From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.devel Subject: Re: New package for NonGNU ELPA : totp-auth Date: Wed, 14 Feb 2024 16:05:30 +0300 Message-ID: References: <861q9mzs12.fsf@ice9.digital> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24483"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.2.10+64 (b470a9a) (2023-06-05) To: Morgan Willcock , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Feb 15 06:45:25 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1raUYm-000677-Ew for ged-emacs-devel@m.gmane-mx.org; Thu, 15 Feb 2024 06:45:24 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1raUY9-0001MX-Nn; Thu, 15 Feb 2024 00:44:45 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1raUY7-0001MN-Ki for emacs-devel@gnu.org; Thu, 15 Feb 2024 00:44:43 -0500 Original-Received: from stw1.rcdrun.com ([217.170.207.13]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1raUY5-0003YK-Tr for emacs-devel@gnu.org; Thu, 15 Feb 2024 00:44:43 -0500 Original-Received: from localhost ([::ffff:41.75.181.142]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 000000000010D975.0000000065CDA4A7.00006063; Wed, 14 Feb 2024 22:44:07 -0700 Mail-Followup-To: Morgan Willcock , emacs-devel@gnu.org Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:316219 Archived-At: * Jean Louis [2024-02-12 23:19]: > * Morgan Willcock [2024-02-08 22:16]: > > I imagine this is potentially leaking your keys by making them visible > > in the system's process information. > > > Recent versions of oathtool can read the key from stdin, so any attempt > > to create a wrapper should probably be using this feature. I use my command here to to go easier with pipes. (defun rcd-command-output-from-input (program input &rest args) "Return output string from PROGRAM with given INPUT string and optional ARGS." (let* ((output (with-temp-buffer (insert input) (apply #'call-process-region nil nil program t '(t nil) nil args) (buffer-string)))) output)) Then I have modified it to read from input: (defcustom rcd-oath-keys () "List of OATH keys." :type '(alist :key-type string) :group 'rcd) (defun rcd-oath () (interactive) (let* ((key (rcd-choose (map-keys rcd-oath-keys) "OATH Service: ")) (program "oathtool") (result (rcd-command-output-from-input program (symbol-name (alist-get key rcd-oath-keys nil nil 'equalp)) "-" "-b" "--totp=sha1")) (result (string-trim result))) (message result) (kill-new result))) But I am not sure if it can be seen in process list this way. What do you think? Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/