I am using pass to manage my passwords, and I also use the [passmenu](https://git.zx2c4.com/password-store/tree/contrib/dmenu/passmenu), a script that uses dmenu to select which password you want to copy to the clipboard.

Now on my Linux machine running Gnome, upon selecting a password from the passmenu a full screen authentication overlay (Pinentry?) appears asking for the master password. Please correct me if this is not pinentry
It looks like this:

On my NetBSD machine however, using only a stand alone WM, I am unable to authenticate pass when launched from passmenu as no pinentry is triggered. When launched from within a terminal however with pass -c github.com for example, you get this:

Essentially passmenu is useless if I cant authenticate it. Therefore my question is, would it be possible to use passmenu to spawn this pinentry program/event in an xterm ?

pfr@sdf.org | https://social.sdf.org/@pfr | https://matrix.to/#/@pfr:bsd.cafe

gnome-keyring and systemd black-magic 😉

EDIT: If you really want this...

$ pkgin search gnome | grep keyring
gnome-keyring-2.32.1nb30  GNOME password and secret manager
gnome-keyring-manager-2.20.0nb49  GNOME password and secret manager
libgnome-keyring-3.12.0nb1  GNOME password and secret manager

Also, you'll need polkit running.

$ doas pkgin install gnome-keyring gnome-keyring-manager
Password:
calculating dependencies...done.

30 packages to install:
  gnome-keyring-2.32.1nb30 gnome-keyring-manager-2.20.0nb49 gtk2+-2.24.32nb16 rarian-0.8.1nb5 libgnomeui-2.24.5nb51 libglade-2.6.4nb35 GConf-3.2.3nb6
  python27-2.7.18nb3 py27-expat-2.7.18 dbus-glib-0.110nb1 ORBit2-2.14.19nb5 popt-1.18 libgnomecanvas-2.30.3nb29 libgnome-keyring-3.12.0nb1 libgnome-2.32.1nb40
  libbonoboui-2.24.5nb2 gnome-vfs-2.24.4nb44 getopt-1.1.6 bash-5.0.18 hal-0.5.14nb24 libcanberra-0.30nb4 libbonobo-2.32.1nb2 libart-2.3.21 libIDL-0.8.14nb5
  libltdl-2.4.6 usbids-20200622 policykit-0.9nb25 pciids-20200222 libvolume_id-0.81.1nb1 hal-info-20091130nb8

0 to refresh, 0 to upgrade, 30 to install
29M to download, 206M to install

proceed ? [Y/n] n

    pin black-magic

    Nay, Sir @pin, it be deep black magic this. Verily I could not have perform'd this feat (or maybe, it would have taken me many a day to accomplish)--but you have solved it in an instant!

      pin
      Well, no, I dont want gnome-keyring installed... 😅

      What I want, is to trigger the existing authentication program (whatever its called) used when running pass -c in a terminal. Although I am not clever enough to figure out how, I would imagine that with some scripting knowledge this should be possible?

      pfr@sdf.org | https://social.sdf.org/@pfr | https://matrix.to/#/@pfr:bsd.cafe

      • pin replied to this.

          pfr You can use a keybinding in your spectrwm.conf to spawn an xterm instance and execute the command 😉

          What about something like xterm -e "command_to_execute"

          • pfr replied to this.
          • pfr likes this.

              pfr But how do you launch passmenu?

              • pfr replied to this.

                  pin

                  program[passmenu]       = ~/.config/spectrwm/./passmenu.sh $dmenu_bottom -fn $bar_font -nb $bar_color -nf $bar_font_color -sb $bar_color_selected -sf $bar_font_color_selected
bind[passmenu]          = MOD+Shift+p

                  Passmenu.sh (same as linked above)

                  #!/usr/bin/env bash

shopt -s nullglob globstar

typeit=0
if [[ $1 == "--type" ]]; then
        typeit=1
        shift
fi

prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )

password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@")

[[ -n $password ]] || exit

if [[ $typeit -eq 0 ]]; then
        pass show -c "$password" 2>/dev/null
else
        pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } |
                xdotool type --clearmodifiers --file -
fi

                  pfr@sdf.org | https://social.sdf.org/@pfr | https://matrix.to/#/@pfr:bsd.cafe

                  • pin replied to this.

                      If pass needs a terminal to take input from, just modify passmenu.sh to run pass via xterm -e program, like @pin suggested.

                      • pfr likes this.

                      pin
                      Hmmm no, I am quite comfortable in spectrwm.

                      I think it is possible, and I am determined to find a way. I just need to learn some scripting languages so I can better understand how things work to make things work.

                      What I think I should aim for, first of all, is to see how pinentry, or in this case pinentry-curses, is called in ~/.gnupg/gpg-agent.conf and then see if it's possible to make it launch in it's own separate terminal. However this might be difficult as pinentry itself seems to detect the current environment and launches the necessary program eg. pinentry-curses pinentry-tty or even pinentry-gtk2, depending on your session.

                      Finding this out leads me to believe that an easier option would be to just set the default to pinentry-gtk2, seeing as I have gtk2 on my system. I don't know what this looks like, but presumably it will spawn a gtk2 window to enter my passphrase. The upside of this is that I could also set WM rules for pinentry-gtk2 such as FLOAT so it opens neatly in the center of the screen. The only downside is this would mean I wouldn't have access to my passwords in a tty session but thats no big deal.

                      pfr@sdf.org | https://social.sdf.org/@pfr | https://matrix.to/#/@pfr:bsd.cafe

                          pfr a) Did you forget to export GPG_TTY=$(tty) in ~/.bashrc (or your preferred shell's startup script) as the gpg-agent(1) man-page says?
                          b) Did you modify the pass show command in passman.sh to run via an xterm -e?

                              pfr Finding this out leads me to believe that an easier option would be to just set the default to pinentry-gtk2, seeing as I have gtk2 on my system. I don't know what this looks like, but presumably it will spawn a gtk2 window to enter my passphrase.

                              Yes. This would get around the whole what-is-the-correct-tty rigmarole. Just symlink /usr/pkg/bin/pinentry-gtk-2 to pinentry.

                                rvp a) Did you forget to export GPG_TTY=$(tty) in ~/.bashrc (or your preferred shell's startup script) as the gpg-agent(1) man-page says?

                                I had no idea I needed to. And would this go in ~/.profile rather than my ~/.shrc
                                EDIT: It works without doing this, however is there any other reason I should do this?

                                pin What about something like xterm -e "command_to_execute"
                                rvp b) Did you modify the pass show command in passman.sh to run via an xterm -e?

                                That did the trick. Thank you. This is why I am keen to learn shell scripting, so I am able to spot these simple things myself. Cheers @pin @rvp it now works perfectly.

                                My OCD would love for it to open as a floating/centred window rather than open in the stack. But that's purely an aesthetic choice. It works so I'm happy.
                                EDIT: but while I'm here, I may as well ask. Is it possible to launch an xterm and actually specify a custom WM_CLASS(STRING) ?

                                pfr@sdf.org | https://social.sdf.org/@pfr | https://matrix.to/#/@pfr:bsd.cafe

                                        pfr Is it possible to launch an xterm and actually specify a custom WM_CLASS(STRING) ?

                                        Yes, but it will affect all launched instances.
                                        You could also use a quirk and make it float at a given geometry but, then all your xterm instances will be floating.

                                        A work around would be to use another terminal, i.e. define a quirk for a terminal other than xterm and use it just for this specific task.

                                            pfr While it opens xterm/pinentry, it does not copy the password to the clipboard..

                                            The xterm -e "command" should include the entire command line--pipes and all. Better, here, to create a separate shell script with the pass ... | xdotool ... in it and run that instead with xterm -e myscript.sh

                                            • pfr replied to this.
                                            • pfr likes this.