unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* New package for NonGNU ELPA : totp-auth
@ 2024-02-05 15:35 Vivek Das Mohapatra
  2024-02-06 10:04 ` Philip Kaludercic
                   ` (2 more replies)
  0 siblings, 3 replies; 15+ messages in thread
From: Vivek Das Mohapatra @ 2024-02-05 15:35 UTC (permalink / raw)
  To: emacs-devel

[-- Attachment #1: Type: text/plain, Size: 889 bytes --]

Hi - I've recently made a package that implements RFC6238 TOTP and was 
wondering if nongnu elpa would consider carrying it:

totp-auth.el - Time-based One Time Password support for emacs

This package generates RFC6238 Time-based One Time Passwords
(in other words, what Google Authenticator implements)
and displays them (as well as optionally copying them to
the clipboard/primary selection), updating them as they expire.

It retrieves the shared secrets used to generate TOTP tokens
with ‘auth-sources’ and/or the freedesktop secrets API (aka
Gnome Keyring or KWallet).

You can call it with the command ‘totp-auth’, ie:

    M-x totp-auth RET

You can tab-complete based on the label of the secret.
Depending on the setting of ‘totp-auth-display-token-method’ the
TOTP token will be displayed (and kept up to date) either in
an emacs buffer or a freedesktop notification.

[-- Attachment #2: 0001-Add-the-totp-auth-package-and-its-dependency-base32.patch --]
[-- Type: text/x-patch, Size: 1750 bytes --]

From dd15c0496cd530fb1bd18e7a79a827e76bb29a57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vivek=20Das=C2=A0Mohapatra?= <vivek@collabora.com>
Date: Mon, 5 Feb 2024 15:19:34 +0000
Subject: [PATCH] Add the totp-auth package and its dependency (base32)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This package generates RFC6238 Time-based One Time Passwords
(in other words, what Google Authenticator implements)
and displays them (as well as optionally copying them to
the clipboard/primary selection), updating them as they expire.

It retrieves the shared secrets used to generate TOTP tokens
with ‘auth-sources’ and/or the freedesktop secrets API (aka
Gnome Keyring or KWallet).
---
 elpa-packages | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/elpa-packages b/elpa-packages
index 1f9a16311c..8ed3955547 100644
--- a/elpa-packages
+++ b/elpa-packages
@@ -49,6 +49,10 @@
  (autothemer		:url "https://github.com/jasonm23/autothemer.git"
   :readme "README.md")
 
+ (base32		:url "https://gitlab.com/fledermaus/totp.el"
+  :ignored-files ("totp-auth*.el" "Makefile" "*.md" "*.html" "tests" "README")
+  :version-map   (("0.2" "1.0" "v1.0")))
+
  (bash-completion	:url "https://github.com/szermatt/emacs-bash-completion"
   :readme "README.md")
 
@@ -760,6 +764,10 @@
  (toc-org		:url "https://github.com/snosov1/toc-org.git"
   :ignored-files ("COPYING" ".travis.yml" "toc-org-test.el"))
 
+ (totp-auth		:url "https://gitlab.com/fledermaus/totp.el"
+  :ignored-files ("base32.el" "Makefile" "*.md" "*.html" "tests")
+  :version-map   (("0.4" "1.0" "v1.0")))
+
  (treeview		:url "https://github.com/tilmanrassy/emacs-treeview"
   :readme "README.md"
   :ignored-files ("LICENSE"))
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-05 15:35 New package for NonGNU ELPA : totp-auth Vivek Das Mohapatra
@ 2024-02-06 10:04 ` Philip Kaludercic
  2024-02-06 10:24   ` Po Lu
  2024-02-07  3:16 ` Richard Stallman
  2024-02-07 13:43 ` Michael Albinus
  2 siblings, 1 reply; 15+ messages in thread
From: Philip Kaludercic @ 2024-02-06 10:04 UTC (permalink / raw)
  To: Vivek Das Mohapatra; +Cc: emacs-devel

[-- Attachment #1: Type: application/pgp-encrypted, Size: 11 bytes --]

[-- Attachment #2: Type: application/octet-stream, Size: 8673 bytes --]

-----BEGIN PGP MESSAGE-----

hQGMA8l9AV1fe8J4AQwAz/QMs0AwGZjXK465T/saRV5yPkV4DrUkJ2AIaUVHqdH+
sdQgZJQzeh/2YlVtn+KvE1rrnTSbrVsQOUY+NlmtVlHBoECS42Bg37YDuizod22Q
hD+k3oIRep+D68FvOQm6zgoQsVhzJANZ5lk+jV21bS2exyCcUZzxW+3Ga/Pu09zz
gFs5K0ZjBJ6OYdKYQwWWn4IQozR06kuDoTwvqJvz87Hify1To9qaugtQ5yMVsRXk
hBupIGiCsR2UFVUS16Caxz7du3CehtPYMFG3R2TppJITl8Fua+fSSvq/DEjs0aLL
zNYuKO3F4VwGGx7UasOD5oVCk/R65Jh7Omp+HcN/EtJGAZ9hHBWrFDocNTf3MFXw
rhGccoW2Uqsav0/IrdL8wB0OQSroiZCV3E21FmJ2439uwvW6oRF0LSYUl1bO0yuI
I/JOFH8240c/gln96Z/D/E66mcQ7xOPUz9VDgIUq+ImaYBcks1Yc3Es1Vk3Qzwtw
GSJD7ny2HacdziQW2vW60uwBwTUe7S/vYIcCpjSLbgHdDgTt++2SrXqPHrLoH8ON
qDliOiVjHUFIfo2l5a7dTOSW+DaB3FFjUHQB3dS7bPlRJXxRnagniqTSCEfPUzTS
QjwwlTBoXRauiXLgEGbz6OPvaQ9d69GySV8xVykomkDDBL3sd2YX+ZVAKOvlkiT9
D6RREOS/L2xGLWg6trVQ4fc1Sd7P1y93SiahNkLzDgomIm3qn8kNFXN1pSmdEBth
/ov8g7T+drToTrbCc+FRlKZIPonAjfFuTV0ucfovtbMxfBdeLwMwLKCBKUa/FQiu
MzLp9FtNtkZi5bfiQ1ZozQgu4YqLHT6S1UapspK9/mBKewyUaw17imOoEc/O54iu
1kGrUwShhILjePkvGTfUsUsRozx1Joj82zAbBkjA4Quy9zAw/gQyohSU8v9xexKd
uxAZTJuqtr16EfLslN+Rp/nkTmXo3afaZK8Tul9vyw0V07hGNWnaDMJQZR5q1dFg
2qRc/4bJKrUDZv/zl9PMW0cEdhMJOO8Hvg2DZNzytaDnEdcIGLUEfZEMGqjlV5Kk
0hRxZXM2o8vTfvG+9x0ZofAMTgOISLvvZr1yx+aN1Q59oY7FqVHrDF0iybkU6Dlc
YUlZNDuysh2IIBO46WqWqxtijVedvytKS10GeFGrtJM2yNgtULpb3fNfpt8VubZL
Mt6r/Nd+6HHtBZpasCjijCoCWPUFut4glprs65M1HJyp66GTKwWOlA64N8rhHPWT
Ytvb2flXoFQdh7UFjYuMTi03iizmzU/lXNmGDthzxCCZrm3uB1sKe1DIDhL05Llh
EmiBPMlyM/xUf+stNXADWfQisG8KVQz3O71pnojLbRkRVN9lK8m4gCbeDfsBxg1R
YaFWVD2ipqK+ldNR99+KSSsYhpeObSAPaoPqKazcm7qhmqymyPqNG8unPbDfrgft
OOJ7MnOc4ZkQqmqRN/SqgxN6QMBIv2795ee+SzBeO0DvHBd4U0ozAeW5MXD/2zWu
GgWxaNUECZKsWtLFEcix8VWu4S0vWIv4KB3kTn/FyWiJAPZzgGHFOUMp5IrWD7E3
G5IMiezLv805omSaCUAnEAwcGeZKPJ+xGFXz7SuQ0zwq990/w/UZqPxj6Jor/UhJ
BwqDI2wJQZQuD7tTq5PfwlEtdUeX426bxcn828PAbGNteC+vMG1Dlgq2T7294oqH
DShxh/EFdB6vybmczykUVqepNf0nQgaxpv3hrrOhYdEOD7cVLMaI7GX8Lcw97mEA
VAvGAbDPIFre35eAXLuVVtn6WEtmuUInilRd7ftm90SuBZraTc1mdJVPYDsAs/bF
vygnyk9Xb9rqiOGo0JZZydn8B7cscodT2uVWqIIMdrBhld17rD/y+pF/Dfjly3NF
XfBH25VzSQuezbBow8SfwiwvNr9DG9pCrE8jmrWgfjXeb7L+pZV5ln2UxbAEqx7k
8aLfL1DL0YZ93S1yZc2RlBMKv7qSrTIzIFj9g86gWUy6/jUJ5On9lul+Xe05GNt7
7uJIwr9yIWYEVw3r4zv7xBTDqkoDK7zbRPmNUg/8EXahaDEiE5NrQxSnUtD5szO+
d2dPmKqIzPkQLyVcHb7/RlLAXQiHvWBy/dVEexjXC+ebHBcVekBSBIYuaC8zkPc8
9vPKyIMFjwMU7qgDTAWUlfWYqx/v27I6J9Ca+CMpLIb1mXKSlhuIeZ0e8rYTMXIC
1t+uIy+Z1sAq8OGd6XjxIzzvqNcZPSinKDUI/kVD9VFUn+YBn/8YzmuSkzpM3D29
o0QTm9OOSsNmcehmILrN2zE13Vb9AAAB6NLPn0/kOSFMAWN8nCTdJ8pr/9rGNLp+
o99NHbss4a1UNPl/2oMEUjXF42MyP/iSkroEDgHC101f7ySL7fwpB4HPnLvejdr1
2WN5pfr9Ul2q57/y6qf2egpkzNJX0zG+sgRNvlcVfQ4+mY0ZGNW8nXeWGGo6kRtu
KDB5ZHVqpElVQ/6qmp07becEigrnJ+Ho3/nwc9K4sWDlvHe5UcZA4VPMto4PDeUG
xVcwW3vkgk4oUVxxqlj86PGJATEBAT2ll2UovCZFsN0fAS2wH3vlGr+D0NEZD1IN
vZOWhTzyNxd4hbAjtPEAtSS00aubnFoNkRmMprFosudBkrPcr3qyRzgqSUCIVcaD
mD5szJ/eO1tTJNJooEoj/N/p8/DLJVPMvKO+6OIthpPw2RBy8SUUlmsEfzDVBU4/
e9AXsOOPeoGKPIK7pVKqyfIz1qosWPpy3rEt84oO9ihySOLkthXvnhCRS/ajw/eS
Q/gTm4SWr5Dz0JEFDYXIvQ7Fnx65lam1zuDw5gDgejoFmUhrB7MncuklXT8laBw1
bTCVqNw+X+MPiGrNUL4xeoYlUjpF5/THQ63GJfDe4dT7HXlOjs7iScjo2yXoOckb
lvPE6jGDdIG6oMc8SjePVQsyH2QdHf6VC9u5xpxCEarg5UtLyjE+lYwneMq3PC9S
93ouyyegjBIkAkoA3mnS+0j3tiqJWV7//n2I7Dr6xo2MeHUwm4tnmjdo/dvLyUvp
ZGBK4VFn96z5HjrWpMScFW/fyaYZIIh9Cq6C7oYMH2apxcXaOcb0Dj6fTlMWG+pw
+oJD0TUyEWZ4CgvSZpLoQiZGVmtH477C1kzvuxK92gHbCNZgF04TvxlQMfvNocwc
DM5l7PFgiEh4IlCfpwnhiK2iU71t/YKy9t9TZFxKWkinKSr2s4RofETPxulwfPGW
44m/H99bJ6hIvcXIxQFaOCE3PipaZLYR16iUMrFGx4+MM9WiRnTorgVsEflD7usS
5u1BUEheQ6aK247YwCvi0P/OpjBO7Fj9ywfQFDzeaLiikFCoVAmpXlti/UH3tnNG
iNI2FAZoiC9Fr+MOU+mtUeRciHN9h3h7sCzySyTd47+ldBgOPCtbyB/bDaGnHirf
dJRwXtD0mS3ga4q3uXd/eAQ4hlsWPa1iz70RJhStFaMJ2crC9kxcsbtDLal16+/t
j+HwichgtA0LGXoeRSh6dgtF9XM5Q2WV8zCsYVND295TsDn/ACO5Lc1m0yHR/dn0
JoRf79m6Kt2w+N4QhC9FXTqmRd3w51UEBPLG777EoxtacK5nNrVK505pvCbS5ZTO
mYMIlOcyUM15CQUpcgfDX4XBJSwKhL3hu/pIQ8M5obYxCFmcd7KBRxQYZn0yDujJ
8lloiauSNDHcgFeUHo6d9V6NebEAL8a5554P1UOPQNG4LTjmkhaUeO5AwkzIEBEt
rnRkaxsqwKSgzryI1R9foBxFZfVTJT1yoCm2qXGoqcqc+OoLPx/2wuTtuL0UvAMa
2t1s28Wz9EEvNFW2WGnvqYJkEDlWCGhkCQL7KrwN/5zIgeZ/xLEHPO5sYDpv1oco
x7dKBnVoXB6JvujP40zd7EDiDKz0y6SAGzXD/nmA+PiI6c6I613TC8rZAMG9Ki+W
kPdmX+NZ4PX/hRIYTPC9ruHNRx35cGZVUwVqIl9sYop0Y9dD+USuLDF0OMIKbIFx
DPKbh3YCEvu5Xp/QdXlQ1Y5A4tKLWPcZmZ8Ge6qt4ueajLa+ra2OFvTX64AYcQdt
z9NNU/IfqKpN0baitP4jHCIl63pCig8ogWPyh7UuUcjyhyHWoKxRkAWkMWpc1spE
AdtG/sgeEVQlvMMwkDrbew6OB8jmSGHi/4oyLKjiBY2ulM0Pl4A6x1dLWItuRbHm
v+eQEx+pE2iXg0CMyhEKfzr4Mfdw4gaL2MXQsVbF4HfQO/A+K1Nrl5Syx4RAQPND
Gjp+RwUYW9WxVirWHDz5gyn8eE20SnlJYB5ao0t5OQDyXQetMeOeU/6XR0eOUCRV
eCpxuDwcWV4oQkIn53hinh1ZT2c/l80vHFm+nI73zHraXws+kjsIUxHuy4h1gQYW
vLLGurvwn4rUuTW5IhWz+T/SPywFExas/b27Z62WXtHkxqNiUGGQfdjwvQWXEh9M
S6f49EvDqGV10tG65a3SJlBanFq1cfnj0B0m2vGfcN6k1FH60S80gwkjCdH405/8
UAItxjIBW3Q4BDfoHm3gAjUoYRfkn3xTE3zUYqgG565Q5N3CDSP7eEqiHU9DvyRf
GXUAS7cLGtWylmqzIz/Sq8Z2xJT/ZnzwwLZwXj0cwgFHBwYvl6mZ/q/lG9DKb5ju
rAQsiUUwhpi5zar3I09+XJ+bivDNG/lncYfx8LcpnZ6ZTCCzx381WH2nxRp2Ez4Z
u0SqAd2d/6jrcD6T1oIb0aFvBF8jxfoA75dz5qPVN4AH7H7+Ckta6K7Tf6XZcpcu
W4V4tzBN/vxB4lhxm4EVP1BbbL4i8JiW7J1af9A6JHaa4uTsvqfGsGOeuFMsOEvT
qLoBUIX+KtP8qM41qc20EaBIotCmX8hyCCZXnrdhFxygHMaUgvkZyp+J2Q/neGSH
U4u+lSWab7t1r6/INaHMEiy/986mOOLDk6arxp+y9gJf0yoZmdLY/94+haPJV95J
116vdflItNjLHl1+93smGzE7qOngtG1FqgM48w/e+311NDe1997W0T/lmKmOAzOy
XQuC0qwGHi3eTNWUQzkHj/m9yRp6rHPw5E6Iqrscf0fKIX0Bt0cO3KPwqrS66m2L
OkHnBpG19Wti5DXIQJ1B1ADfYkO7L2CB//iA3oquTOV0wkwcmHBZmTH9h7rVa3YB
+BrkcqaHcc3Iht/m/+Y6yCwBSKGBNMHKSYlpDOl7Z9SkyI22Knxh7Qm541W5wwrM
TUtylORjctUCpGG6BMYmO5MgrHxpYgohRo5ypLHzWWombMYQxWtTLiUbZuRf0+Nz
W26m+0JReF3vILkYyRP5N1oKVAm9uQNA2cvHXpf6WAF/inJ5WtNAmGxIr9n46ruc
P5ksUWt3MvVsXNFANpo9SDpAN1+DWQ+WeCpScM8OigKMYZUnikrArjgZGfHzGYPk
SxzR6fA+ams0XFeEycAWP6ITe9Ov3H6bzpFwx1aMx3+L3s5+2xVgYZb92zUGCH0U
wAqP46btS7LGvsrlUUNMXi8MQE0CCim/eHraG0F4Xy0kiEF+ie6hKmqPGyOLZodM
m1udwAPQpsVUfVcUv6Bfavww8EbbQRI8NR2R5qECLbXLQ822xfpr9LTxfxwQdRY7
xHQznZeZWdtqdIDXN6hfBdqaVLkm5qlyUy884JQZ6Psogs9FcA6lM2KgDcJDG9t0
6qgfEKTAyvLN3Uy62uN9EzbFGq93JI/0RCBSiyQTwtzkhUrSJMZGSYT5qdIjct0A
wLJN9k1od1aVksgreHi7XF1Ug8YwRSsB0xQIGZ5VH3YqzuRVlHqtDkV7q434/htr
dBiaEUpGsanHzak9YzYevXFcuYabNXEywwDRF6s+vAI3xx8eSkbwYVS31aIcrkhG
Ya/SunxRNCXPzNDKEyQ/tzdPMzXtvjHc46hqMAeIApb113S0bRz8e6ME6KOeoXmK
ZHiu5X1u2aHLuYIN/HVkQwRhRoBPe1K9cvCBz2ibWyO06iRBrC98KuZKvDNugIkr
TMEmuLujzNEAlL8mZ+0cY0kJBCQ6eLXTTcilC5zKiBiVcjtpJZQtev7xbK3Zc+n6
n1HkA4KNMPQuQCmm5Qe5pIPYd36RY3zAycZs0zZS5Mn0Gi127mhyF2/VV85sQ80s
mJSNnntvqHrYT2SYK83UL6D1L4gP+7lRDaqqWp24nbOHfcf9cPo9Jjbcnvf8tf4A
BRY2CJwy4bbv8/eFg4elSFfRVSebgApl+aezZv/+CSiOLXKET5lA5tLbuQMugUt8
mCBlq6f1/Nt58CCg6XxnwhpM9kGa+1LPAdhReRc9ZGGmnYa4fjPz0zpNYok/Aq06
zeGSXijv/dqw7v/21vqBMzjv6sn8Ykj8bKHPgCzCLJH38vtOyWtthmGJxX93HuIQ
hWTwZ/6/EFvjRLqmAwA7cpEaxif07LxukFcrX6eHtjNH0SW/ciOKhxBLB5cs0y2s
B1l7gLrzeoKdvwu36geRKiOe+bwm4ZAq/GnsZuz1xB7B9RMcSBuM6ArhmcMB/MLw
yj6GlrWyyLllMFOrEkoY791zsDO64fn4KcqrpApie25kLtPfW+KJ2rn+jKkzePlZ
aPc6Kw5uzEixWuPeKTcB2bRCQvGSQD/JLgs+QgBTvYHaULUJv4octG8su/I8Agxg
do0+PDs8v7h6xiQp7a7S0edgtfMyKrVCmJoYnjlIJsDe016ezUbl8OyYNSJ6p3r2
Pd0VakKdPQxTdBQivuxWjmPDoHWfd7aLqTb0AX8KPDIImxTA5ITyTXzRXpsBm5g1
W2qqTFgb9G0eDlJcP3Vt6TSmkLfHnAYp3tBCmybL6wgQtITcuBpklx2bm0mIWiC2
RVL3VW4zXoIrVPBa1Z9RoSLWpnb61WpZHgth5dggWlJ5BPYT+NNEs4lAysJj25Wb
yu1rGGTJOp0ft4Q/MGaj2Q2Get/knaJinjvtfyPj2gyp20YBU4IXr8XdUasPoFuQ
+VrBT7d+fVPN3rK/gsAI5d+d332ZzW4SXi2vzbKDATzW5mjsyGDhcu20qFicxDq2
FWhsP865VMp9S9dVbnENAp/BW2xrzBQg0BtfQ+HuSr1TYVd/DYlhIOOw3DTugCZv
XqIbd+IE/DA9ZfjYz7XyvZe7wRXzliC/qJgnCURa2aozH2xzqG+mj1M6HjfUd4cc
dPHLcZFDU5S/Bqnq1CVwpnhzFJkdHaO5SF8Dfg6sKCXDFuCXspV4vNEfGB2IHdda
HIQTQpK6nYdI8oq+g9SVnq5DgAPlEbC57Tf/d1Ge4ugzCU8QWLZXEVayZ4VVfTne
gFyEeU2yvF4aN0wiVh5hFOFhJn20qtUcAfcLuSPyPE7WvldFSkDQQI0s7BE354W7
eODprXpqJOozeWxg7uFH2SSXf+ZnO1NhdxdSpzbJe+esGenYdZH0tbxJdQlvG4D0
Xfpp37ml6x4l92IeOCQlGn2rWseH+gH8WpuynyEu0WII9+K8UzKoB45g/3uIn0cP
NWnycvLX/rNfVWlE1OX0vI7bio3jKI7WqTFDqnYAsRf/B5+lnKWYuGK6F0PT4kcu
3hqLswDqy3YvJ7G/Zudv9RZvOg7Xldr5aFmx8Uwdwj1JtoWXMwfQqx8K/ELqOhLk
dWaD7NGIR0eGRpOu/aWPS9ci6rd1Rp488ygLJYJtX+m2nq6QtbGgrl5ExAwCiICy
gsqpXnlGpxtwTeQWFFM8hafktls2YCJQXzR9bCHWWxBYqH8Dvpq4VtDC1CgweZvr
QLO7ggFKYCAPwJ1oNCwRUD22oI2pY5D8TKAaot/kdppkklWjmR/3V2+XfYryw7lt
vMWKK0IzKmfCPL0yfWvW+uRPWdhQ/ZwFIpwT80EF/sBm3OsFnH0jUhEsjQCB2thX
scl/XgbHC+mlC1SobZx3X7gOiVfTESQytX8pZ4BNRN+qfkxm1mChV9R8AzqZDzYC
5iv4RW479fTNrrTR3StjULtzUevcw6xVX7d/c8ZtcfPBfBhNv+oO6C2jVKDcQZjY
1EhJLPkNQf+2w+LM0cYeyAjddidqvffXuT7A+pfHTvfBeKTAgTrAgOoqS+CgcFQo
wWPvi6l7ricXE+9Z6LxzfFLZ0alGIPpEZf1dY71y7CZL8thM0fblvt/zfilWgil4
epBms6zwHLRTnEeFNuaCQ2bBwxkIEEa6velGopyT+7eMFWrBibE06NisVL6pCqbT
lsvKx9bunCReMeSe/snD2Kmo0pIfXPaCnCoFNzz1gTbdnfOycjFDb2aQLYNHvtNX
YYUwXf0a4uAnXJ/1+IWcpL+8KCc5ujSl65cd75xp5uescCpNvgJR9gtOnlDfybG5
lf7acloW7mFzlFZQQTIODouh1L3aXukgL9gDiGHVqWxRuJkjArPalSlRmAnjgF7Y
ccrex7lBVvHsIGuaS5vKphUiZTCBk1V+ZsbmyjAyQq0xAMGBBM2DgYQCIzan++SG
P5HRSQMs/LJIX+lQVU5fvsBc7e702g==
=v43Z
-----END PGP MESSAGE-----

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-06 10:04 ` Philip Kaludercic
@ 2024-02-06 10:24   ` Po Lu
  2024-02-06 10:27     ` Philip Kaludercic
  0 siblings, 1 reply; 15+ messages in thread
From: Po Lu @ 2024-02-06 10:24 UTC (permalink / raw)
  To: Philip Kaludercic; +Cc: Vivek Das Mohapatra, emacs-devel

Philip Kaludercic <philipk@posteo.net> writes:

> Error!  Result from decryption:
>
> Decryption failed
>
> Decryption failed

I can't decrypt this email, so would you please resend it _without_
encryption?  Thanks in advance.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-06 10:24   ` Po Lu
@ 2024-02-06 10:27     ` Philip Kaludercic
  0 siblings, 0 replies; 15+ messages in thread
From: Philip Kaludercic @ 2024-02-06 10:27 UTC (permalink / raw)
  To: Po Lu; +Cc: Vivek Das Mohapatra, emacs-devel

Po Lu <luangruo@yahoo.com> writes:

> Philip Kaludercic <philipk@posteo.net> writes:
>
>> Error!  Result from decryption:
>>
>> Decryption failed
>>
>> Decryption failed
>
> I can't decrypt this email, so would you please resend it _without_
> encryption?  Thanks in advance.

Uh, I don't know why this message was encrypted?  Thanks for the notice,
I'll try to resend it decrypted.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-05 15:35 New package for NonGNU ELPA : totp-auth Vivek Das Mohapatra
  2024-02-06 10:04 ` Philip Kaludercic
@ 2024-02-07  3:16 ` Richard Stallman
  2024-02-07  6:46   ` Jean Louis
                     ` (3 more replies)
  2024-02-07 13:43 ` Michael Albinus
  2 siblings, 4 replies; 15+ messages in thread
From: Richard Stallman @ 2024-02-07  3:16 UTC (permalink / raw)
  To: Vivek Das Mohapatra; +Cc: emacs-devel

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

This is a useful feature, but should it be implemented as a part of
Emacs?  Is there / should there be a shell command for this?

Given a shell command for this, do we want it implemented in Emacs
too?

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07  3:16 ` Richard Stallman
@ 2024-02-07  6:46   ` Jean Louis
  2024-02-08 19:15     ` Morgan Willcock
  2024-02-07  8:23   ` Philip Kaludercic
                     ` (2 subsequent siblings)
  3 siblings, 1 reply; 15+ messages in thread
From: Jean Louis @ 2024-02-07  6:46 UTC (permalink / raw)
  To: Richard Stallman; +Cc: Vivek Das Mohapatra, emacs-devel

* Richard Stallman <rms@gnu.org> [2024-02-07 06:17]:
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> 
> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?
> 
> Given a shell command for this, do we want it implemented in Emacs
> too?

I have implemented it this way below, and it works well now for long time already. It uses the external shell command. I would rather use Emacs Lisp for it. It is required at many logins. I did not show more than 3 logins below, and they are also fake keys.

(defvar oath-keys '(digitalocean "31CHLCURYJ5VRDHB" 
		    tether "J2AMLDF473VHD517"
		    twilio "EB1JS6TJNL1TQCWSNEZJG6IQ4XZGSC4UMI276X3TEODG2VQRTE5A")

(defun call-process-to-string (program &optional infile display &rest args)
  (with-temp-buffer
    (apply #'call-process program infile t display args)
    (buffer-string)))

(defun oath ()
  "Ask for service and kill OATH result to memory."
  (interactive)
  (let* ((key (rcd-choose (map-keys oath-keys) "OATH Service: "))
	 (result (call-process-to-string "oathtool" nil nil "-b" "--totp=sha1" (plist-get oath-keys (intern key))))
	 (result (string-trim result)))
    (message result)
    (kill-new result)))

Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07  3:16 ` Richard Stallman
  2024-02-07  6:46   ` Jean Louis
@ 2024-02-07  8:23   ` Philip Kaludercic
  2024-02-07  8:48   ` Michael Albinus
  2024-02-07 11:43   ` Vivek Das Mohapatra
  3 siblings, 0 replies; 15+ messages in thread
From: Philip Kaludercic @ 2024-02-07  8:23 UTC (permalink / raw)
  To: Richard Stallman; +Cc: Vivek Das Mohapatra, emacs-devel

Richard Stallman <rms@gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?

There seems to be this: https://www.nongnu.org/oath-toolkit/

> Given a shell command for this, do we want it implemented in Emacs
> too?

I don't think that the existence of shell utility is a reason not to
have a feature written for Emacs.  Elisp scripts are usually more
portable and certainly more easily hackable than their shell
counterparts.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07  3:16 ` Richard Stallman
  2024-02-07  6:46   ` Jean Louis
  2024-02-07  8:23   ` Philip Kaludercic
@ 2024-02-07  8:48   ` Michael Albinus
  2024-02-10  3:55     ` Richard Stallman
  2024-02-07 11:43   ` Vivek Das Mohapatra
  3 siblings, 1 reply; 15+ messages in thread
From: Michael Albinus @ 2024-02-07  8:48 UTC (permalink / raw)
  To: Richard Stallman; +Cc: Vivek Das Mohapatra, emacs-devel

Richard Stallman <rms@gnu.org> writes:

Hi Richard,

> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?
>
> Given a shell command for this, do we want it implemented in Emacs
> too?

I'm not Vivek, but I'm currently reviewing his code. The big advantage
over a shell command is, that it integrates with Emacs' password
infrastructure auth-source.el.

OTOH, I don't see which advantage we would gain if the implementation
is based on a shell command.

Best regards, Michael.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07  3:16 ` Richard Stallman
                     ` (2 preceding siblings ...)
  2024-02-07  8:48   ` Michael Albinus
@ 2024-02-07 11:43   ` Vivek Das Mohapatra
  2024-02-10  3:55     ` Richard Stallman
  3 siblings, 1 reply; 15+ messages in thread
From: Vivek Das Mohapatra @ 2024-02-07 11:43 UTC (permalink / raw)
  To: rms; +Cc: emacs-devel

On 07/02/2024 03:16, Richard Stallman wrote:
> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?
> 
> Given a shell command for this, do we want it implemented in Emacs
> too?

You could implement a shell command, but it would not interface
with emacs' auth sources (which includes support for the freedesktop
secrets API and PGP encrypted files).

Implementing this in emacs allows us (well, me) to re-use the easy
support for desktop notifications, auth sources and so forth that
emacs already provides.

Having said that - there's no reason you couldn't provide this as a 
standalone command, and indeed there's an argument that a desktop 
environment should provide such a feature or application: For me emacs 
was the fastest route to implementing this feature and integrating it
into my desktop experience in a convenient-to-use way.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-05 15:35 New package for NonGNU ELPA : totp-auth Vivek Das Mohapatra
  2024-02-06 10:04 ` Philip Kaludercic
  2024-02-07  3:16 ` Richard Stallman
@ 2024-02-07 13:43 ` Michael Albinus
  2 siblings, 0 replies; 15+ messages in thread
From: Michael Albinus @ 2024-02-07 13:43 UTC (permalink / raw)
  To: Vivek Das Mohapatra; +Cc: emacs-devel

Vivek Das Mohapatra <vivek@etla.org> writes:

> Hi

Hi Vivek,

> I've recently made a package that implements RFC6238 TOTP and was
> wondering if nongnu elpa would consider carrying it:

Thanks for the offer. It looks like your package is already available
via MELPA, so I'm using this for review. First of all, could you pls
explain what's the relation of your package and the package totp, also
available via MELPA? Similarities and differences?

And a short search shows also the package emacs-totp
on Github, how is the relation whith that package?

Some comments on first test. I've naively installed the package from
MELPA. In a new Emacs session, I've called 'M-x totp-auth RET RET'. This
returns

--8<---------------cut here---------------start------------->8---
Error running timer ‘totp-auth-update-token-notification’: (wrong-type-argument char-or-string-p nil) [nn times]
--8<---------------cut here---------------end--------------->8---

Well, likely due to a missing secret. Should be told to me.

So I call the following 'M-x totp-auth-add-secret RET 1234567890 RET RET
RET'. The secret I've entered was visible in clear text - bad. You
shouldn't use read-string for this job, but let auth-source-search and
its :create feature do the job. If you really want to read the password
on your own, use password-read instead of read-string .

I was asked for Service, User, and Size. Since I didn't get any hint
what it means, I've entered RET, hoping for defaults. Well, in the GNOME
passwords I could see now a new item in the Login collection, w/o a label
and with the secret "otpauth://totp/?secret=1234567890;digits=6".  Looks
like related, but without a label it isn't useful I guess. I've deleted
it.

Next approach: 'M-x totp-auth-add-secret RET 1234567890 RET foo RET
RET RET'. Voila, that works! There's now a new item in the Login
collection labelled "foo", with the same secret. Promising.

I recommend to enhance your documentation, in the Commentary section of
totp-auth.el and/or via tooltips.

Now ruuning again 'M-x totp-auth RET foo RET'. "foo" is offered for
completion, good. But I get the error message

--8<---------------cut here---------------start------------->8---
Error running timer ‘totp-auth-update-token-notification’: (error "Invalid base32 payload length: 10") [73 times]
--8<---------------cut here---------------end--------------->8---

So the default length (6) does not match the real length (10). Should be
handled by the package.

Adding a new secret, 'M-x totp-auth-add-secret RET 0987654321 RET bla
RET RET 10 RET'. But 'M-x totp-auth RET bla RET' shows the same error.

Last check: Using 6 digits via 'M-x totp-auth-add-secret RET 123456 RET
baz RET RET RET'. 'M-x totp-auth RET baz RET' shows now

--8<---------------cut here---------------start------------->8---
Error running timer ‘totp-auth-update-token-notification’: (args-out-of-range "\267\316\370\0" 5) [76 times]
--8<---------------cut here---------------end--------------->8---

Stopping my tests. Pls fix the package (still in MELPA, no problem) that
it is useful for uninitiated users. I will continue to check then.

Best regards, Michael.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07  6:46   ` Jean Louis
@ 2024-02-08 19:15     ` Morgan Willcock
  2024-02-12  9:10       ` Jean Louis
  0 siblings, 1 reply; 15+ messages in thread
From: Morgan Willcock @ 2024-02-08 19:15 UTC (permalink / raw)
  To: Jean Louis; +Cc: Richard Stallman, Vivek Das Mohapatra, emacs-devel

Jean Louis <bugs@gnu.support> writes:

> * Richard Stallman <rms@gnu.org> [2024-02-07 06:17]:
>> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
>> [[[ whether defending the US Constitution against all enemies,     ]]]
>> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>> 
>> This is a useful feature, but should it be implemented as a part of
>> Emacs?  Is there / should there be a shell command for this?
>> 
>> Given a shell command for this, do we want it implemented in Emacs
>> too?
>
> I have implemented it this way below, and it works well now for long time already. It uses the external shell command. I would rather use Emacs Lisp for it. It is required at many logins. I did not show more than 3 logins below, and they are also fake keys.
>
> (defvar oath-keys '(digitalocean "31CHLCURYJ5VRDHB" 
> 		    tether "J2AMLDF473VHD517"
> 		    twilio "EB1JS6TJNL1TQCWSNEZJG6IQ4XZGSC4UMI276X3TEODG2VQRTE5A")
>
> (defun call-process-to-string (program &optional infile display &rest args)
>   (with-temp-buffer
>     (apply #'call-process program infile t display args)
>     (buffer-string)))
>
> (defun oath ()
>   "Ask for service and kill OATH result to memory."
>   (interactive)
>   (let* ((key (rcd-choose (map-keys oath-keys) "OATH Service: "))
> 	 (result (call-process-to-string "oathtool" nil nil "-b" "--totp=sha1" (plist-get oath-keys (intern key))))
> 	 (result (string-trim result)))
>     (message result)
>     (kill-new result)))

I imagine this is potentially leaking your keys by making them visible
in the system's process information.

Recent versions of oathtool can read the key from stdin, so any attempt
to create a wrapper should probably be using this feature.

-- 
Morgan Willcock



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07 11:43   ` Vivek Das Mohapatra
@ 2024-02-10  3:55     ` Richard Stallman
  0 siblings, 0 replies; 15+ messages in thread
From: Richard Stallman @ 2024-02-10  3:55 UTC (permalink / raw)
  To: Vivek Das Mohapatra; +Cc: emacs-devel

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > You could implement a shell command, but it would not interface
  > with emacs' auth sources (which includes support for the freedesktop
  > secrets API and PGP encrypted files).

  > Implementing this in emacs allows us (well, me) to re-use the easy
  > support for desktop notifications, auth sources and so forth that
  > emacs already provides.

Thanks for explaining.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-07  8:48   ` Michael Albinus
@ 2024-02-10  3:55     ` Richard Stallman
  0 siblings, 0 replies; 15+ messages in thread
From: Richard Stallman @ 2024-02-10  3:55 UTC (permalink / raw)
  To: Michael Albinus; +Cc: vivek, emacs-devel

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I'm not Vivek, but I'm currently reviewing his code. The big advantage
  > over a shell command is, that it integrates with Emacs' password
  > infrastructure auth-source.el.

  > OTOH, I don't see which advantage we would gain if the implementation
  > is based on a shell command.

The advantage would be to make this feature easy to invoke from
context outside Emacs.  I have a feeling that would be useful.

I can't estimate the magnutude of the disadvantages, though.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-08 19:15     ` Morgan Willcock
@ 2024-02-12  9:10       ` Jean Louis
  2024-02-14 13:05         ` Jean Louis
  0 siblings, 1 reply; 15+ messages in thread
From: Jean Louis @ 2024-02-12  9:10 UTC (permalink / raw)
  To: Morgan Willcock; +Cc: emacs-devel

* Morgan Willcock <morgan@ice9.digital> [2024-02-08 22:16]:
> I imagine this is potentially leaking your keys by making them visible
> in the system's process information.

> Recent versions of oathtool can read the key from stdin, so any attempt
> to create a wrapper should probably be using this feature.

I get it, thanks.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: New package for NonGNU ELPA : totp-auth
  2024-02-12  9:10       ` Jean Louis
@ 2024-02-14 13:05         ` Jean Louis
  0 siblings, 0 replies; 15+ messages in thread
From: Jean Louis @ 2024-02-14 13:05 UTC (permalink / raw)
  To: Morgan Willcock, emacs-devel

* Jean Louis <bugs@gnu.support> [2024-02-12 23:19]:
> * Morgan Willcock <morgan@ice9.digital> [2024-02-08 22:16]:
> > I imagine this is potentially leaking your keys by making them visible
> > in the system's process information.
> 
> > Recent versions of oathtool can read the key from stdin, so any attempt
> > to create a wrapper should probably be using this feature.

I use my command here to to go easier with pipes.

(defun rcd-command-output-from-input (program input &rest args)
  "Return output string from PROGRAM with given INPUT string and optional ARGS."
  (let* ((output (with-temp-buffer
		   (insert input)
		   (apply #'call-process-region nil nil program t '(t nil) nil args)
		   (buffer-string))))
    output))

Then I have modified it to read from input:

(defcustom rcd-oath-keys ()
  "List of OATH keys."
  :type '(alist :key-type string)
  :group 'rcd)

(defun rcd-oath ()
  (interactive)
  (let* ((key (rcd-choose (map-keys rcd-oath-keys) "OATH Service: "))
	 (program "oathtool")
	 (result (rcd-command-output-from-input program (symbol-name (alist-get key rcd-oath-keys nil nil 'equalp)) "-" "-b" "--totp=sha1"))
	 (result (string-trim result)))
    (message result)
    (kill-new result)))

But I am not sure if it can be seen in process list this way. What do
you think?


Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/






^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2024-02-14 13:05 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-05 15:35 New package for NonGNU ELPA : totp-auth Vivek Das Mohapatra
2024-02-06 10:04 ` Philip Kaludercic
2024-02-06 10:24   ` Po Lu
2024-02-06 10:27     ` Philip Kaludercic
2024-02-07  3:16 ` Richard Stallman
2024-02-07  6:46   ` Jean Louis
2024-02-08 19:15     ` Morgan Willcock
2024-02-12  9:10       ` Jean Louis
2024-02-14 13:05         ` Jean Louis
2024-02-07  8:23   ` Philip Kaludercic
2024-02-07  8:48   ` Michael Albinus
2024-02-10  3:55     ` Richard Stallman
2024-02-07 11:43   ` Vivek Das Mohapatra
2024-02-10  3:55     ` Richard Stallman
2024-02-07 13:43 ` Michael Albinus

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).