I been using Profanity for all my secure XMPP conversations, is like weechat/Irssi client for Jabber/XMPP. I think is a great hacker tool to add to your GNU/Linux-fu magic since you can use it on so many non-intended ways but that is not the aim of this short how to.
OK so let’s go.
So what I am going to show you is how to secure your password so is not on plain text, and if you are using a tiling window manager like Sway with Wayland etc where we have no password graphical key chains.
SETTING UP PASS
If you have not yet imported or create your key pair(private and public keys) do so now if you are moving your keys make sure you import them. If you already been using this ignore this part.
gpg --import pgp-priv gpg --import pgp-public
Now list your public keys and you will need to get the id of your personal key to create the Pass encrypted database to store your passwords.
An example will be the email associated with the key like: firstname.lastname@example.org
So if you never have initialized a Pass db before, run to create it:
pass init email@example.com
- This above initializes your encrypted password database.
Now we have to trust the key to be able to use it so do this with your key id, again ignore this if you have your keys already trusted.
gpg --edit-key firstname.lastname@example.org
Once inside type:
And that’s it now is trusted.
Next we going to type your credentials, name or whatever you want to name this, you will later need this on the Profanity configuration to retrieve the password
This below will prompt you for the password to be stored 2 times.. Do so :)
pass insert profanity/rek2
Good! Now check the db with
You should see your new entry :) RTFM for how to use pass is very useful for many other applications.
You should read the documentation to setup your username/password and xmpp/jabber server you going to connect to. like:
/account add rek2 /account set rek2 jid email@example.com /account set rek2 server xmpp.hispagatos.org /account set rek2 port 5111
OK this will set you up… But you STILL need to setup the password… For this we have a cool option:
set <account> eval_password <command> : Shell command evaluated to retrieve password for the account. Can be used to retrieve password from keyring.
So this will be like:
/account set rek2 eval_password "pass profanity/rek2"
Now every time you login it will grab the password from the encrypted database of Pass if is the first time you start your GnuPG session it will ask you for your PGP key password to open up the key chain, such will use this key chain to authenticate with Pass and give profanity the requested information, in this case the password…
OK that’s it.. No more passwords on configuration files PLEASE.
- Happy Hacking
- Hack The System
- Keep on Dreaming