v0.1-prealpha-rc1-prerelease
This commit is contained in:
parent
d842c19231
commit
e15f56019d
2 changed files with 87 additions and 3 deletions
|
|
@ -5,3 +5,5 @@ OTPish is a bash script that wraps oathtool and age to provide a workflow to man
|
|||
This is just thrown together and should probably not be used in production.
|
||||
|
||||
YMMV.
|
||||
|
||||
`otpish help` should be useful
|
||||
|
|
|
|||
82
otpish
Executable file
82
otpish
Executable file
|
|
@ -0,0 +1,82 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
COMMAND=$1
|
||||
NAME=$2
|
||||
DEPENDS=("age" "oathtool")
|
||||
OTPISH_HOME=${HOME}/.otpish
|
||||
OTP=${OTPISH_HOME}/otp
|
||||
PRIVKEY=${OTPISH_HOME}/privkey
|
||||
PUBKEY=${OTPISH_HOME}/pubkey
|
||||
|
||||
print_help() {
|
||||
echo otpish is a little wrapper around oathtool
|
||||
echo this was just thrown together an is probably not prod ready
|
||||
echo it stores your password encrypted key at ~/.otpish/key
|
||||
echo it stores your encrypted otp secret keys in ~/.otpish/otp
|
||||
echo depends on: $(for i in ${DEPENDS[@]}; do echo -n "${i} "; done)
|
||||
echo commands:
|
||||
echo help print this help
|
||||
echo dump dump out all raw otpauth uris
|
||||
echo get get otp code with passed name
|
||||
}
|
||||
|
||||
if [ "${COMMAND}" = "help" ]; then
|
||||
print_help
|
||||
fi
|
||||
|
||||
# check if dependent packages exist
|
||||
for pkg in ${DEPENDS[@]}; do
|
||||
if ! command -v ${pkg} &> /dev/null; then
|
||||
echo "please install ${pkg}"
|
||||
echo "install using apt? y/N"
|
||||
read install_pkg
|
||||
if [ "${install_pkg}" = "y" ] || [ "${install_pkg}" = "Y"]; then
|
||||
sudo apt install ${pkg}
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# check if key exists
|
||||
if ! [ -d "${OTPISH_HOME}" ]; then
|
||||
mkdir ${OTPISH_HOME}
|
||||
fi
|
||||
|
||||
if ! [ -f "${PRIVKEY}" ]; then
|
||||
echo creating keypair
|
||||
age-keygen 2> ${PUBKEY} | age --passphrase --output ${PRIVKEY}
|
||||
sed -i 's/Public key: //' ${PUBKEY}
|
||||
fi
|
||||
|
||||
if [ "${COMMAND}" = "dump" ]; then
|
||||
if ! [ -f ${OTP} ]; then echo no otps configured add one first; exit; fi
|
||||
age -i ${PRIVKEY} -d ${OTP}
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "${COMMAND}" = "get" ]; then
|
||||
if [ -z ${NAME} ]; then echo get requires a name; exit; fi
|
||||
if ! [ -f ${OTP} ]; then echo no otps configured add one first; exit; fi
|
||||
uri=$(age -i ${PRIVKEY} -d ${OTP} | grep "${NAME}?")
|
||||
otp_info=$(echo -n ${uri} | cut -d '?' -f 2)
|
||||
oIFS=${IFS}
|
||||
IFS="&"
|
||||
declare -a fields=(${otp_info})
|
||||
IFS=${oIFS}
|
||||
for i in ${fields[@]}; do
|
||||
if [ "$(echo ${i} | cut -d'=' -f1)" = "secret" ]; then secret=$(echo ${i} | cut -d'=' -f2); fi
|
||||
if [ "$(echo ${i} | cut -d'=' -f1)" = "digits" ]; then digits=$(echo ${i} | cut -d'=' -f2); fi
|
||||
if [ "$(echo ${i} | cut -d'=' -f1)" = "period" ]; then period=$(echo ${i} | cut -d'=' -f2); fi
|
||||
done
|
||||
oathtool --totp -b -s "${period}s" -d ${digits} ${secret}
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "${COMMAND}" = "add" ]; then
|
||||
echo input otpauth uri
|
||||
read otp_uri
|
||||
uri=${otp_uri}
|
||||
if [ -f ${OTP} ]; then echo unlocking otp file; uris=$(age -i ${PRIVKEY} -d ${OTP}); else uris=""; fi
|
||||
uris=(${uris} ${uri})
|
||||
echo ${uris[@]} | sed 's/ /\n/g' | age -r $(cat ${PUBKEY}) -o ${OTP}
|
||||
exit
|
||||
fi
|
||||
Reference in a new issue