Purse/README.md

# Purse

Purse is a fork of [drduh/pwd.sh](https://github.com/drduh/pwd.sh).

Both programs are Bash shell scripts which use [GnuPG](https://www.gnupg.org/) to manage passwords and other secrets in encrypted text files. Purse is based on asymmetric (public-key) authentication, while pwd.sh is based on symmetric (password-based) authentication.

While both scripts use a trusted crypto implementation (GnuPG) and safely handle passwords (never saving plaintext to disk), Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt a password to clipboard.

By using Purse with YubiKey, the risk of master password theft or keylogging is eliminated - only physical possession of the Yubikey AND knowledge of the PIN can unlock the encrypted index and password files.

# Release notes

See [Releases](https://github.com/drduh/Purse/releases)

# Use

This script requires a GnuPG identity - see [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) to set one up. Multiple identities stored on several YubiKeys are recommended for improved durability and reliability.

Clone the repository:

```console
git clone https://github.com/drduh/Purse
```

Or download the script directly:

```console
wget https://github.com/drduh/Purse/blob/master/purse.sh
```

(Version 2b and older) Set the GnuPG key ID with `export PURSE_KEYID=0xFF3E7D88647EBCDB` or by editing `purse.sh`

Run the script interactively using `./purse.sh` or symlink to a directory in `PATH`:

* Type `w` to write a password
* Type `r` to read a password
* Type `l` to list passwords
* Type `b` to create an archive for backup
* Type `h` to print the help text

Options can also be passed on the command line.

Example usage:

Create a 20-character password for `userName`:

```console
./purse.sh w userName 20
```

Read password for `userName`:

```console
./purse.sh r userName
```

Passwords are stored with a timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password:

```console
./purse.sh l

./purse.sh r userName@1574723600
```

Create an archive for backup:

```console
./purse.sh b
```

Restore an archive from backup:

```console
tar xvf purse*tar
```

**Note** For additional privacy, the recipient key ID is **not** included in metadata (`throw-keyids` option).

The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script.

See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional configuration options.
Purse README 2018-06-02 20:31:01 +00:00			`# Purse`
Add README 2015-07-02 02:11:49 +00:00
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			`Purse is a fork of [drduh/pwd.sh](https://github.com/drduh/pwd.sh).`
Purse README 2018-06-02 20:31:01 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`Both programs are Bash shell scripts which use [GnuPG](https://www.gnupg.org/) to manage passwords and other secrets in encrypted text files. Purse is based on asymmetric (public-key) authentication, while pwd.sh is based on symmetric (password-based) authentication.`
Purse README 2018-06-02 20:31:01 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`While both scripts use a trusted crypto implementation (GnuPG) and safely handle passwords (never saving plaintext to disk), Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt a password to clipboard.`
Purse README 2018-06-02 20:31:01 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			`By using Purse with YubiKey, the risk of master password theft or keylogging is eliminated - only physical possession of the Yubikey AND knowledge of the PIN can unlock the encrypted index and password files.`
Add README 2015-07-02 02:11:49 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			`# Release notes`
Add README 2015-07-02 02:11:49 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`See [Releases](https://github.com/drduh/Purse/releases)`
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`# Use`
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`This script requires a GnuPG identity - see [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) to set one up. Multiple identities stored on several YubiKeys are recommended for improved durability and reliability.`
Use keygroup, make encrypted index optional 2020-05-25 21:22:21 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`Clone the repository:`
Use keygroup, make encrypted index optional 2020-05-25 21:22:21 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			```console
			`git clone https://github.com/drduh/Purse`
			```
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`Or download the script directly:`
Purse README 2018-06-02 20:31:01 +00:00
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```console
Version 3 beta 2024-03-10 21:59:33 +00:00			`wget https://github.com/drduh/Purse/blob/master/purse.sh`
Purse README 2018-06-02 20:31:01 +00:00			```

Version 3 beta 2024-03-10 21:59:33 +00:00			(Version 2b and older) Set the GnuPG key ID with `export PURSE_KEYID=0xFF3E7D88647EBCDB` or by editing `purse.sh`
Smaller screencast 2015-07-03 04:52:34 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			Run the script interactively using `./purse.sh` or symlink to a directory in `PATH`:
Add README 2015-07-02 02:11:49 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			* Type `w` to write a password
			* Type `r` to read a password
			* Type `l` to list passwords
			* Type `b` to create an archive for backup
			* Type `h` to print the help text
Update README instructions and zap args variable 2015-07-31 04:14:09 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			`Options can also be passed on the command line.`
Add delete option 2015-07-02 02:31:38 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			`Example usage:`
Update README instructions and zap args variable 2015-07-31 04:14:09 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			Create a 20-character password for `userName`:
Update README instructions and zap args variable 2015-07-31 04:14:09 +00:00
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```console
Version 3 beta 2024-03-10 21:59:33 +00:00			`./purse.sh w userName 20`
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```
Support password length command line argument when generating and writing passwords 2015-07-31 04:35:35 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			Read password for `userName`:

			```console
Version 3 beta 2024-03-10 21:59:33 +00:00			`./purse.sh r userName`
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			```
Support password length command line argument when generating and writing passwords 2015-07-31 04:35:35 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`Passwords are stored with a timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password:`
Indent by 2 spaces throughout. Add example for copying password to clipboard on OS X. 2015-07-31 04:53:28 +00:00
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```console
Version 3 beta 2024-03-10 21:59:33 +00:00			`./purse.sh l`
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`./purse.sh r userName@1574723600`
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```
Indent by 2 spaces throughout. Add example for copying password to clipboard on OS X. 2015-07-31 04:53:28 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			`Create an archive for backup:`
Initial check-in 2015-07-02 02:03:55 +00:00
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```console
Version 3 beta 2024-03-10 21:59:33 +00:00			`./purse.sh b`
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```
Improve README readability. 2015-10-31 02:25:03 +00:00
Version 2 beta, see release notes in README. 2019-11-28 23:18:48 +00:00			`Restore an archive from backup:`
Improve README readability. 2015-10-31 02:25:03 +00:00
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```console
Version 3 beta 2024-03-10 21:59:33 +00:00			`tar xvf purse*tar`
Set umask, don't hide safe, update documentation and license 2019-01-31 01:50:11 +00:00			```
Improve README readability. 2015-10-31 02:25:03 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			Note For additional privacy, the recipient key ID is not included in metadata (`throw-keyids` option).
Add option to suppress password output. Update README to mention this feature and Alternative projects. 2015-08-05 02:48:09 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script.
Add option to suppress password output. Update README to mention this feature and Alternative projects. 2015-08-05 02:48:09 +00:00
Version 3 beta 2024-03-10 21:59:33 +00:00			`See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional configuration options.`