[pass] Chrome Extension
Jason A. Donenfeld
Jason at zx2c4.com
Tue Oct 9 12:03:31 CEST 2012
On Tue, Sep 11, 2012 at 9:07 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On Sat, Sep 8, 2012 at 11:03 PM, Marcus Breese <marcus at breese.com> wrote:
>> So, I'm the guy that was talking about a Chrome extension.
>> I'm not quite sure how to do a lot of the Chrome parts, but it should be pretty straightforward to get the URL of the current tab, then send that to a pass daemon running locally. The gpg password could be kept by Chrome (probably not a good idea), or managed normally with a gpg key agent. Then the daemon could add the decrypted password to the clipboard for a limited amount of time. Ideally, it would return the username/password so that the form could be auto-filled out (similar to the way that LastPass works).
>> The weak link in this is the Chrome-daemon link. Ideally, this should be authenticated and encrypted, even if it is operating on the same machine. The benefit of using a daemon is that it could be a standard interface for multiple browsers, and you wouldn't have to compile a plugin for the browser.
>> Those were my random thoughts. What did you have in mind?
>> Marcus Breese
>> marcus at breese.com
> Replying to this on list, so that others can chime in on the discussion.
> Any suggestions for the best architecture of this? Take the
> organization discussion  under consideration too.
>  http://zx2c4.com/projects/password-store/#organization
Let's revive this discussion.
Where we left off last time was: plugin interface vs tcp listener. Any
further thoughts on the matter?
Any more clever way of giving chrome plugins access to local files in
a safe way?
More information about the Password-Store