chrome-pass

Release 0.5.0

Native application for chrome-pass extension

Homepage PyPI JavaScript

Keywords
pass, chrome
License
MIT
Install
pip install chrome-pass==0.5.0

Documentation

Chrome Pass

This repository contains a Chrome extension that integrates the pass password manager with Chrome.

There are two folders in this repository that contain:

  1. extension: This is the chrome extension (javascript) that is added to Chrome or Chromium browser.
  2. application: This is a Chrome Native Application written in python that serves as communication host between the extension and password store.

To use the extension you need to install the extension in your chrome or chromium browser and the python native application (nativePass).

Requirements

  1. Chrome version 107 or newer.
  2. Python 3+.
  3. pip 23.0 or newer
  4. pass cli tool.
  5. pass-otp (optional for TOTP MFA support).
  6. Running gpg-agent
  7. A pinentry program configured.

Quick Installation

These instructions have been tested in Ubuntu 22.04 and later:

Python native pass application install

sudo apt-get install pass python3 python3-pip
pip3 install --user chrome-pass==0.4.0
nativePass install

Chrome extension install

Get the extension from Chrome Web Store.

Password Store

To reduce the code complexity of this extension there are some assumptions regarding how the password store is structured. In order for this extension to be able to list and decrypt your passwords these assumptions must be followed:

Password Store Location

This extension assumes the password store is located inside the .password-store folder inside your home directory:

$HOME/.password-store

In case you have the password store located somewhere else you may try using a symbolic link to work around this limitation.

Password Paths

This plugin assumes that the last two parts of each password path follows this structure:

[Service URL]/[Account]

For example to keep some Gmail and Amazon accounts:

Password Store
├── mail.google.com
│   ├── me@gmailcom 
│   ├── you@gmail.com
│   └── we@gmail.com
└── Amazon
     ├── www.amazon.com
     │   ├── me@gmail.com
     │   └── wife@icloud.com
     └── www.amazon.co.jp
          ├── me@gmail.com
          └── wife@icloud.com

Your paths can have as many parts as you want as long as the last two follow the above structure. And the [Service URL] part must match the URL of the page you are viewing because it is used to select the corresponding password from the store.

TOTP MFA Codes

If the pass file has configured pass-otp, then chrome-pass will generate the TOTP code and fill any numeric text inputs in the form with it.

AWS IAM Accounts

For IAM accounts we need not only the login user and password but also the account 12 digit ID or alias. For these accounts, chrome-pass has some special logic to be able to fill all information in the login page.

Password Store
├── signin.aws.amazon.com
│   ├── my_root@email.com 
│   ├── my_other_root@gmail.com
│   ├── 183413992345
│   ├── 550312930456-username1
│   ├── 550312930456-username2
│   └── accountalias
  1. The [Service URL] must be signin.aws.amazon.com that is the URL for login into the console.
  2. For root accounts the [Account] can be the root account email used for login.
  3. For IAM accounts the [Account] can be anything that uniquely identifies the credentials. For example the account 12-digit ID, or the account alias, or a combination of the account 12-digit ID and the IAM username.
  4. For IAM accounts it is necessary to edit the password GPG file using pass edit and add two key/value pairs: username=[IAM username] and account=[12 digit account id or alias]. When filling AWS login forms, chrome-pass uses these key/value pairs to fill the username and account input fields.

Custom input fields

Using the same feature for IAM accounts, chrome-pass looks for any key/value pairs in the pass gpg files and fills any input field with ID equal to the key with the corresponding value.

Install from source

This is for developers only or people that want to see the source code before trusting their passwords to some extension written by an unknown person.

Inside Chrome open the url chrome://extensions, check the Developer mode and then load the path to the extension folder using the Load unpacked extension button. After the extension is loaded into Chrome take note of the extension ID.

Next we need to install the nativePass wrapper script and install the Native Host Application manifest:

cd application
python3 setup.py install
nativePass install [extension ID]

Usage

  • Open any web page with a login form.
  • Click the pass button in the Chrome tool bar.
  • Click the username you want to fill into the login form from the list.
    • You may type a search term in the search box to filter the list of usernames.
  • The form should be automatically filled with the username and corresponding password.

Troubleshooting

If for some reason the extension is unable to get the list of usernames from your password store the most probable reasons are:

  • The password store is not located on the default path (~/.password-store). If it is not there you may be able to create a symlink so the extension is able to find the passwords.
  • The native host application manifest is in the wrong location. This manifest tells Chrome where to find the native application used to retrieve the passwords and username list. This file is usually located at ~/.config/google-chrome/NativeMessagingHosts folder and MUST be named com.piaotech.chrome.extension.pass.json.
  • The nativePass script has a helper method to generate the native host manifest nativePass install [extension id] so use it to generate the manifest. If you do not give it am [extension id] it will generate the manifest with the id of the extension from the chrome web store.
  • Another possible issue is that the manifest contents does not match your system:
    • Ensure the path contains the absolute path to the location of the nativePass wrapper script.
    • Ensure the allowed_origins contains the URI with the exact extension ID installed in Chrome. To get the extension ID simply browse chrome: //extensions and look for the ID of the chrome-pass extension installed.

Note about python-gnupg

It has been found that the nativePass application is unable to decrypt the gpg passwords with some newer versions of python-gnupg. I can verify that the plugin works without issues when using gnupg module version 0.3.9 found by default in Ubuntu 16.04LTS.

See related issue for details at: Github.

Note about MacOS

If the plugin works when you launch chrome from within a terminal, but does not work when launched from Spotlight or any other launcher, then ensure the PATH environment variable is correctly set by the launcher.

See related issue for details at: Github

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
15
Latest release
First release
Stars
46
Forks
11
Watchers
3
Contributors
4
Repository size
87.9 KB
SourceRank
11

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.5.0
0.4.0
0.3.0
0.2.4
0.2.3
0.2.2
0.2.1
0.1.7
0.1.6
0.1.5
See all 15 releases

Contributors

Horacio Sanson Andrew Tolmie Nate Eagleson Jakob Lundberg


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2024-02-08 13:00:00 UTC

Login to resync this project