No echo mode.

Add a --no-echo flag to the insert operation so that the password isn't echoed when entering it. This requires the user to echo the password twice for confirmation. Reported-by: Dominic Lüchinger <d.luechinger@snowgarden.ch>

No echo mode.
814bbf95 · Jason A. Donenfeld · e14c00af · 814bbf95 · 814bbf95
Commit 814bbf95 authored 12 years ago by Jason A. Donenfeld
--- a/man/pass.1
+++ b/man/pass.1
@@ -70,11 +70,12 @@ using
 .BR xclip (1)
 and then restore the clipboard after 45 seconds.
 .TP
-\fBinsert\fP [ \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP
+\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] \fIpass-name\fP
 Insert a new password into the password store called \fIpass-name\fP. This will
-read the new password from standard in. If \fI--multiline\fP or \fI-m\fP is
-specified, lines will be read until EOF or Ctrl+D is reached. Otherwise, only
-a single line from standard in is read.
+read the new password from standard in. If \fI--no-echo\fP or \fI-n\fP is specified, do
+disable keyboard echo when the password is entered and confirm the password by asking
+for it twice. If \fI--multiline\fP or \fI-m\fP is specified, lines will be read until
+EOF or Ctrl+D is reached. Otherwise, only a single line from standard in is read.
 .TP
 \fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP
 Generate a new password using

--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -23,8 +23,9 @@ Usage:
    $program [show] [--clip,-c] pass-name
        Show existing password and optionally put it on the clipboard.
        If put on the clipboard, it will be cleared in 45 seconds.
-    $program insert [--multiline,-m] pass-name
-        Insert new optionally multiline password.
+    $program insert [--no-echo,-n | --multiline,-m] pass-name
+        Insert new password. Optionally, the console can be enabled to not
+        echo the password back. Or, optionally, it may be multiline.
    $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length
        Generate a new password of pass-length with optionally no symbols.
        Optionally put it on the clipboard and clear board after 45 seconds.
@@ -136,25 +137,49 @@ case "$command" in
 		;;
 	insert)
 		ml=0
-		if [[ $1 == "--multiline" || $1 == "-m" ]]; then
-			ml=1
-			shift
-		fi
-		if [[ $# -ne 1 ]]; then
-			echo "Usage: $program $command [--multiline,-m] pass-name"
+		noecho=0
+		while true; do
+			if [[ $1 == "--multiline" || $1 == "-m" ]]; then
+				ml=1
+				shift
+			elif [[ $1 == "--no-echo" || $1 == "-n" ]]; then
+				noecho=1
+				shift
+			else
+				break
+			fi
+		done
+		if [[ ( $ml -eq 1 && $noecho -eq 1 ) || $# -ne 1 ]]; then
+			echo "Usage: $program $command [--no-echo,-n | --multiline,-m] pass-name"
 			exit 1
 		fi
 		path="$1"
 		mkdir -p -v "$PREFIX/$(dirname "$path")"

 		passfile="$PREFIX/$path.gpg"
-		if [[ $ml -eq 0 ]]; then
-			echo -n "Enter password for $path: "
-			head -n 1 | gpg -e -r "$ID" > "$passfile"
-		else
+		if [[ $ml -eq 1 ]]; then
 			echo "Enter contents of $path and press Ctrl+D when finished:"
 			echo
 			cat | gpg -e -r "$ID" > "$passfile"
+		elif [[ $noecho -eq 1 ]]; then
+			stty -echo
+			echo -n "Enter password for $path: "
+			read password
+			echo
+			echo -n "Retype password for $path: "
+			read password_again
+			echo
+			stty echo
+			if [[ $password == $password_again ]]; then
+				gpg -e -r "$ID" > "$passfile" <<<"$password"
+			else
+				echo "Error: the entered passwords do not match."
+				exit 1
+			fi
+
+		else
+			echo -n "Enter password for $path: "
+			head -n 1 | gpg -e -r "$ID" > "$passfile"
 		fi
 		if [[ -d $GIT ]]; then
 			git add "$passfile"