diff options
Diffstat (limited to 'plugins/otp')
| -rw-r--r-- | plugins/otp/README.md | 22 | ||||
| -rw-r--r-- | plugins/otp/otp.plugin.zsh | 45 |
2 files changed, 67 insertions, 0 deletions
diff --git a/plugins/otp/README.md b/plugins/otp/README.md new file mode 100644 index 000000000..8331fd02b --- /dev/null +++ b/plugins/otp/README.md @@ -0,0 +1,22 @@ +# otp plugin + +This plugin allows you to create one-time passwords using [`oathtool`](https://www.nongnu.org/oath-toolkit/man-oathtool.html), +able to replace MFA devices. The oathtool key is kept in a GPG-encrypted file so the codes +can only be generated by a user able to decrypt it. + +To use it, add `otp` to the plugins array in your zshrc file: +```zsh +plugins=(... otp) +``` + +Provided aliases: + +- `otp_add_device`: creates a new encrypted storage for an oathtool key and stores it + on the disk. For encrypting the key, it will ask for a GPG user ID (your GPG key's + email address). Then the OTP key needs to be pasted, followed by a CTRL+D character + inserted on an empty line. + +- `ot`: generates a MFA code based on the given key and copies it to the clipboard + (on Linux it relies on xsel, on MacOS X it uses pbcopy instead). + +The plugin uses `$HOME/.otp` to store its internal files. diff --git a/plugins/otp/otp.plugin.zsh b/plugins/otp/otp.plugin.zsh new file mode 100644 index 000000000..8be125c93 --- /dev/null +++ b/plugins/otp/otp.plugin.zsh @@ -0,0 +1,45 @@ +export OTP_HOME=~/.otp +mkdir -p $OTP_HOME + +function ot () { + if ! command -v oathtool > /dev/null 2>&1; then + echo "Note: you need to install oathtool or oath-toolkit, depending on your OS or distribution." + return 1 + fi + + if ! command -v gpg > /dev/null 2>&1; then + echo "Note: you need to install gpg and create an ID using 'gpg --gen-key', unless you have one already." + return 1 + fi + + COPY_CMD='true' + + if [[ -z "$1" ]]; then + echo "usage: $0 <profile.name>" + return 1 + elif [ ! -f $OTP_HOME/$1.otp.asc ]; then + echo "missing profile $1, you might need to create it first using otp_add_device" + return 1 + else + totpkey=$(gpg --decrypt $OTP_HOME/$1.otp.asc) + oathtool --totp --b $totpkey | tee /dev/stderr | clipcopy + fi +} + +function otp_add_device () { + if [[ "x$1" == "x" ]] then + echo "usage: $0 <profile.name>" + return 1 + else + echo "Enter an email address attached to your GPG private key, then paste the secret configuration key followed by ^D" + + rm -f $OTP_HOME/$1.otp.asc + gpg --armor --encrypt --output $OTP_HOME/$1.otp.asc /dev/stdin + fi +} + +function otp_devices () { + reply=($(find $OTP_HOME -name \*.otp.asc | xargs basename -s .otp.asc)) +} + +compctl -K otp_devices ot |