From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Morgan Willcock <morgan@ice9.digital>
Newsgroups: gmane.emacs.devel
Subject: Re: New package for NonGNU ELPA : totp-auth
Date: Thu, 08 Feb 2024 19:15:37 +0000
Message-ID: <861q9mzs12.fsf@ice9.digital>
References: <ZcMnU9XXa2vawuOo@lco.syogm.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="6145"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: Richard Stallman <rms@gnu.org>,   Vivek Das Mohapatra <vivek@etla.org>,
 emacs-devel@gnu.org
To: Jean Louis <bugs@gnu.support>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Feb 08 20:16:44 2024
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1rY9t5-0001Mh-6g
	for ged-emacs-devel@m.gmane-mx.org; Thu, 08 Feb 2024 20:16:43 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1rY9sE-0000x5-Te; Thu, 08 Feb 2024 14:15:51 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <morgan@ice9.digital>)
 id 1rY9s9-0000wa-KO
 for emacs-devel@gnu.org; Thu, 08 Feb 2024 14:15:46 -0500
Original-Received: from relay4-d.mail.gandi.net ([217.70.183.196])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <morgan@ice9.digital>)
 id 1rY9s7-0001nh-FA; Thu, 08 Feb 2024 14:15:45 -0500
Original-Received: by mail.gandi.net (Postfix) with ESMTPSA id 48525E0002;
 Thu,  8 Feb 2024 19:15:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ice9.digital;
 s=gm1; t=1707419738;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=GMrwJ+jyQK0rUzOMi2IuIK99Sp/CT1xN07NtpVxJyZQ=;
 b=ALZ6s3edvKd2FyxAUZru+7sFAKnxzbbrZhDbxuL0P4kjJMz7AqOE+4iFBCzs9tVY26O5X+
 os9IrFJ9UydSBjAx24Py7t7XAIXkp+8MRzwEyHVwExAW47SJJL9xxNKFkJyklDin4U8Eej
 xfJ3QNpy0V7ObyqBPjJDpv2aZrwDn58u1QZF2FU+LdhyE7rkJrq9VS8fs1vDS8EeG23GaF
 UkcFBLUZ+ZSG7tlGle/IIrxELVjiCZq8Cbay8lhQOm/+s0jn+3YMHiBHDWaagX2Kwz2tHE
 Byx9awtsgj74bnse/57Y5n4vJ2LjvszuJJk4YPVWEstu3w5VjqCqW4X1OxoRnw==
In-Reply-To: <ZcMnU9XXa2vawuOo@lco.syogm.com> (Jean Louis's message of "Wed, 7
 Feb 2024 09:46:43 +0300")
X-GND-Sasl: morgan@ice9.digital
Received-SPF: pass client-ip=217.70.183.196; envelope-from=morgan@ice9.digital;
 helo=relay4-d.mail.gandi.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:316047
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/316047>

Jean Louis <bugs@gnu.support> writes:

> * Richard Stallman <rms@gnu.org> [2024-02-07 06:17]:
>> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
>> [[[ whether defending the US Constitution against all enemies,     ]]]
>> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>> 
>> This is a useful feature, but should it be implemented as a part of
>> Emacs?  Is there / should there be a shell command for this?
>> 
>> Given a shell command for this, do we want it implemented in Emacs
>> too?
>
> I have implemented it this way below, and it works well now for long time already. It uses the external shell command. I would rather use Emacs Lisp for it. It is required at many logins. I did not show more than 3 logins below, and they are also fake keys.
>
> (defvar oath-keys '(digitalocean "31CHLCURYJ5VRDHB" 
> 		    tether "J2AMLDF473VHD517"
> 		    twilio "EB1JS6TJNL1TQCWSNEZJG6IQ4XZGSC4UMI276X3TEODG2VQRTE5A")
>
> (defun call-process-to-string (program &optional infile display &rest args)
>   (with-temp-buffer
>     (apply #'call-process program infile t display args)
>     (buffer-string)))
>
> (defun oath ()
>   "Ask for service and kill OATH result to memory."
>   (interactive)
>   (let* ((key (rcd-choose (map-keys oath-keys) "OATH Service: "))
> 	 (result (call-process-to-string "oathtool" nil nil "-b" "--totp=sha1" (plist-get oath-keys (intern key))))
> 	 (result (string-trim result)))
>     (message result)
>     (kill-new result)))

I imagine this is potentially leaking your keys by making them visible
in the system's process information.

Recent versions of oathtool can read the key from stdin, so any attempt
to create a wrapper should probably be using this feature.

-- 
Morgan Willcock