[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using oathtool in Emacs - was Re: Backticks in Eshell

From: Jean Louis
Subject: Using oathtool in Emacs - was Re: Backticks in Eshell
Date: Thu, 30 Sep 2021 11:45:35 +0300
User-agent: Mutt/2.0.7+183 (3d24855) (2021-05-28)

* Felix E. Klee <> [2021-09-30 10:07]:
> To generate a one time password, I would do in Bash:
>     oathtool -b --totp `gpg -d secret.gpg`
> How do I do the equivalent in Eshell?
> I tried:
>     oathtool -b --totp ${gpg -d secret.gpg}
> But that doesn’t work.  Even the following doesn’t work:
>     echo ${gpg -h}
> I expect GnuPG’s help text, but there’s no output.

I understand what you mean, but personally I don't keep it a secret in
my $HOME directory:

- all of the /home is encrypted, and I decrypt it manually when
  starting a computer. I do not let it to operating system to attempt
  decrypting it and asking me for the password. In general, an
  intruder who gets my computer without my presence (and this did
  happen) does not need to know there is anything encrypted on

- when I decrypt partition, then I have passwords pretty much plain in
  ~/.passwords or in the database (again easily decrypted). Database
  is on encrypted partition too and is started upon decryption of
  $HOME, /tmp and swap partitions must be on randomly encrypted
  partitions. Email is not delivered in /var, it is fetched from
  Internet to $HOME. 

Then I keep the oath-keys in a list:

(defvar oath-keys '(digitalocean "3O1MLC2RYJ5VRDHB" ces 

(defun call-process-to-string (program &optional infile display &rest args)
    (apply #'call-process program infile t display args)

(defun oath ()
  (let* ((key (rcd-choose (map-keys oath-keys) "OATH Service: "))
         (result (call-process-to-string "oathtool" nil nil "-b" "--totp=sha1" 
(plist-get oath-keys (intern "ces"))))
         (result (string-trim result)))
    (message result)
    (kill-new result)))

And I ask interactively for it with M-x oath 

However, the above function does NOT result with same key when I run
it from Emacs and I would like to find out why. Maybe it uses
different time, I cannot know, it still does not work. Somebody can

Otherwise in shell, I keep those few authentications as alias,
straight as following:

alias totp-digitalocean='oathtool -b --totp=sha1 3O1MLC2RYJ5VRDHB'

So I just run the alias and get the authentication key.


Take action in Free Software Foundation campaigns:

In support of Richard M. Stallman

reply via email to

[Prev in Thread] Current Thread [Next in Thread]