genpass-bash/genpass.sh at master · dbear496/genpass-bash · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
#!/usr/bin/bash

# GenPass parameters
update_confdir() {
  confdir=$1
  seedfile="$confdir/seed"
  seedcheckfile="$confdir/seed_check"
  tagsfile="$confdir/tags"
}
update_confdir "$HOME/.genpass"
saltstr="salt" # changing saltstr or saltsize will change the generated passwords
saltsize=100000000 # one hundred million

# command line defaults
create="n"
change="n"
clip="n"
print="y"
output=""
help="n"
listtags="n"

# command line parsing. I got this from stack overflow
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
  case $1 in
    --create)
      create="y"
      newseedfile=$2
      shift # past argument
      shift
      ;;
    --change)
      change="y"
      shift # past argument
      ;;
    -c|--clipboard)
      clip="y"
      print="n"
      shift # past argument
      ;;
    --no-clipboard)
      clip="n"
      shift # past argument
      ;;
    -p|--print)
      print="y"
      clip="n"
      shift # past argument
      ;;
    -n|--no-print)
      print="n"
      shift # past argument
      ;;
    -b|--both)
      print="y"
      clip="y"
      shift # past argument
      ;;
    -o|--output)
      output=$2
      shift # past argument
      shift
      ;;
    -l|--list-tags)
      listtags="y"
      shift
      ;;
    --home)
      update_confdir $2
      shift # past argument
      shift
      ;;
    -h|--help)
      help="y"
      shift # past argument
      ;;
    -*|--*)
      echo "Unknown option $1"
      exit 1
      ;;
    *)
      echo "Unknown option $1"
      exit 1
      POSITIONAL_ARGS+=("$1") # save positional arg
      shift # past argument
      ;;
  esac
done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters

# help message
if [[ $help == "y" ]]; then
  echo "genpass [-c | --clipboard] [--no-clipboard] [-p | --print] [-n | --no-print] [-b | --both] [{-o | --output} <file>] [--create] [-h | --help]"
  echo "  -c, --clipboard - copy the password to the clipboard and do not print"
  echo "  --noclipbaord   - do not copy to the clipboard"
  echo "  -p, --print     - print the password to stdout and do not copy to the clipboard (default)"
  echo "  -n, --no-print  - do not print to stdout"
  echo "  -b, --both      - print the password to stdout and copy it to the clipboard"
  echo "  -o <file>"
  echo "  --output <file> - write the password to <file>"
  echo "  -l, --list-tags - print all known tags to standard out"
  echo "  --create        - create/change the master password. WARNING: This will change the generated passwords!"
  echo "  -h, --help      - print this help message"
  exit
fi

if [[ "$listtags" == "y" ]]; then
  if [[ -f "$tagsfile" ]]; then
    cat $tagsfile
  fi
  exit
fi

# create the configuration directory if it doesn't already exist
if ! [ -d $confdir ]; then mkdir -p $confdir; fi

# import seed or change password
if [[ $create == "y" || $change == "y" ]]; then
  if [[ $create == "y" && $change == "y" ]]; then
    echo "genpass: incompatable options --create and --change" >&2
    exit 1
  fi
  if [[ $change == "y" ]]; then
    # get and verify old password
    while
      echo -n "old password: "; read -s oldpassword; echo
      ! openssl aes256 -d -in $seedfile -pass file:<(echo -n $oldpassword) -pbkdf2 2>/dev/null |
        cat - <(yes $saltstr | tr -d '\n' | head -c$saltsize) |
        openssl sha256 -binary |
        cmp -s - $seedcheckfile
    do
      echo "incorrect password, try again"
    done
  elif [ -e $seedfile ]; then
    echo "WARNING: Setting new seed. This will change existing passwords."
  fi
  # get and confirm new password
  while
    echo -n "new password: "; read -s newpassword; echo
    echo -n "confirm new password: "; read -s conf; echo
    [[ "$newpassword" != "$conf" ]]
  do
    echo "passwords do not match, try again"
  done

  if [[ $create == "y" ]]; then
    # create a new seed check file from the imported seed
    cat $newseedfile | tee >(
      cat - <(yes $saltstr | tr -d '\n' | head -c$saltsize) |
      openssl sha256 -binary > ${seedcheckfile}.tmp
    )
  else
    # decrypt the seed with the old password
    cp "${seedcheckfile}"{,.tmp}
    openssl aes256 -d -in $seedfile -pass file:<(echo -n $oldpassword) -pbkdf2
  fi |
    # encrypt the seed with the new password
    openssl aes256 -e -pass file:<(echo -n $newpassword) -pbkdf2 > ${seedfile}.tmp

  # move the new seed to the correct location (overwriting any old seed)
  mv -f "${seedfile}"{.tmp,}
  mv -f "${seedcheckfile}"{.tmp,}

  echo "success"
  exit
fi

# make sure the seed and the seed check files exists
if ! [ -e $seedfile -a -e $seedcheckfile ]; then
  echo "genpass: missing seed file or seed check file" >&2
  echo "         please import a seed with the --create option" >&2
  exit 1
fi

# get tag from user
while
  echo -n "tag: "; read tag
  if [ -z "$tag" ]; then
    echo "tag may not be empty"
  elif ! ( [ -f $tagsfile ] && grep -xFq -e "$tag" $tagsfile ); then
    # confirm that the user is making a new tag and it's not a typo
    while
      echo -n "confirm new tag '$tag' (y/n): "; read tagconf
      ! [[ "$tagconf" == "y" || "$tagconf" == "Y" || "$tagconf" == "n" || "$tagconf" == "N" ]]
    do :; done
    if [[ $tagconf == "y" || $tagconf == "Y" ]]; then
      echo $tag >> $tagsfile
    else
      tag=""
    fi
  fi
  [ -z "$tag" ]
do :; done

# get and verify the master password
while
  echo -n "password: "; read -s password; echo
  ! openssl aes256 -d -in $seedfile -pass file:<(echo -n $password) -pbkdf2 2>/dev/null |
    cat - <(yes $saltstr | tr -d '\n' | head -c$saltsize) |
    openssl sha256 -binary |
    cmp -s - $seedcheckfile
do
  echo "incorrect password, try again"
done

# generate the password
pass=$(
  openssl aes256 -d -in $seedfile -pass file:<(echo -n $password) -pbkdf2 |
  cat - <(echo -n $tag) |
  cat - <(yes $saltstr | tr -d '\n' | head -c$saltsize) |
  openssl sha256 -binary |
  openssl base64 -e
)

if [[ $clip == "y" ]]; then
  # copy generated password to the clipboard
  if which xclip > /dev/null; then { # X
    echo -n "$pass" | xclip -selection clipboard
    sleep 30
    echo -n "" | xclip -selection clipboard
    sleep 0.1
  } & fi
  if which wl-copy > /dev/null; then { # Wayland
    echo -n "$pass" | wl-copy
    sleep 30
    echo -n "" | wl-copy
  } & sleep 0.1; fi
fi
if [[ $print == "y" ]]; then
  # print the generated password to standard output
  echo "$pass"
fi
if [[ $output != "" ]]; then
  # write the generated password to a file
  echo -n "$pass" > $output
fi