf to the path of a script which runs rbw pinentry-get "Encryption key for my GPG key".

VPanteleev-S7 commented 1 year ago

Here is a bash script which speaks a minimal subset of the pinentry protocol and fetches a secret from rbw. It seems to be enough for GPG.

#!/bin/bash
set -eEuo pipefail

# Shim between rbw and a program which speaks pinentry.
# Specify the name of the secret that we should produce on standard output.

secret_name=$1

echo 'OK'

while IFS=' ' read -r command args ; do
    case "$command" in
        GETPIN)
            printf 'D '
            rbw get "$secret_name" | jq -sRr @uri | head -c -4
            printf '\n'
            echo 'OK'
            ;;
        BYE)
            exit
            ;;
        *)
            echo 'ERR Unknown command'
            ;;
    esac
done

To use it, save it somewhere, then create a script (e.g. rbw-pinentry-gpg) which runs it with the name of the secret (e.g. "Encryption key for my GPG key") as the parameter. Set pinentry-program to the path of the second script.

running-grass commented 6 months ago

@VPanteleev-S7 Does it work? I'm getting an error when I try.

Here is a bash script which speaks a minimal subset of the pinentry protocol and fetches a secret from rbw. It seems to be enough for GPG.这是一个 bash 脚本,它说出 pinentry 协议的最小子集,并从 rbw 获取密钥。对于GPG来说,这似乎已经足够了。

#!/bin/bash
set -eEuo pipefail

# Shim between rbw and a program which speaks pinentry.
# Specify the name of the secret that we should produce on standard output.

secret_name=$1

echo 'OK'

while IFS=' ' read -r command args ; do
  case "$command" in
      GETPIN)
          printf 'D '
          rbw get "$secret_name" | jq -sRr @uri | head -c -4
          printf '\n'
          echo 'OK'
          ;;
      BYE)
          exit
          ;;
      *)
          echo 'ERR Unknown command'
          ;;
  esac
done

To use it, save it somewhere, then create a script (e.g. rbw-pinentry-gpg) which runs it with the name of the secret (e.g. "Encryption key for my GPG key") as the parameter. Set pinentry-program to the path of the second script.要使用它,请将其保存在某个地方,然后创建一个脚本(例如 rbw-pinentry-gpg ),该脚本以密钥的名称(例如 "Encryption key for my GPG key" )作为参数运行它。设置为 pinentry-program 第二个脚本的路径。