CLI binary signature check

Now that my git credential helper is working with 1P, I started thinking about the differences in the UI...and then I put on my evil hat for a moment. After the work integrating with git, it only took about an 30min to whip up a little evil replacement for op as a proof of concept. I decided again linking to it here.

With the limited interface of a CL utility, I think some kind of code signing is even more critical than with GUI tools.

Now I know that if someone was to replace the op binary on a system you already have a major breach including potential keystroke loggers etc, but the lack of any UI other than terminal prompts makes it especially easy to fake and get a Master Key, without any easy way to have secondary indicators during use.

Note: I did read the thread from 2017 that said it was on your plan, but didn't see anything since then.


1Password Version: 7
Extension Version: Not Provided
OS Version: macOS 10.14
Sync Type: Not Provided

Comments

  • cohixcohix

    Team Member

    @angusl Yes, we are planning to roll out codesigning for all platforms with the eventual 1.0 release, we're sticking with the GPG signatures while still in beta.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file