From dcffb01c5b31b5bc9ad8da85099ea8c550aa358c Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sat, 11 Dec 2021 10:08:56 -0500 Subject: Added id-init script and added it to xinitrc. Removed comment from xinitrc referencing dwm startup loop that is no longer implemented. --- .local/bin/id-init | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100755 .local/bin/id-init (limited to '.local/bin/id-init') diff --git a/.local/bin/id-init b/.local/bin/id-init new file mode 100755 index 0000000..82d4a7b --- /dev/null +++ b/.local/bin/id-init @@ -0,0 +1,38 @@ +#!/bin/bash +# +# Initalizes various identity management programs +# +# Must be run with bash (or probably any other shell that is not narrowly posix-compliant) +# to use here-string redirection +# +# This is a very short script but may require some explanation as to its purpose. +# +# I use both KeePassXC and pass for password management. This may seem redundant, and in some +# aspects it probably is, but for me each program has a purpose that the other cannot fill +# completely. Pass is great for programmatic access of passwords because of its use of +# gpg-agent, and KeePassXC's integration with ssh-agent is very useful. +# +# This script first caches the passhphrase for the GPG key which allows further use of the +# key without a prompt for a password - this of course applies to pass as well since it uses +# the gpg key. KeePassXC is then opened, which also adds the SSH keys to the ssh-agent. +# +# KeePassXC, pass, gpg-agent, and ssh-agent are then all initialized and ready to be +# used without any further user input, with just one set of credentials. + + +# Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC +# Caching the GPG passphrase will allow access to pass without user input +# +# gpg-agent must be started with --allow-preset-passhprase or have it in the config file +# gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours +# you may want to increase that if you want the password to be cached for the whole session + +KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)" +/usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP \ + <<< "$(keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG)" + +# Open graphical KeePassXC with password stored in pass, now that pass can be accessed +# without entering credentials for the GPG key +# This will also add SSH keys to ssh-agent + +keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)" -- cgit v1.2.3