#!/bin/bash [[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}" set -eEuo pipefail function help() { cat <<EOHELP Use this script as pinentry to store master password for rbw into your keyring Usage - run "rbw-pinentry-keyring clear" to clear the master password from your keyring - add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json) - use rbw as normal Notes - needs "secret-tool" to access keyring - setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well - master passwords are stored into the keyring as plaintext, so secure your keyring appropriately - supports multiple profiles, simply set RBW_PROFILE during setup - can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable EOHELP } function clear() { secret-tool clear application rbw profile "$rbw_profile" type master_password } function getpin() { echo 'OK' title="" prompt="" desc="" while IFS=' ' read -r command args ; do case "$command" in SETTITLE) title="$args" echo 'OK' ;; SETDESC) desc="$args" echo 'OK' ;; SETPROMPT) prompt="$args" echo 'OK' ;; GETPIN) if [[ "$prompt" == "Master Password" ]]; then set +e secret_value="$(secret-tool lookup application rbw profile "$rbw_profile" type master_password)" err=$? set -e if [[ $err == 1 ]]; then cmd="SETTITLE rbw\n" cmd+="SETPROMPT Master Password\n" cmd+="SETDESC Please enter the master password for '$rbw_profile'\n" cmd+="GETPIN\n" secret_value="$(printf "$cmd" | pinentry | grep -E "^D " | cut -c3-)" if [ -n "$secret_value" ]; then echo -n "$secret_value" | secret-tool store --label="$rbw_profile master password" application rbw profile "$rbw_profile" type master_password >/dev/null 2>&1 fi fi printf 'D %s\n' "$secret_value" echo 'OK' else cmd="SETTITLE $title\n" cmd+="SETPROMPT $prompt\n" cmd+="SETDESC $desc\n" cmd+="GETPIN\n" secret_value="$(printf "$cmd" | pinentry | grep -E "^D " | cut -c3-)" printf 'D %s\n' "$secret_value" echo 'OK' fi ;; BYE) exit ;; *) echo 'ERR Unknown command' ;; esac done } command="$1" case "$command" in -h|--help|help) help ;; -c|--clear|clear) clear ;; *) getpin ;; esac