pass

- posix password manager
git clone git://git.acid.vegas/pass.git
Log | Files | Refs | Archive | README | LICENSE

commit df2fcc16a3c4be356e9605e6142d67646647b7c4
parent f5af7eb4180ccf22af49669fb656a2d95bd1b4f6
Author: acidvegas <acid.vegas@acid.vegas>
Date: Sat, 23 Dec 2023 23:28:14 -0500

Added Termux support (no /dev/shm on termux) and Smartcard support

Diffstat:
MREADME.md | 19++++++++++++++++++-
Mpass | 2++

2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
@@ -11,11 +11,11 @@ Similar to [password-store](https://git.zx2c4.com/password-store/about/), but wr
 
 ###### Optional Requirements
 - [nano](https://www.nano-editor.org/)                      *(required only if environment variable `$EDITOR` is not set)*
-- [dmenu](https://tools.suckless.org/dmenu/)                *(required for menu)*
 - [pinentry-dmenu](https://github.com/ritze/pinentry-dmenu) *(required for menu)*
 - [xclip](https://github.com/astrand/xclip)                 *(required for menu to copy passwords)*
 - [xdotool](https://github.com/jordansissel/xdotool)        *(required for menu to type passwords)*
 - [oath-toolit](https://www.nongnu.org/oath-toolkit/)       *(required for 2FA)*
+- [gnupg2-scdaemon](https://linux.die.net/man/1/scdaemon)   *(required for smartcard support)*
 
 ## Config
 Edit the source code to change these settings:
@@ -57,6 +57,23 @@ fi
 ```
 Make it executable with `chmod +x $HOME/.gnupg/pinentry-wrapper` and then edit your `$HOME/.gnupg/gpg-agent.conf` to include `pinentry-program $HOME/.gnupg/pinentry-wrapper`.
 
+## SmartCard Support
+Using a [Smart Card](https://en.wikipedia.org/wiki/Smart_card) such as a [YubiKey](https://www.yubico.com/) with pass simply requires setting up your GPG key to recognize your card.
+
+First, you will need to install `scdaemon` & enable the service on your system in order to recognize your smartcards. After you set this up, you can check if your card is recognized with the `gpg --card-status` command.
+
+Edit your GPG key with `gpg --edit-key [Your-Key-ID]` & run the follow commands in the interactive session:
+```
+key 1
+keytocard
+save
+```
+
+
+## Ideas & TODO
+- Hash file names for obsurity *(`pass rm <entry>` & `pass mv <entry>` since file names will be hashed)*
+- Better way than using a hard coded `GPG_ID` & maybe on the fly `METHOD` selection
+
 ___
 
 ###### Mirrors

diff --git a/pass b/pass
@@ -18,6 +18,8 @@ edit() {
 	local template="pw.XXXXXXXXXXXXX"
 	if [ -d /dev/shm ] && [ -w /dev/shm ] && [ -x /dev/shm ]; then
 		tmp=$(mktemp /dev/shm/$template)
+	elif [ ! -z $PREFIX ] && [ -d $PREFIX/tmp ]; then
+		tmp=$(mktemp $PREFIX/usr/tmp/$template)
 	else
 		echo "warning: /dev/shm does not exist or is missing permissions required for temporary files (using insecure fallback to /tmp directory)"
 		tmp=$(mktemp /tmp/$template)