Thursday, 26 November 2015

Code Kata at the Dojo

At my work, the software architect asked if people were interested in getting together at work of an evening and doing a Kata1.

“Kata2 (型 or 形 literally: "form"), a Japanese word, are the detailed choreographed patterns of movements practised either solo or in pairs. The term form is used for the corresponding concept in non-Japanese martial arts in general.”

Well, I'd never done one of those, so I signed up enthusiastically.

We spent a couple of hours in pairs, (xtreme programming, yay!) to do the Kata. In this case it was regarding Bowling Scores4 5 provided by Uncle Bob8.

It is very interesting, and I decided to spend a little more time in my limited spare time to see what I could come up with. I do notice almost immediately that I always try and capture the domain (in this case, scores, rolls, frames, spares and strikes) into Objects/Classes. It's a challenge to not immediately grab to my standard toolbox. It's also great to get some tests done, before diving into coding.

It is also a challenge to properly read requirements.

I retrieved the git repo from [6] and forked it over in my own github [7] to work on. There's nothing there yet, but that will change once I have something that looks half decent.


[1] Wikipedia - Kata (programming)
[2] Wikipedia - Kata
[3] Wikipedia - Procedural memory
[4] ArticleS. UncleBob. TheBowlingGameKata
[5] CodingDojo - KataBowling
[8] Wikipedia - Robert Cecil Martin

Thursday, 19 November 2015

Linux Commandline Password Manager

Recently I was looking for a good Password Manager, as the number of passwords I need to maintain is growing steadily (I'm sure everyone knows how it is).

The one I found ("pass2 - the standard unix password manager"), the one I am talking about, exemplifies the Unix philosophy0. Which is:
Do One Thing and Do It Well.
Write programs to work together.
Write programs to handle text streams, because that is a universal interface.
The password manager actually basically doesn't do anything itself, but delegates to other parts of the Linux system, namely the filesystem, and GPG for encryption, pwgen for the generation of random passwords, xclip for interfacing with the clipboard and (optionally) Git for version control.

It does mean that you have to setup Gnu Private Guard properly, before you can start using "pass", hence the next chapter.

Gnu Private Guard

“GnuPG1 is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP).”

Creating a key

All keys are stored in .gnupg.
bash-4.3$ gpg2 --full-gen-key
gpg (GnuPG) 2.1.7; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/home/mrbear/.gnupg' created
gpg: new configuration file '/home/mrbear/.gnupg/gpg.conf' created
gpg: WARNING: options in '/home/mrbear/.gnupg/gpg.conf' are not yet active during this run
gpg: keybox '/home/mrbear/.gnupg/pubring.kbx' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 2
I have decided to follow the advice of the website1 and take 2.
DSA keys may be between 1024 and 3072 bits long.
What keysize do you want? (2048)
I take 2048, it seems fairly default.
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) Y

GnuPG needs to construct a user ID to identify your key.

Real name: mrbear
Email address:
Comment: mrbear
You selected this USER-ID:
"mrbear (mrbear) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
And away we go!
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/mrbear/.gnupg/trustdb.gpg: trustdb created
gpg: key 3A4CFDFE marked as ultimately trusted
gpg: directory '/home/mrbear/.gnupg/openpgp-revocs.d' created
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub dsa2048/3A4CFDFE 2015-10-14
Key fingerprint = 7FCC 07FA A6BE 32DE A971 2281 587B D827 3A4C FDFE
uid [ultimate] mrbear (mrbear)
sub elg2048/0B94C819 2015-10-14
So, just to check:
bash-4.3$ gpg2 --list-keys
pub dsa2048/3A4CFDFE 2015-10-14
uid [ultimate] mrbear (mrbear)
sub elg2048/0B94C819 2015-10-14

Password store

Apparently, initialising the store needs to be done with the name of the key generated above.
bash-4.3$ sudo dnf install pass
bash-4.3$ pass init "3A4CFDFE"
mkdir: created directory ‘/home/mrbear/.password-store/’
Password store initialized for 3A4CFDFE
And I wish to use Git, because I'm that kinda guy.
bash-4.3$ pass git init
Initialized empty Git repository in /home/mrbear/.password-store/.git/
[master (root-commit) 77cc085] Add current contents of password store.
1 file changed, 1 insertion(+)
create mode 100644 .gpg-id
[master 6655058] Configure git repository for gpg file diff.
1 file changed, 1 insertion(+)
create mode 100644 .gitattributes

Adding my passwords

For example, my email:
bash-4.3$ pass insert Email/
mkdir: created directory ‘/home/mrbear/.password-store/Email’
Enter password for Email/
Retype password for Email/
[master 40d6094] Add given password for Email/ to store.
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 Email/
Adding parameter --multiline makes it possible to not only add your password but other stuff as well. Handy if the userid/username is not standard my email address.

Showing passwords

bash-4.3$ pass
Password Store
└── Email

Generating passwords

bash-4.3$ pass generate Internet/ 16
mkdir: created directory ‘/home/mrbear/.password-store/Internet’
[master 9b966af] Add generated password for Internet/
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 Internet/
The generated password for Internet/ is:

Showing passwords and copying to clipboard

bash-4.3$ pass -c Email/
Copied Email/ to clipboard. Will clear in 45 seconds.

Getting your stuff back

As basically this awesome password manager stored the passwords as a bunch of GPG2 encrypted files in .password-store, we should be able to decrypt the files directly.

This would work as follows:
bash-4.3$ gpg2 --decrypt .password-store/Email/
gpg: encrypted with 2048-bit ELG key, ID 0B94C819, created 2015-10-14
"mrbear (mrbear) "

Syncing the git

As I wish to manage my passwords from multiple computers, there's a need to sync/merge the git repositories5 from time to time.

First is, of course, the copying of the GPG keys by copying the .gnupg directory.
scp -r .gnupg mrbear@toby:/home/mrbear
From the second machine, from my homedirectory:
git clone ssh://mrbear@sherlock/home/mrbear/.password-store
Cloning into '.password-store'...
After that it is nothing more but a "git pull" or "git push" whenever I need it.


[0] Wikipedia - Unix philosophy
[1] GnuPG
[2] Password store
[3] Linux Crypto: Passwords
[4] StackExchange Unix - I try to add passwords to the pass password managers but my attempts fail
[5] Git - Git Basics Working with Remotes