[pass] Chrome Extension

[Jason A. Donenfeld]

On Tue, Sep 11, 2012 at 9:07 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On Sat, Sep 8, 2012 at 11:03 PM, Marcus Breese <marcus at breese.com> wrote:
>> So, I'm the guy that was talking about a Chrome extension.
>>
>> I'm not quite sure how to do a lot of the Chrome parts, but it should be pretty straightforward to get the URL of the current tab, then send that to a pass daemon running locally. The gpg password could be kept by Chrome (probably not a good idea), or managed normally with a gpg key agent. Then the daemon could add the decrypted password to the clipboard for a limited amount of time. Ideally, it would return the username/password so that the form could be auto-filled out (similar to the way that LastPass works).
>>
>> The weak link in this is the Chrome-daemon link. Ideally, this should be authenticated and encrypted, even if it is operating on the same machine. The benefit of using a daemon is that it could be a standard interface for multiple browsers, and you wouldn't have to compile a plugin for the browser.
>>
>> Those were my random thoughts. What did you have in mind?
>>
>> --
>> Marcus Breese
>> marcus at breese.com
>>
>
> Replying to this on list, so that others can chime in on the discussion.
>
> Any suggestions for the best architecture of this? Take the
> organization discussion [1] under consideration too.
>
> [1] http://zx2c4.com/projects/password-store/#organization


Hey guys,

Let's revive this discussion.

Where we left off last time was: plugin interface vs tcp listener. Any
further thoughts on the matter?

Any more clever way of giving chrome plugins access to local files in
a safe way?

Jason