An extension that connects the Google Chrome browser and ZX2C4 pass.
I assume that you are familiar with ZX2C4 pass and that you have the necessary skills to follow the instructions below. The development system is Arch Linux, and I use the open-source variant of Google Chrome called Chromium. You need a working Python 2.x installation.
How it works
The extension needs access to the pass database and gpg for decryption. Due to
the outside world. The only way to get things done is through Chrome's Native
Messaging API, which allows an extension to communicate with a single
designated executable that has to be registered beforehand. In passext, a
Python 2 script called
passext-host is used for that. It is located in the
host/ subdirectory along with the required manifest json file.
For more information look at the code, it is rather well-documented.
Installation requires a good deal of manual work at the moment.
- Clone the repository from http://github.com/gustaebel/passext/.
- Create one of the following directories:
$HOME/.config/google-chrome/NativeMessagingHosts: if you use the closed-source Chrome browser.
$HOME/.config/chromium/NativeMessagingHosts: if you use the open-source Chromium browser.
/etc/opt/chrome/native-messaging-hosts: if you want to install
passext-hostsystem-wide (works probably only with closed-source Chrome, but I haven't tested that yet).
$HOME/Library/Application Support/Chromium/NativeMessagingHosts: if you're using Chromium on OSX
- Copy the file
host/de.gustaebel.passext.jsonto the directory you just made.
- Switch on Chrome's developer mode under chrome://extensions.
- Use the
Load unpacked extensionbutton that has just appeared, and point it to the
appdirectory inside the cloned sources that contains the
- Put the ID string that shows up on the third line of the installed
extension's information text in the clipboard, it looks something like
de.gustaebel.passext.json, put the absolute path to the
pathand replace the ID in the
allowed_originswith the ID you have in the clipboard.
The password database
passext expects a particular format of the database entries so that it can match the URLs of webpages to credentials in the password database and can extract all useful information.
- One file per credential.
- A file must consist of the password as the first line, and a minimum of two following lines with key-value pairs that contain the login name and the url.
- Keys are separated from values by a colon.
- The key to use for the login name may be one of
- The key to use for the url may be one of
- Additionally, if there is a key called
patternit is used to match against web page URLs instead of the
urlfield. It is a simple Python
fnmatchpattern similar to the shell globbing syntax.
<password> login: gustaebel pattern: *github.com/* url: https://github.com/gustaebel/
passext is easy to use once it is set up properly. At the right side of the location bar there is a gray P icon. If you click it the passphrase dialog appears that lets you unlock the password database. On success the P icon turns green.
From now on, everytime you visit a page that has an html password input field and for which a set of credentials is found, a green bubble appears beside it that asks you if you want to insert the password into the input field.
Input fields for login names are sometimes hard to detect because they are not standardized the same way as password fields. passext uses a heuristic to find them. If the wrong input field was chosen or if it could not be detected at all, you can use the right-click context menu to insert login name and password into any input field you like to.
It is not planned to add support for managing (adding,changing,removing)
passwords to passext. That's what the
pass programm is for.
passext is licensed under the GPLv2. It contains a copy of jquery.js which is MIT licensed.