New package for NonGNU ELPA : totp-auth

New package for NonGNU ELPA : totp-auth

[Vivek Das Mohapatra]

[-- Attachment #1: Type: text/plain, Size: 889 bytes --]

Hi - I've recently made a package that implements RFC6238 TOTP and was 
wondering if nongnu elpa would consider carrying it:

totp-auth.el - Time-based One Time Password support for emacs

This package generates RFC6238 Time-based One Time Passwords
(in other words, what Google Authenticator implements)
and displays them (as well as optionally copying them to
the clipboard/primary selection), updating them as they expire.

It retrieves the shared secrets used to generate TOTP tokens
with ‘auth-sources’ and/or the freedesktop secrets API (aka
Gnome Keyring or KWallet).

You can call it with the command ‘totp-auth’, ie:

    M-x totp-auth RET

You can tab-complete based on the label of the secret.
Depending on the setting of ‘totp-auth-display-token-method’ the
TOTP token will be displayed (and kept up to date) either in
an emacs buffer or a freedesktop notification.

[-- Attachment #2: 0001-Add-the-totp-auth-package-and-its-dependency-base32.patch --]
[-- Type: text/x-patch, Size: 1750 bytes --]

From dd15c0496cd530fb1bd18e7a79a827e76bb29a57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vivek=20Das=C2=A0Mohapatra?= <vivek@collabora.com>
Date: Mon, 5 Feb 2024 15:19:34 +0000
Subject: [PATCH] Add the totp-auth package and its dependency (base32)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This package generates RFC6238 Time-based One Time Passwords
(in other words, what Google Authenticator implements)
and displays them (as well as optionally copying them to
the clipboard/primary selection), updating them as they expire.

It retrieves the shared secrets used to generate TOTP tokens
with ‘auth-sources’ and/or the freedesktop secrets API (aka
Gnome Keyring or KWallet).
---
 elpa-packages | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/elpa-packages b/elpa-packages
index 1f9a16311c..8ed3955547 100644
--- a/elpa-packages
+++ b/elpa-packages
@@ -49,6 +49,10 @@
  (autothemer		:url "https://github.com/jasonm23/autothemer.git"
   :readme "README.md")
 
+ (base32		:url "https://gitlab.com/fledermaus/totp.el"
+  :ignored-files ("totp-auth*.el" "Makefile" "*.md" "*.html" "tests" "README")
+  :version-map   (("0.2" "1.0" "v1.0")))
+
  (bash-completion	:url "https://github.com/szermatt/emacs-bash-completion"
   :readme "README.md")
 
@@ -760,6 +764,10 @@
  (toc-org		:url "https://github.com/snosov1/toc-org.git"
   :ignored-files ("COPYING" ".travis.yml" "toc-org-test.el"))
 
+ (totp-auth		:url "https://gitlab.com/fledermaus/totp.el"
+  :ignored-files ("base32.el" "Makefile" "*.md" "*.html" "tests")
+  :version-map   (("0.4" "1.0" "v1.0")))
+
  (treeview		:url "https://github.com/tilmanrassy/emacs-treeview"
   :readme "README.md"
   :ignored-files ("LICENSE"))
-- 
2.30.2

Re: New package for NonGNU ELPA : totp-auth

[Philip Kaludercic]

[-- Attachment #1: Type: application/pgp-encrypted, Size: 11 bytes --]

[-- Attachment #2: Type: application/octet-stream, Size: 8673 bytes --]

-----BEGIN PGP MESSAGE-----

hQGMA8l9AV1fe8J4AQwAz/QMs0AwGZjXK465T/saRV5yPkV4DrUkJ2AIaUVHqdH+
sdQgZJQzeh/2YlVtn+KvE1rrnTSbrVsQOUY+NlmtVlHBoECS42Bg37YDuizod22Q
hD+k3oIRep+D68FvOQm6zgoQsVhzJANZ5lk+jV21bS2exyCcUZzxW+3Ga/Pu09zz
gFs5K0ZjBJ6OYdKYQwWWn4IQozR06kuDoTwvqJvz87Hify1To9qaugtQ5yMVsRXk
hBupIGiCsR2UFVUS16Caxz7du3CehtPYMFG3R2TppJITl8Fua+fSSvq/DEjs0aLL
zNYuKO3F4VwGGx7UasOD5oVCk/R65Jh7Omp+HcN/EtJGAZ9hHBWrFDocNTf3MFXw
rhGccoW2Uqsav0/IrdL8wB0OQSroiZCV3E21FmJ2439uwvW6oRF0LSYUl1bO0yuI
I/JOFH8240c/gln96Z/D/E66mcQ7xOPUz9VDgIUq+ImaYBcks1Yc3Es1Vk3Qzwtw
GSJD7ny2HacdziQW2vW60uwBwTUe7S/vYIcCpjSLbgHdDgTt++2SrXqPHrLoH8ON
qDliOiVjHUFIfo2l5a7dTOSW+DaB3FFjUHQB3dS7bPlRJXxRnagniqTSCEfPUzTS
QjwwlTBoXRauiXLgEGbz6OPvaQ9d69GySV8xVykomkDDBL3sd2YX+ZVAKOvlkiT9
D6RREOS/L2xGLWg6trVQ4fc1Sd7P1y93SiahNkLzDgomIm3qn8kNFXN1pSmdEBth
/ov8g7T+drToTrbCc+FRlKZIPonAjfFuTV0ucfovtbMxfBdeLwMwLKCBKUa/FQiu
MzLp9FtNtkZi5bfiQ1ZozQgu4YqLHT6S1UapspK9/mBKewyUaw17imOoEc/O54iu
1kGrUwShhILjePkvGTfUsUsRozx1Joj82zAbBkjA4Quy9zAw/gQyohSU8v9xexKd
uxAZTJuqtr16EfLslN+Rp/nkTmXo3afaZK8Tul9vyw0V07hGNWnaDMJQZR5q1dFg
2qRc/4bJKrUDZv/zl9PMW0cEdhMJOO8Hvg2DZNzytaDnEdcIGLUEfZEMGqjlV5Kk
0hRxZXM2o8vTfvG+9x0ZofAMTgOISLvvZr1yx+aN1Q59oY7FqVHrDF0iybkU6Dlc
YUlZNDuysh2IIBO46WqWqxtijVedvytKS10GeFGrtJM2yNgtULpb3fNfpt8VubZL
Mt6r/Nd+6HHtBZpasCjijCoCWPUFut4glprs65M1HJyp66GTKwWOlA64N8rhHPWT
Ytvb2flXoFQdh7UFjYuMTi03iizmzU/lXNmGDthzxCCZrm3uB1sKe1DIDhL05Llh
EmiBPMlyM/xUf+stNXADWfQisG8KVQz3O71pnojLbRkRVN9lK8m4gCbeDfsBxg1R
YaFWVD2ipqK+ldNR99+KSSsYhpeObSAPaoPqKazcm7qhmqymyPqNG8unPbDfrgft
OOJ7MnOc4ZkQqmqRN/SqgxN6QMBIv2795ee+SzBeO0DvHBd4U0ozAeW5MXD/2zWu
GgWxaNUECZKsWtLFEcix8VWu4S0vWIv4KB3kTn/FyWiJAPZzgGHFOUMp5IrWD7E3
G5IMiezLv805omSaCUAnEAwcGeZKPJ+xGFXz7SuQ0zwq990/w/UZqPxj6Jor/UhJ
BwqDI2wJQZQuD7tTq5PfwlEtdUeX426bxcn828PAbGNteC+vMG1Dlgq2T7294oqH
DShxh/EFdB6vybmczykUVqepNf0nQgaxpv3hrrOhYdEOD7cVLMaI7GX8Lcw97mEA
VAvGAbDPIFre35eAXLuVVtn6WEtmuUInilRd7ftm90SuBZraTc1mdJVPYDsAs/bF
vygnyk9Xb9rqiOGo0JZZydn8B7cscodT2uVWqIIMdrBhld17rD/y+pF/Dfjly3NF
XfBH25VzSQuezbBow8SfwiwvNr9DG9pCrE8jmrWgfjXeb7L+pZV5ln2UxbAEqx7k
8aLfL1DL0YZ93S1yZc2RlBMKv7qSrTIzIFj9g86gWUy6/jUJ5On9lul+Xe05GNt7
7uJIwr9yIWYEVw3r4zv7xBTDqkoDK7zbRPmNUg/8EXahaDEiE5NrQxSnUtD5szO+
d2dPmKqIzPkQLyVcHb7/RlLAXQiHvWBy/dVEexjXC+ebHBcVekBSBIYuaC8zkPc8
9vPKyIMFjwMU7qgDTAWUlfWYqx/v27I6J9Ca+CMpLIb1mXKSlhuIeZ0e8rYTMXIC
1t+uIy+Z1sAq8OGd6XjxIzzvqNcZPSinKDUI/kVD9VFUn+YBn/8YzmuSkzpM3D29
o0QTm9OOSsNmcehmILrN2zE13Vb9AAAB6NLPn0/kOSFMAWN8nCTdJ8pr/9rGNLp+
o99NHbss4a1UNPl/2oMEUjXF42MyP/iSkroEDgHC101f7ySL7fwpB4HPnLvejdr1
2WN5pfr9Ul2q57/y6qf2egpkzNJX0zG+sgRNvlcVfQ4+mY0ZGNW8nXeWGGo6kRtu
KDB5ZHVqpElVQ/6qmp07becEigrnJ+Ho3/nwc9K4sWDlvHe5UcZA4VPMto4PDeUG
xVcwW3vkgk4oUVxxqlj86PGJATEBAT2ll2UovCZFsN0fAS2wH3vlGr+D0NEZD1IN
vZOWhTzyNxd4hbAjtPEAtSS00aubnFoNkRmMprFosudBkrPcr3qyRzgqSUCIVcaD
mD5szJ/eO1tTJNJooEoj/N/p8/DLJVPMvKO+6OIthpPw2RBy8SUUlmsEfzDVBU4/
e9AXsOOPeoGKPIK7pVKqyfIz1qosWPpy3rEt84oO9ihySOLkthXvnhCRS/ajw/eS
Q/gTm4SWr5Dz0JEFDYXIvQ7Fnx65lam1zuDw5gDgejoFmUhrB7MncuklXT8laBw1
bTCVqNw+X+MPiGrNUL4xeoYlUjpF5/THQ63GJfDe4dT7HXlOjs7iScjo2yXoOckb
lvPE6jGDdIG6oMc8SjePVQsyH2QdHf6VC9u5xpxCEarg5UtLyjE+lYwneMq3PC9S
93ouyyegjBIkAkoA3mnS+0j3tiqJWV7//n2I7Dr6xo2MeHUwm4tnmjdo/dvLyUvp
ZGBK4VFn96z5HjrWpMScFW/fyaYZIIh9Cq6C7oYMH2apxcXaOcb0Dj6fTlMWG+pw
+oJD0TUyEWZ4CgvSZpLoQiZGVmtH477C1kzvuxK92gHbCNZgF04TvxlQMfvNocwc
DM5l7PFgiEh4IlCfpwnhiK2iU71t/YKy9t9TZFxKWkinKSr2s4RofETPxulwfPGW
44m/H99bJ6hIvcXIxQFaOCE3PipaZLYR16iUMrFGx4+MM9WiRnTorgVsEflD7usS
5u1BUEheQ6aK247YwCvi0P/OpjBO7Fj9ywfQFDzeaLiikFCoVAmpXlti/UH3tnNG
iNI2FAZoiC9Fr+MOU+mtUeRciHN9h3h7sCzySyTd47+ldBgOPCtbyB/bDaGnHirf
dJRwXtD0mS3ga4q3uXd/eAQ4hlsWPa1iz70RJhStFaMJ2crC9kxcsbtDLal16+/t
j+HwichgtA0LGXoeRSh6dgtF9XM5Q2WV8zCsYVND295TsDn/ACO5Lc1m0yHR/dn0
JoRf79m6Kt2w+N4QhC9FXTqmRd3w51UEBPLG777EoxtacK5nNrVK505pvCbS5ZTO
mYMIlOcyUM15CQUpcgfDX4XBJSwKhL3hu/pIQ8M5obYxCFmcd7KBRxQYZn0yDujJ
8lloiauSNDHcgFeUHo6d9V6NebEAL8a5554P1UOPQNG4LTjmkhaUeO5AwkzIEBEt
rnRkaxsqwKSgzryI1R9foBxFZfVTJT1yoCm2qXGoqcqc+OoLPx/2wuTtuL0UvAMa
2t1s28Wz9EEvNFW2WGnvqYJkEDlWCGhkCQL7KrwN/5zIgeZ/xLEHPO5sYDpv1oco
x7dKBnVoXB6JvujP40zd7EDiDKz0y6SAGzXD/nmA+PiI6c6I613TC8rZAMG9Ki+W
kPdmX+NZ4PX/hRIYTPC9ruHNRx35cGZVUwVqIl9sYop0Y9dD+USuLDF0OMIKbIFx
DPKbh3YCEvu5Xp/QdXlQ1Y5A4tKLWPcZmZ8Ge6qt4ueajLa+ra2OFvTX64AYcQdt
z9NNU/IfqKpN0baitP4jHCIl63pCig8ogWPyh7UuUcjyhyHWoKxRkAWkMWpc1spE
AdtG/sgeEVQlvMMwkDrbew6OB8jmSGHi/4oyLKjiBY2ulM0Pl4A6x1dLWItuRbHm
v+eQEx+pE2iXg0CMyhEKfzr4Mfdw4gaL2MXQsVbF4HfQO/A+K1Nrl5Syx4RAQPND
Gjp+RwUYW9WxVirWHDz5gyn8eE20SnlJYB5ao0t5OQDyXQetMeOeU/6XR0eOUCRV
eCpxuDwcWV4oQkIn53hinh1ZT2c/l80vHFm+nI73zHraXws+kjsIUxHuy4h1gQYW
vLLGurvwn4rUuTW5IhWz+T/SPywFExas/b27Z62WXtHkxqNiUGGQfdjwvQWXEh9M
S6f49EvDqGV10tG65a3SJlBanFq1cfnj0B0m2vGfcN6k1FH60S80gwkjCdH405/8
UAItxjIBW3Q4BDfoHm3gAjUoYRfkn3xTE3zUYqgG565Q5N3CDSP7eEqiHU9DvyRf
GXUAS7cLGtWylmqzIz/Sq8Z2xJT/ZnzwwLZwXj0cwgFHBwYvl6mZ/q/lG9DKb5ju
rAQsiUUwhpi5zar3I09+XJ+bivDNG/lncYfx8LcpnZ6ZTCCzx381WH2nxRp2Ez4Z
u0SqAd2d/6jrcD6T1oIb0aFvBF8jxfoA75dz5qPVN4AH7H7+Ckta6K7Tf6XZcpcu
W4V4tzBN/vxB4lhxm4EVP1BbbL4i8JiW7J1af9A6JHaa4uTsvqfGsGOeuFMsOEvT
qLoBUIX+KtP8qM41qc20EaBIotCmX8hyCCZXnrdhFxygHMaUgvkZyp+J2Q/neGSH
U4u+lSWab7t1r6/INaHMEiy/986mOOLDk6arxp+y9gJf0yoZmdLY/94+haPJV95J
116vdflItNjLHl1+93smGzE7qOngtG1FqgM48w/e+311NDe1997W0T/lmKmOAzOy
XQuC0qwGHi3eTNWUQzkHj/m9yRp6rHPw5E6Iqrscf0fKIX0Bt0cO3KPwqrS66m2L
OkHnBpG19Wti5DXIQJ1B1ADfYkO7L2CB//iA3oquTOV0wkwcmHBZmTH9h7rVa3YB
+BrkcqaHcc3Iht/m/+Y6yCwBSKGBNMHKSYlpDOl7Z9SkyI22Knxh7Qm541W5wwrM
TUtylORjctUCpGG6BMYmO5MgrHxpYgohRo5ypLHzWWombMYQxWtTLiUbZuRf0+Nz
W26m+0JReF3vILkYyRP5N1oKVAm9uQNA2cvHXpf6WAF/inJ5WtNAmGxIr9n46ruc
P5ksUWt3MvVsXNFANpo9SDpAN1+DWQ+WeCpScM8OigKMYZUnikrArjgZGfHzGYPk
SxzR6fA+ams0XFeEycAWP6ITe9Ov3H6bzpFwx1aMx3+L3s5+2xVgYZb92zUGCH0U
wAqP46btS7LGvsrlUUNMXi8MQE0CCim/eHraG0F4Xy0kiEF+ie6hKmqPGyOLZodM
m1udwAPQpsVUfVcUv6Bfavww8EbbQRI8NR2R5qECLbXLQ822xfpr9LTxfxwQdRY7
xHQznZeZWdtqdIDXN6hfBdqaVLkm5qlyUy884JQZ6Psogs9FcA6lM2KgDcJDG9t0
6qgfEKTAyvLN3Uy62uN9EzbFGq93JI/0RCBSiyQTwtzkhUrSJMZGSYT5qdIjct0A
wLJN9k1od1aVksgreHi7XF1Ug8YwRSsB0xQIGZ5VH3YqzuRVlHqtDkV7q434/htr
dBiaEUpGsanHzak9YzYevXFcuYabNXEywwDRF6s+vAI3xx8eSkbwYVS31aIcrkhG
Ya/SunxRNCXPzNDKEyQ/tzdPMzXtvjHc46hqMAeIApb113S0bRz8e6ME6KOeoXmK
ZHiu5X1u2aHLuYIN/HVkQwRhRoBPe1K9cvCBz2ibWyO06iRBrC98KuZKvDNugIkr
TMEmuLujzNEAlL8mZ+0cY0kJBCQ6eLXTTcilC5zKiBiVcjtpJZQtev7xbK3Zc+n6
n1HkA4KNMPQuQCmm5Qe5pIPYd36RY3zAycZs0zZS5Mn0Gi127mhyF2/VV85sQ80s
mJSNnntvqHrYT2SYK83UL6D1L4gP+7lRDaqqWp24nbOHfcf9cPo9Jjbcnvf8tf4A
BRY2CJwy4bbv8/eFg4elSFfRVSebgApl+aezZv/+CSiOLXKET5lA5tLbuQMugUt8
mCBlq6f1/Nt58CCg6XxnwhpM9kGa+1LPAdhReRc9ZGGmnYa4fjPz0zpNYok/Aq06
zeGSXijv/dqw7v/21vqBMzjv6sn8Ykj8bKHPgCzCLJH38vtOyWtthmGJxX93HuIQ
hWTwZ/6/EFvjRLqmAwA7cpEaxif07LxukFcrX6eHtjNH0SW/ciOKhxBLB5cs0y2s
B1l7gLrzeoKdvwu36geRKiOe+bwm4ZAq/GnsZuz1xB7B9RMcSBuM6ArhmcMB/MLw
yj6GlrWyyLllMFOrEkoY791zsDO64fn4KcqrpApie25kLtPfW+KJ2rn+jKkzePlZ
aPc6Kw5uzEixWuPeKTcB2bRCQvGSQD/JLgs+QgBTvYHaULUJv4octG8su/I8Agxg
do0+PDs8v7h6xiQp7a7S0edgtfMyKrVCmJoYnjlIJsDe016ezUbl8OyYNSJ6p3r2
Pd0VakKdPQxTdBQivuxWjmPDoHWfd7aLqTb0AX8KPDIImxTA5ITyTXzRXpsBm5g1
W2qqTFgb9G0eDlJcP3Vt6TSmkLfHnAYp3tBCmybL6wgQtITcuBpklx2bm0mIWiC2
RVL3VW4zXoIrVPBa1Z9RoSLWpnb61WpZHgth5dggWlJ5BPYT+NNEs4lAysJj25Wb
yu1rGGTJOp0ft4Q/MGaj2Q2Get/knaJinjvtfyPj2gyp20YBU4IXr8XdUasPoFuQ
+VrBT7d+fVPN3rK/gsAI5d+d332ZzW4SXi2vzbKDATzW5mjsyGDhcu20qFicxDq2
FWhsP865VMp9S9dVbnENAp/BW2xrzBQg0BtfQ+HuSr1TYVd/DYlhIOOw3DTugCZv
XqIbd+IE/DA9ZfjYz7XyvZe7wRXzliC/qJgnCURa2aozH2xzqG+mj1M6HjfUd4cc
dPHLcZFDU5S/Bqnq1CVwpnhzFJkdHaO5SF8Dfg6sKCXDFuCXspV4vNEfGB2IHdda
HIQTQpK6nYdI8oq+g9SVnq5DgAPlEbC57Tf/d1Ge4ugzCU8QWLZXEVayZ4VVfTne
gFyEeU2yvF4aN0wiVh5hFOFhJn20qtUcAfcLuSPyPE7WvldFSkDQQI0s7BE354W7
eODprXpqJOozeWxg7uFH2SSXf+ZnO1NhdxdSpzbJe+esGenYdZH0tbxJdQlvG4D0
Xfpp37ml6x4l92IeOCQlGn2rWseH+gH8WpuynyEu0WII9+K8UzKoB45g/3uIn0cP
NWnycvLX/rNfVWlE1OX0vI7bio3jKI7WqTFDqnYAsRf/B5+lnKWYuGK6F0PT4kcu
3hqLswDqy3YvJ7G/Zudv9RZvOg7Xldr5aFmx8Uwdwj1JtoWXMwfQqx8K/ELqOhLk
dWaD7NGIR0eGRpOu/aWPS9ci6rd1Rp488ygLJYJtX+m2nq6QtbGgrl5ExAwCiICy
gsqpXnlGpxtwTeQWFFM8hafktls2YCJQXzR9bCHWWxBYqH8Dvpq4VtDC1CgweZvr
QLO7ggFKYCAPwJ1oNCwRUD22oI2pY5D8TKAaot/kdppkklWjmR/3V2+XfYryw7lt
vMWKK0IzKmfCPL0yfWvW+uRPWdhQ/ZwFIpwT80EF/sBm3OsFnH0jUhEsjQCB2thX
scl/XgbHC+mlC1SobZx3X7gOiVfTESQytX8pZ4BNRN+qfkxm1mChV9R8AzqZDzYC
5iv4RW479fTNrrTR3StjULtzUevcw6xVX7d/c8ZtcfPBfBhNv+oO6C2jVKDcQZjY
1EhJLPkNQf+2w+LM0cYeyAjddidqvffXuT7A+pfHTvfBeKTAgTrAgOoqS+CgcFQo
wWPvi6l7ricXE+9Z6LxzfFLZ0alGIPpEZf1dY71y7CZL8thM0fblvt/zfilWgil4
epBms6zwHLRTnEeFNuaCQ2bBwxkIEEa6velGopyT+7eMFWrBibE06NisVL6pCqbT
lsvKx9bunCReMeSe/snD2Kmo0pIfXPaCnCoFNzz1gTbdnfOycjFDb2aQLYNHvtNX
YYUwXf0a4uAnXJ/1+IWcpL+8KCc5ujSl65cd75xp5uescCpNvgJR9gtOnlDfybG5
lf7acloW7mFzlFZQQTIODouh1L3aXukgL9gDiGHVqWxRuJkjArPalSlRmAnjgF7Y
ccrex7lBVvHsIGuaS5vKphUiZTCBk1V+ZsbmyjAyQq0xAMGBBM2DgYQCIzan++SG
P5HRSQMs/LJIX+lQVU5fvsBc7e702g==
=v43Z
-----END PGP MESSAGE-----

Re: New package for NonGNU ELPA : totp-auth

[Po Lu]

Philip Kaludercic <philipk@posteo.net> writes:

> Error!  Result from decryption:
>
> Decryption failed
>
> Decryption failed

I can't decrypt this email, so would you please resend it _without_
encryption?  Thanks in advance.

Re: New package for NonGNU ELPA : totp-auth

[Philip Kaludercic]

Po Lu <luangruo@yahoo.com> writes:

> Philip Kaludercic <philipk@posteo.net> writes:
>
>> Error!  Result from decryption:
>>
>> Decryption failed
>>
>> Decryption failed
>
> I can't decrypt this email, so would you please resend it _without_
> encryption?  Thanks in advance.

Uh, I don't know why this message was encrypted?  Thanks for the notice,
I'll try to resend it decrypted.

Re: New package for NonGNU ELPA : totp-auth

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

This is a useful feature, but should it be implemented as a part of
Emacs?  Is there / should there be a shell command for this?

Given a shell command for this, do we want it implemented in Emacs
too?

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: New package for NonGNU ELPA : totp-auth

[Jean Louis]

* Richard Stallman <rms@gnu.org> [2024-02-07 06:17]:
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> 
> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?
> 
> Given a shell command for this, do we want it implemented in Emacs
> too?

I have implemented it this way below, and it works well now for long time already. It uses the external shell command. I would rather use Emacs Lisp for it. It is required at many logins. I did not show more than 3 logins below, and they are also fake keys.

(defvar oath-keys '(digitalocean "31CHLCURYJ5VRDHB" 
		    tether "J2AMLDF473VHD517"
		    twilio "EB1JS6TJNL1TQCWSNEZJG6IQ4XZGSC4UMI276X3TEODG2VQRTE5A")

(defun call-process-to-string (program &optional infile display &rest args)
  (with-temp-buffer
    (apply #'call-process program infile t display args)
    (buffer-string)))

(defun oath ()
  "Ask for service and kill OATH result to memory."
  (interactive)
  (let* ((key (rcd-choose (map-keys oath-keys) "OATH Service: "))
	 (result (call-process-to-string "oathtool" nil nil "-b" "--totp=sha1" (plist-get oath-keys (intern key))))
	 (result (string-trim result)))
    (message result)
    (kill-new result)))

Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: New package for NonGNU ELPA : totp-auth

[Philip Kaludercic]

Richard Stallman <rms@gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?

There seems to be this: https://www.nongnu.org/oath-toolkit/

> Given a shell command for this, do we want it implemented in Emacs
> too?

I don't think that the existence of shell utility is a reason not to
have a feature written for Emacs.  Elisp scripts are usually more
portable and certainly more easily hackable than their shell
counterparts.

Re: New package for NonGNU ELPA : totp-auth

[Michael Albinus]

Richard Stallman <rms@gnu.org> writes:

Hi Richard,

> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?
>
> Given a shell command for this, do we want it implemented in Emacs
> too?

I'm not Vivek, but I'm currently reviewing his code. The big advantage
over a shell command is, that it integrates with Emacs' password
infrastructure auth-source.el.

OTOH, I don't see which advantage we would gain if the implementation
is based on a shell command.

Best regards, Michael.

Re: New package for NonGNU ELPA : totp-auth

[Vivek Das Mohapatra]

On 07/02/2024 03:16, Richard Stallman wrote:
> This is a useful feature, but should it be implemented as a part of
> Emacs?  Is there / should there be a shell command for this?
> 
> Given a shell command for this, do we want it implemented in Emacs
> too?

You could implement a shell command, but it would not interface
with emacs' auth sources (which includes support for the freedesktop
secrets API and PGP encrypted files).

Implementing this in emacs allows us (well, me) to re-use the easy
support for desktop notifications, auth sources and so forth that
emacs already provides.

Having said that - there's no reason you couldn't provide this as a 
standalone command, and indeed there's an argument that a desktop 
environment should provide such a feature or application: For me emacs 
was the fastest route to implementing this feature and integrating it
into my desktop experience in a convenient-to-use way.

Re: New package for NonGNU ELPA : totp-auth

[Michael Albinus]

Vivek Das Mohapatra <vivek@etla.org> writes:

> Hi

Hi Vivek,

> I've recently made a package that implements RFC6238 TOTP and was
> wondering if nongnu elpa would consider carrying it:

Thanks for the offer. It looks like your package is already available
via MELPA, so I'm using this for review. First of all, could you pls
explain what's the relation of your package and the package totp, also
available via MELPA? Similarities and differences?

And a short search shows also the package emacs-totp
on Github, how is the relation whith that package?

Some comments on first test. I've naively installed the package from
MELPA. In a new Emacs session, I've called 'M-x totp-auth RET RET'. This
returns

--8<---------------cut here---------------start------------->8---
Error running timer ‘totp-auth-update-token-notification’: (wrong-type-argument char-or-string-p nil) [nn times]
--8<---------------cut here---------------end--------------->8---

Well, likely due to a missing secret. Should be told to me.

So I call the following 'M-x totp-auth-add-secret RET 1234567890 RET RET
RET'. The secret I've entered was visible in clear text - bad. You
shouldn't use read-string for this job, but let auth-source-search and
its :create feature do the job. If you really want to read the password
on your own, use password-read instead of read-string .

I was asked for Service, User, and Size. Since I didn't get any hint
what it means, I've entered RET, hoping for defaults. Well, in the GNOME
passwords I could see now a new item in the Login collection, w/o a label
and with the secret "otpauth://totp/?secret=1234567890;digits=6".  Looks
like related, but without a label it isn't useful I guess. I've deleted
it.

Next approach: 'M-x totp-auth-add-secret RET 1234567890 RET foo RET
RET RET'. Voila, that works! There's now a new item in the Login
collection labelled "foo", with the same secret. Promising.

I recommend to enhance your documentation, in the Commentary section of
totp-auth.el and/or via tooltips.

Now ruuning again 'M-x totp-auth RET foo RET'. "foo" is offered for
completion, good. But I get the error message

--8<---------------cut here---------------start------------->8---
Error running timer ‘totp-auth-update-token-notification’: (error "Invalid base32 payload length: 10") [73 times]
--8<---------------cut here---------------end--------------->8---

So the default length (6) does not match the real length (10). Should be
handled by the package.

Adding a new secret, 'M-x totp-auth-add-secret RET 0987654321 RET bla
RET RET 10 RET'. But 'M-x totp-auth RET bla RET' shows the same error.

Last check: Using 6 digits via 'M-x totp-auth-add-secret RET 123456 RET
baz RET RET RET'. 'M-x totp-auth RET baz RET' shows now

--8<---------------cut here---------------start------------->8---
Error running timer ‘totp-auth-update-token-notification’: (args-out-of-range "\267\316\370\0" 5) [76 times]
--8<---------------cut here---------------end--------------->8---

Stopping my tests. Pls fix the package (still in MELPA, no problem) that
it is useful for uninitiated users. I will continue to check then.

Best regards, Michael.

Re: New package for NonGNU ELPA : totp-auth

[Morgan Willcock]

Jean Louis <bugs@gnu.support> writes:

> * Richard Stallman <rms@gnu.org> [2024-02-07 06:17]:
>> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
>> [[[ whether defending the US Constitution against all enemies,     ]]]
>> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>> 
>> This is a useful feature, but should it be implemented as a part of
>> Emacs?  Is there / should there be a shell command for this?
>> 
>> Given a shell command for this, do we want it implemented in Emacs
>> too?
>
> I have implemented it this way below, and it works well now for long time already. It uses the external shell command. I would rather use Emacs Lisp for it. It is required at many logins. I did not show more than 3 logins below, and they are also fake keys.
>
> (defvar oath-keys '(digitalocean "31CHLCURYJ5VRDHB" 
> 		    tether "J2AMLDF473VHD517"
> 		    twilio "EB1JS6TJNL1TQCWSNEZJG6IQ4XZGSC4UMI276X3TEODG2VQRTE5A")
>
> (defun call-process-to-string (program &optional infile display &rest args)
>   (with-temp-buffer
>     (apply #'call-process program infile t display args)
>     (buffer-string)))
>
> (defun oath ()
>   "Ask for service and kill OATH result to memory."
>   (interactive)
>   (let* ((key (rcd-choose (map-keys oath-keys) "OATH Service: "))
> 	 (result (call-process-to-string "oathtool" nil nil "-b" "--totp=sha1" (plist-get oath-keys (intern key))))
> 	 (result (string-trim result)))
>     (message result)
>     (kill-new result)))

I imagine this is potentially leaking your keys by making them visible
in the system's process information.

Recent versions of oathtool can read the key from stdin, so any attempt
to create a wrapper should probably be using this feature.

-- 
Morgan Willcock

Re: New package for NonGNU ELPA : totp-auth

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > You could implement a shell command, but it would not interface
  > with emacs' auth sources (which includes support for the freedesktop
  > secrets API and PGP encrypted files).

  > Implementing this in emacs allows us (well, me) to re-use the easy
  > support for desktop notifications, auth sources and so forth that
  > emacs already provides.

Thanks for explaining.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: New package for NonGNU ELPA : totp-auth

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I'm not Vivek, but I'm currently reviewing his code. The big advantage
  > over a shell command is, that it integrates with Emacs' password
  > infrastructure auth-source.el.

  > OTOH, I don't see which advantage we would gain if the implementation
  > is based on a shell command.

The advantage would be to make this feature easy to invoke from
context outside Emacs.  I have a feeling that would be useful.

I can't estimate the magnutude of the disadvantages, though.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: New package for NonGNU ELPA : totp-auth

[Jean Louis]

* Morgan Willcock <morgan@ice9.digital> [2024-02-08 22:16]:
> I imagine this is potentially leaking your keys by making them visible
> in the system's process information.

> Recent versions of oathtool can read the key from stdin, so any attempt
> to create a wrapper should probably be using this feature.

I get it, thanks.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: New package for NonGNU ELPA : totp-auth

[Jean Louis]

* Jean Louis <bugs@gnu.support> [2024-02-12 23:19]:
> * Morgan Willcock <morgan@ice9.digital> [2024-02-08 22:16]:
> > I imagine this is potentially leaking your keys by making them visible
> > in the system's process information.
> 
> > Recent versions of oathtool can read the key from stdin, so any attempt
> > to create a wrapper should probably be using this feature.

I use my command here to to go easier with pipes.

(defun rcd-command-output-from-input (program input &rest args)
  "Return output string from PROGRAM with given INPUT string and optional ARGS."
  (let* ((output (with-temp-buffer
		   (insert input)
		   (apply #'call-process-region nil nil program t '(t nil) nil args)
		   (buffer-string))))
    output))

Then I have modified it to read from input:

(defcustom rcd-oath-keys ()
  "List of OATH keys."
  :type '(alist :key-type string)
  :group 'rcd)

(defun rcd-oath ()
  (interactive)
  (let* ((key (rcd-choose (map-keys rcd-oath-keys) "OATH Service: "))
	 (program "oathtool")
	 (result (rcd-command-output-from-input program (symbol-name (alist-get key rcd-oath-keys nil nil 'equalp)) "-" "-b" "--totp=sha1"))
	 (result (string-trim result)))
    (message result)
    (kill-new result)))

But I am not sure if it can be seen in process list this way. What do
you think?


Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/