Open doronbehar opened 6 years ago
TL;DR:
Create an alias or function in your shell to use GPG to encrypt and decrypt your ~/.2fa
file:
BASH function:
2fa() { gpg --decrypt ~/.2fa.gpg > ~/.2fa; **/path/to**/go/bin/2fa "$@"; rm ~/.2fa; }
Fish function:
function 2fa
gpg --decrypt **/path/to**/.2fa.gpg > ~/.2fa
/path/to/go/bin/2fa $argv
rm ~/.2fa
end
Long Response:
I was able to solve this by writing a function in my shell (fish) to use gpg to decrypt the file. You could do the same thing with BASH using an alias or just writing a shell script.
It's a sloppy solution but it totally works and relies on the security of GPG rather than keeping the file stored in plaintext.
As an example, here is my function for fish:
function 2fa
gpg --decrypt ~/.2fa.gpg > ~/.2fa
/path/to/go/bin/2fa $argv
rm ~/.2fa
end
This example presumes that the ~/.2fa
file has been encrypted with gpg and stored as ~/.2fa.gpg
. Once the encrypted file exists, you can remove the original ~/.2fa
file that has everything stored in plaintext.
To break down the function:
gpg --decrypt ~/.2fa.gpg > ~/.2fa
will decrypt the gpg file and create a ~/.2fa
file.
/path/to/go/bin/2fa $argv
will run the 2fa binary and accept arguments.
rm ~/.2fa
will remove the ~/.2fa
file. You could erase it securely using shred
instead.
Hi,
First of all, this is a great command line utility so thank you for making it.
Adding support for a password encrypted using PGP/GPG could be cool. A JSON format like the one outputs the backup mechanism of https://github.com/andOTP/andOTP could be great, because the secrets can be shared easily between the
2fa
andandOTP
on Android.Here is an example of a formatted decrypted JSON backup made by andOTP:
I'll be glad to hear your thoughts :)