Linux: Importing Keys from OpenKeychain (and Elsewhere) into GnuPG

Every now and again, I have to transfer my GPG keys to a new machine and I always forget how to do it. So, I figured I’d write a few notes to remember in the future.

Key detail: when you do a full back-up, it will export a file in the format: backup-YYYY-MM-DD.sec.pgp. You will also be given a password in the form of XXXX-XXXX-XXXX-XXXX-XXXX-XXXX. The password is a series of uppercase letters and numbers. So, at a command prompt in Linux, type:

$ gpg2 --decrypt backup_YYYY-MM-DD.sec.pgp | gpg2 --import

When you are prompted for the initial password, make sure to use the one in the format above and include the dashes. After, you will be prompted for the private key password(s) that have been backed up in order to import them.

I did cover this in my post on mutt, but I didn’t think to look there this time. So, I figure it deserves its own entry.

Accessing a Locked Android Phone Not Displaying A Keyboard

I use AnySoftKeyboard as my keyboard of choice on Android. It’s great, except when my SD Card becomes corrupted. When that happens, AnySoftKeyboard no longer works. If my device is locked at the time, there doesn’t appear to be a way to type in my password to unlock the device.

There is a solution to this problem, if you have enabled Developer options and USB debugging on the device. Boot into recovery (Volume Up, Home & Power, all at the same time). Start adb on the device. Connect it to your computer with adb and reboot. Then from a command prompt on the computer, type in the following:

$ adb shell input text password && adb shell input keyevent 66

This will basically work just like the displayed keyboard on your device. keyevent 66 is the equivalent of Enter. Then, you can reformat your SDCard in Settings. Then, reboot the device and you will be good to go.

Installing Citrix Workplace on Ubuntu Linux

Installation

$ cd Downloads
$ sudo dpkg -i Citrix-Workspace.deb

Installing a CA Certificate

The pre-installed certificates might work for you. If you get errors when trying to use Citrix, then you’ll likely need to install a CA certificate.

  • Go to the VPN website you use Citrix for.
  • Click on the lock in front of the url
  • Click on certificate (Chrome) or Connection Secure (Firefox)
  • Note the authority under Issued By (Chrome) or Verified By (Firefox)
  • For example, the certification authority might be: DigiCert TLS RSA SHA256 2020 CA1
  • Search for DigiCert TLS RSA SHA256 2020 CA1 in your favorite search engine.
  • Select the official site that allows you to download the relevant certificates.
  • Download both the PEM and the CRT files.
  • Do the following:
$ sudo cp ~/Downloads/DigiCertTLSRSASHA2562020CA1-1.pem /opt/Citrix/ICAClient/keystore/cacerts
$ sudo chmod 644 /opt/Citrix/ICAClient/keystore/cacerts/DigiCertTLSRSASHA2562020CA1-1.pem
$ sudo /opt/Citrix/ICAClient/util/ctx_rehash

Note: The instructions on the Citrix website seem to be incorrect. It tells you to cp the pem file with a crt extention, even though every other file in the directory is a PEM file. The above copies to the default Citrix directory on Ubuntu, changes the file permissions to -rw-r–r–, and rehashes the new certificate so Citrix can use it.

X.509 Certificate for Chrome or Firefox Browsers

I’m not sure if this is strictly necessary, but it might also be helpful to import the X.509 certificate into Chrome or Firefox. For Chrome (Firefox is similar), do the following:

  • Go to the three dots (hamburger)
  • Select Chrome settings
  • Search for: certificate
  • Click on Security
  • Click on Manage Certificates
  • Click on Authorities
  • Click on Import
  • Select ~/Downloads/DigiCertTLSRSASHA2562020CA1-1.crt
  • Select all three options.

bash: TOTP From the Terminal With oathtool

TOTP is Time-based One Time Password. Most people use applications on their phone for TOTP, such as andOTP, Google Authenticator, and related apps. But, as we move from using a phone as a second factor for what we are doing on a computer to a phone being the primary way we interact with the Internet, it makes sense to make the computer the second factor. This is the idea behind this script. It is based on analyth’s script, except I stripped out the I/O.

#!/bin/bash

# Assign variables
google=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
wordpress=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
amazon=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)

# Print variables
echo "google: ${google} | wordpress: ${wordpress} | amazon: ${amazon}"

This will print:

google: 123456 | wordpress: 123456 | amazon: 123456

However, I didn’t like the idea of my one time password codes only being protected by normal file protections on a Linux system. I thought it should be encrypted with gpg. So, I saved it to a file in my scripts directory, totp, and encrypted it with my public key. If you don’t have a gpg key pair, instructions are available online.

$ gpg -r your@email.com -e ~/pathto/totp

Then, to run the shell script, do:

$ gpg -d ~/pathto/totp.gpg 2>/dev/null | bash

This will prompt you for your gpg password and then run this script. You likely won’t want to remember this string of commands, so you could make your life easier by adding it as an alias under .bash_aliases

alias totp='gpg -d ~/pathto/totp.gpg 2>/dev/null | bash'

Mutt: Viewing Attachments / HTML via .mailcap and a Custom Fortune as a Signature in Mutt

It’s funny how small, trivial things can lead you to make radical changes in the tools you use. As regular readers of this blog know, I collect sayings that I publish every month. I then compile these sayings into a custom fortune file that displays one saying every time I login to my computer or open a new terminal window/shell process.

I recently learned that I can call this custom fortune file as a signature and have one added automatically to every email I write by adding this line to my .muttrc configuration file.

set signature="fortune /usr/share/games/fortunes/cafebedouin -s|"

This is simply calling the fortune program, specifying the location of the file and the -s flag is telling fortune to find a small quote to add. This is a completely trivial feature, but I love it. It is what provided the motivation to actually get mutt to work as my main email client.

My main problem with mutt has been that I couldn’t figure out how to get it to render HTML emails in a readable format, which makes mutt a poor choice as an everyday email client. Half of the emails I receive are in HTML format. The problem, it turns out, is that my email provider encrypts all my email, so I needed an additional line in .mailcap that processes the pgp/mime format, like so:

text/plain; cat %s; copiousoutput
text/html; mkdir -p /tmp/mutt \; cp %s /tmp/mutt \; firefox /tmp/mutt/$(basename %s) &
text/html; lynx -nonumbers -dump %s; copiousoutput; nametemplate=%s.html 
pgp/mime; lynx -dump %s; copiousoutput; nametemplate=%s.html

This points to something I didn’t understand. .mailcap is basically how you tell mutt to process email attachments, and you simply associate file types with programs on your system. There’s also default behavior, where the text/html with copiousoutput will be used when you hit enter by default and when you go to view the attachment, mutt will call the first relevant line in mailcap, as mentioned here.. The same idea applies to other file types, such as images.

image/*; mkdir -p /tmp/mutt \; cp %s /tmp/mutt \; xdg-open /tmp/mutt/$(basename %s) &

So, once the change above is made, you then need to change this line in .muttrc:

alternative_order text/html text/plain text/enriched text multipart/alternative 
auto_view text/html

# Removes temporary attachment files
folder-hook . `rm -f /tmp/mutt/*`

And now, it works beautifully. I’ve completely stopped using thunderbird, and I only use mutt. And, it has improved my email experience so much. I receive something like 50-100 emails a day, most of them newsletters or promotional material from organizations I signed up to hear more about. But, mutt makes it so easy to navigate and delete email.

Since making the transition, my inbox – which I had always relatively good control over and rarely had more than a day’s worth of email in – is down to a couple of leftover emails per day. I read what I want and delete them. I highly recommend making the transition.

bash: Cryptocurrency Prices From the Linux Terminal

#!/bin/bash
printf -v coin '%s' -1   # crypto.sh bitcoin

price() {
  # A function that pulls cryptocurrency price data from coingecko
    
  curl -X 'GET' 'https://api.coingecko.com/api/v3/simple/price?ids='"$1"'&vs_currencies=usd' \
     -H 'accept: application/json' 2> /dev/null | # sends download data to /dev/null
      
  sed  's/.*usd"://' |   # Removes everything before the price
  sed 's/..$//' |        # Removes back two }}
  sed 's/^/\$/'          # Adds dollar sign to the front, returns
}

bitcoin=$(price bitcoin)
ethereum=$(price ethereum)

# Checks to see if there is a command line variable and prints to console
if [[ -z $1 ]]; then
    echo "bitcoin: ${bitcoin} | ethereum: ${ethereum}"
else
    price=$(price $1) # calls function with command line variable
    echo "${1}: ${price} | bitcoin: ${bitcoin} | ethereum: ${ethereum}"
fi

h/t Techstructive for the basic idea. I simplified their code by cutting out the I/O and putting the coin as a variable when calling the script, e.g. crypto.sh bitcoin, and formatting it by piping it through sed. Have I mentioned how much I love sed?

Edit: Modified this on August 12, 2021 so it is now a function and prints a portfolio of coins. I track two or three, and it was getting annoying to have to do them each individually. All you need to do to modify it for the coins you are interested in is create a new function call:

cardano=$(price cardano)

Then add that to both the if and else print results.

    echo "${1}: ${price} | bitcoin: ${bitcoin} | ethereum: ${ethereum} | cardano: ${cardano}"

bash: Number of Days Between Today and Some Future Date

#!/bin/bash                                                        
                                                                   
printf -v date '%(%Y-%m-%d)T\n' -1                                 
echo $(( ($(date -d $1 +%s) - $(date -d $date +%s)) / 86400 )) days

Above is a bash script to output the number of days between today and some future date. Copy it into a file, e.g., diffdate.sh, into a directory, e.g., ~/bin/scripts. Then, enter the directory you saved it to and type to make it executable:

$ chmod +x diffdate.sh

Then, check your .profile to make sure something like this in it:

# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then                             
  PATH="$HOME/bin:$PATH"
fi                                                                   

Then, run the script.

$ diffdate.sh 2021-06-01
70 days

I have to figure out the difference between today and some future date all the time for forecasting, and today was the day I finally bothered to figure out how to do it from the command line. I have to start thinking of ways to make shell scripts to do this little tasks that I go to the web for.

Fun With Fortune in Linux

Fortune provides a random quote or aphorism every time you open a terminal in Linux. I wanted to have a personalized fortune using zuihitsu quotes posted on this site come up whenever I opened a terminal. If you want to do something similar, here’s the procedure.

To check if you have it installed, simply type fortune into the terminal.

$ fortune 

This either returned a fortune or an error message. If you got an error message, then install fortune using the package manager for your system.

$ sudo apt install fortune-mod

Let’s create our own file of fortunes. I want to use my zuihitsu quotes I have posted on this site. This file is a text file that looks like so:

%
quote 1
%
quote 2
%
quote ...

There is a copy of the file available online.

If you have just a file with lines of quotes, this is easy to get into this format using emacs. Simply type: M-%, followed by c-q c-j Enter then c-q c-j % c-q c-j Enter. I like to check the replacements, so just keep hitting y to do the replacement and move on to the next one if it looks good. Save the file to the appropriate directory, which on Debian systems is /usr/share/games/fortunes, but can vary. For explanation purposes, we are going to assume the file was named zuihitsu with no file extension.

Note: If you are using the file above, just save it as a text file in your directory. Then, copy it to the appropriate system directory without a file extension.

Now, create a .dat file for the file you just made.

$ sudo strfile zuihitsu

Set the same permissions on the new files as the others in the directory. This just makes the files readable to groups and others.

$ sudo chmod o+r zuihitsu
$ sudo chmod g+r zuihitsu
$ sudo chmod o+r zuihitsu.dat
$ sudo chmod g+r zuihitsu.dat

Following the rest of the directory. I added a symbolic link.

$ sudo ln -s zuihitsu zuihitsu.u8

You should be able to test it now.

$ fortune zuihitsu

Assuming that worked. The final thing to do is to have your preferred shell call this when it runs. I use bash, so I added the command above to my bash_aliases file. From then on, it will pull a random quote from the zuihitsu file every time you bring up the terminal.

Bonus

Make a fortune come up automatically every time you login or open a new terminal by adding the following to .bashrc or .bash_aliases:

fortune zuihitsu 

Also, if you use mutt, you can add the following to your .muttrc file to have this fortune file generate a random signature for your emails:

set signature="fortune zuihitsu -s|"

The -s selects shorts quotes and the | pipes it to your email text.

Did you know the original fortune-mod fortune collection is available as a EPUB?

Revisiting the ASUS C201

Two and half years ago, I came across libreboot. I was looking for a linux laptop and came across this bit on the ASUS C201 page:

“This is unlike the other current libreboot laptops (Intel based). In practise, you can (if you do without the video/wifi blobs, and replace ChromeOS with a distribution that respects your freedom) be more free when using one of these laptops.”

ASUS Chromebook C201, libreboot.org. 2017

At the time, I was focused on exploring what it would mean to have the most free laptop available, and it led to the post: “Freedom & Limits: The ASUS C201 with libreboot and Parabola Linux.” The net: the machine did not have a reliable way to be free to the level of passing the requirements of the package of “your-freedom” and still be usable. The main problem is that it didn’t have a functional web browser and updates tended to bork the machine. I managed to get Arch, Parabola and Devuan linux installed on the machine. However, the installations kept breaking for various reasons, maybe half the time due to user error and half because ARM versions of the distributions were problematic for one reason or another.

In July 2019, I tried PrawnOS. It’s a nice distribution of Debian that actually was able to install to the computer’s onboard drive, which I couldn’t figure out how to do with the previous distributions. It provided a working system. Still, it really did not have a web browser that worked, I think it was still using Dillo. So, I left off at this point, happy to have learned something from the exercise.

A few days ago, I tried turning on the C201 again. I found that the distribution wouldn’t update. The documentation at github suggested I should reinstall PrawnOS. Easy enough.

I had already done the work of removing the security screw, upgrading the BIOS to libreboot, and had the machine in developer mode. If you aren’t there yet, then refer to the libreboot documentation and get to the point where it says Debian, Devuan or Parabola. Then, come back here and install PrawnOS instead.

To install PrawnOS, get the most recent release, which is available as a binary for people like me that don’t want to build from source. I tried using the browser Dillo on the C201 machine, but it kept timing out. So, I turned to wget.

$ sudo apt-get install wget
$ wget -c url_to_most_recent_release

Once you have the release, you need to copy it to the SD card. If you aren’t sure, you can always take out the SD card, run lsblk, then put the SD card back in and run lsblk again. The additional blk device is your SD card that you plug into /dev/$SD_CARD below..

$ sudo dd if=PrawnOS-*.img of=/dev/$SD_CARD bs=50M status=progress; sync

Then, you turn off the device, reboot and hit CTRL-U quickly at the menu to boot off the SD card. After booting, it gives you a prompt. Type in root, there is no password. Then, you are given a root prompt. Type:

# InstallPrawnOS

At this point, I was really blown away by how much this has been improved since the last time I have tried installing PrawnOS to this ASUS C201. PrawnOS is a Debian-derivative, with an encrypted partition. I typically do this with every linux install, and it was nice that it was built into the process. It offers sane defaults, such as using xfce4 over gnome, since gnome seems to have problems when used on an ASUS C201 machine. It also gets more pragmatic about freedom. Freedom is useless if it means you aren’t free to do something fundamental to using a computer, like browse the web.

So, PrawnOS includes Firefox-ESR, which the Free Software Foundation doesn’t consider free because it implements digital rights management technology. However, it is essentially required in order to use a computer normally. PrawnOS makes the pragmatic choice.

After I went through the set-up process, I was able to install emacs and add-ons. I did have some trouble updating the machine, whereas xorg threw configuration errors, but nothing that made the machine unusable like I have encountered in the past. I also continue to not be able to use the touchpad. However, for Chrome-level computer use, email, web browsing and so forth, the ASUS C201 seems like it could be a viable machine.