░█░█░█░█░█▀█░▀█▀░░░█░█░█▀█░█▀▀░░░█░█░█▀▄░█▀█░█▀█░█▀▀ ░█▄█░█▀█░█▀█░░█░░░░█▄█░█▀█░▀▀█░░░█▄█░█▀▄░█░█░█░█░█░█ ░▀░▀░▀░▀░▀░▀░░▀░░░░▀░▀░▀░▀░▀▀▀░░░▀░▀░▀░▀░▀▀▀░▀░▀░▀▀▀
WWW in French
What Was Wrong
9 June 2021
rofi to log you into your websites
This script is to be used with dmenu or rofi. It will list all websites for which you have a password managed by pass and will call the totp token for the selected website thanks to totp-cli if it exists.
The script will append each entry with a number to make selection easier/faster than writing the full website's name when calling the options listed in features below.
To run this script you will need:
(you can either one of them. This script is written to use rofi but you can easily adapt it to use dmenu if you replace the rofi commands by dmenu)
xdotool to simulate keypress
(otpional - if you want to manage/access your totp tokens. totp-cli is a simple command line application to generate OTP tokens for two factor authentication using RFC6238. totp-cli fetches your shared key from pass)
copyq is used here as my clipboard manager for several reasons but you can use xclip or something similar if you prefer. See here for my dmenu and copyq interaction:
There is a dmenu wrapper called passmenu but it is limited to copy your password to the clipboard. I came up with this script to add the options to copy your username, password, or totp token and to automatically paste it in the active window when selected. It can also take care of the entire login process for you if you prefer. By pressing Enter, it will automatically fill the username and password fields and show you the totp token if it exists and wait for you to select it when the website is ready to accept it.
Note that the script manages the 2 most common username/password fields formatting options (i.e. will automatically complete these fields if they are on the same page or if the website ask for the username on the first page and for the password on the next page). By default, it will use the first option to fill these fields. If a website is offering the second formatting option, you can tell the script to act accordingly by adding "Tab" on line 4 of your password file (see below).
When calling this script, you can start typing the command below in dmenu/rofi:
?u: show username and automatically paste in active window if selected
?p: show password and automatically paste in active window if selected
?l: show url and automatically paste in active window if selected
?t: show totp token (if exists) and automatically paste in active window if selected
enter: automatically paste username and password in active window. Will prompt totp token and paste it when/if selected
Following one of this command with a number will execute the command for the given website (e.g. ?u12 will show you the username for the website#12).
Configuring your gpg key to encrypt your passwords
Type gpg --full-gen-key in a terminal and leave everything by default unless you have specific requirements. When done, it will ask for your passphrase. You have to remember it and be sure to NEVER EVER forget it. This is your key and only mean to access the passwords/tokens you will create with pass/totp-cli.
Initiate your pass
Type the following in a terminal:
pass init gpg-id # use the gpg-id you've created above
pass insert -m Pwd/NAME # use whatever path you'd like and adjust the script if you're not going with Pwd. For NAME go with whatever seems relevant to the website.
This last command will allow you to generate a file where each line will store one information. The script is written to work with the following file structure:
- line 1: your password.
- line 2: your username.
- line 3: the url of the website.
- line 4: write "Tab" (without the quotes) if you want the script to automatically fill the username/password fields of a website which is asking for your username on the first page and for your password on a second page.
Note that you can use the command "pass edit Pw/NAME" to modify an existing file, and "pass generate NAME LENGTH" to generate a new password of LENGTHS characters for a file named NAME.
Also, you can copy/paste your passwords files and gpg key on your phone and use "password store" to access/manage your passwords in Android.
This is why line 1 of the file structure here is dedicated to the password. Indeed, password store is expecting for the password on this line,.
In the settings of a website, find the 2 factors authentication settings. Once you have a QR code, look for the option to use a key instead and copy it when totp-cli is asking for a shared key after typing "totp -a NAME" in a terminal (where NAME is a relevant name for your file).
You can then manually generate a token by typing "totp -show NAME" in a terminal.
Note that if you're using an app like andotp on your Android phone to manage your tokens I recommend flashing the QR code and then creating a token with totp-cli so totp-cli and your phone app will use the same tokens to access the same website. If you do so, just double check that the generated token on the first use is the same on your computer and on your phone since I've noticed that sometimes it can differ (which is weird).
This script is available on my gitlab (named rofi-pass.sh)
(remember that I'm not a professional IT and this script may not written at best but at least it works)
Hope you'll find it useful. Don't hesitate to let me know and/or to submit improvements !
📬 contact me: firstname.lastname@example.org