Purse GPG asymmetric (YubiKey) password manager开源项目

我要开发同款
匿名用户2021年11月09日
33阅读
开发技术SHELL
所属分类终端/远程登录、应用工具
授权协议MIT License

作品详情

Purse

Purseisaforkofdrduh/pwd.sh.

BothprogramsareBashshellscriptswhichuseGPGtomanagepasswordsandothersecretsinencryptedtextfiles.Purseusesasymmetric(public-key)authentication,whilepwd.shusessymmetric(password-based)authentication.

Whilebothscriptsuseatrustedcryptoimplementation(GPG)andsafelyhandlepasswords(neversavingplaintexttodisk),Purseeliminatestheneedtorememberanduseamasterpassword-justpluginaYubiKey,enterthePIN,thentouchittodecryptapasswordtoclipboard.

ByusingPursewithYubiKey,theriskofmasterpasswordtheftorkeyloggingiseliminated-onlyphysicalpossessionoftheYubikeyANDknowledgeofthePINcanunlocktheencryptedindexandpasswordfiles.

ReleasenotesVersion2b1(2020)

Minorupdatetothesecondrelease.Currentlyinbetatesting.CompatibleonLinux,OpenBSD,macOS.

Changelist:

PursenowusesaGPGkeygrouptoencryptsecretstomultiplerecipientsforimprovedreliability.TheprogramwillpromptforkeyIDstodefinethekeygroup;asinglekeyIDcanstillbeused.Encryptedindexisnowoptionalandoffbydefault,allowingasingletouchtoencryptanddecryptsecretsinsteadoftwo.GPGconfigurationfileisnowincludedinPursebackuparchives.Version2b(2019)

Thesecondreleaseofpurse.shfeaturesseveralsecurityandreliabilityimprovements,andisanoptionalupgrade.Currentlyinbetatesting.CompatibleonLinux,OpenBSD,macOS.

Knownissues:

ReadactionsnowrequiretwoYubikeytouches,iftouchtodecryptisenabled-oncefortheindexandtwicefortheencryptedpasswordfile.

Changelist:

Passwordsarenowencryptedasindividualfiles,ratherthanallencryptedasasingleflatfile.Individualpasswordfilenamesarerandom,mappedtousernamesinanencryptedindexfile.Indexandpasswordfilesarenow"immutable"usingchmodwhilepurse.shisnotrunning.Readpasswordsarenowcopiedtoclipboardandclearedafteratimeout,insteadofprintedtostdout.Useprintfinsteadofechoforimprovedportability.Newoption:listpasswordsintheindex.Newoption:createtararchiveforbackup.Removedoption:deletepassword;theindexisnowapermanentledger.Removedoption:readallpasswords;nousecaseforhavingasinglecommand.Removedoption:suppressgeneratedpasswordoutput;shouldbereadfromsafetoverifysave.Version1(2018)

TheoriginalreleasewhichhasbeenavailableforgeneraluseandreviewsinceJune2018(forkedfrompwd.shwhichdatesto2015).Therearenoknownbugsnorsecurityvulnerabilitiesidentifiedinthisstableversionofpurse.sh.CompatibleonLinux,OpenBSD,macOS.

Use

ThisscriptrequiresaGPGidentity-seedrduh/YubiKey-Guidetosetoneup.MultipleidentitiesstoredonseveralYubiKeysarerecommendedforreliability.

$gitclonehttps://github.com/drduh/Purse

(Version2bandolder)SetyourGPGkeyIDwithexportPURSE_KEYID=0xFF3E7D88647EBCDBorbyeditingpurse.sh.

cdpurse.shandrunthescriptinteractivelyusing./purse.shorsymlinktoadirectoryinPATH:

TypewtowriteapasswordTypertoreadapasswordTypeltolistpasswordsTypebtocreateanarchiveforbackupTypehtoprintthehelptext

Optionscanalsobepassedonthecommandline.

Exampleusage:

Createa30-characterpasswordforuserName:

$./purse.shwuserName30

ReadpasswordforuserName:

$./purse.shruserName

Passwordsarestoredwithatimestampforrevisioncontrol.Themostrecentversioniscopiedtoclipboardonread.Tolistallpasswordsorreadapreviousversionofapassword:

$./purse.shl$./purse.shruserName@1574723600

Createanarchiveforbackup:

$./purse.shb

Restoreanarchivefrombackup:

$tarxvfpurse*tar

Thebackupcontainsonlyencryptedpasswordsandcanbepubliclysharedforuseontrustedcomputers.Foradditionalprivacy,therecipientkeyIDisnotincludedinGPGmetadata(throw-keyidsoption).Thepasswordindexfilecanalsobeencryptedbychangingtheencrypt_indexvariabletotrueinthescript.

Seedrduh/config/gpg.confforadditionalGPGconfigurationoptions.

Similarsoftwaredrduh/pwd.shzx2c4/password-storecaodonnell/passman.sh:apwd.shforkbndw/pick:command-linepasswordmanagerformacOSandLinuxanders/pwgen:generatepasswordsusingOSXSecurityframework
声明:本文仅代表作者观点,不代表本站立场。如果侵犯到您的合法权益,请联系我们删除侵权资源!如果遇到资源链接失效,请您通过评论或工单的方式通知管理员。未经允许,不得转载,本站所有资源文章禁止商业使用运营!
下载安装【程序员客栈】APP
实时对接需求、及时收发消息、丰富的开放项目需求、随时随地查看项目状态

评论