Purse/README.md

# Purse

![screencast gif](https://user-images.githubusercontent.com/12475110/40880505-3834ce1c-6667-11e8-89d0-6961886842c6.gif)

Purse is a fork of [pwd.sh](https://github.com/drduh/pwd.sh/).

Both programs are shell scripts which use GPG to manage passwords in an encrypted file. Purse uses asymmetric (public-key) encryption, while pwd.sh uses a symmetric (password) scheme.

While both are reasonably secure by using a trusted crypto implementation (GPG) and safe handling of password input, Purse eliminates the need to remember or use a master password to unlock. Just plug in the key, enter the PIN to unlock it, then touch to decrypt Purse passwords.

By using GPG keys and a hardware token like YubiKey, the risk of master password phishing or keylogging is eliminated; only physical possession of the hardware token AND knowledge of its PIN code may unlock private material.

# Installation

This script requires an existing GPG key and is intended to be used with a YubiKey or other hardware token for storing the private key.

See [YubiKey Guide](https://github.com/drduh/YubiKey-Guide/) for instructions on setting one up.

To install the script:

```
git clone https://github.com/drduh/purse
```

Then modify it to use the preferred GPG key ID.

# Use

`cd purse` and run the script interactively using `./purse.sh`

* Type `w` to write a password.

* Type `r` to read a password.

* Type `d` to delete a password.

Options can also be passed on the command line.

Create password with length of 30 characters for `gmail`:

    ./purse.sh w gmail 30

Append `<space>q` to suppress generated password output.

Read password for `user@github`:

    ./purse.sh r user@github

Delete password for `reddit`:

    ./purse.sh d reddit

Copy password for `github` to clipboard on macOS:

    ./purse.sh r github | cut -f 1 -d ' ' | awk 'NR==4{print $1}' | pbcopy

The script and encrypted `.purse` ciphertext file can be publicly shared between computers.

A recommended `~/.gnupg/gpg.conf` configuration file can be found at [drduh/config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf).

# Similar software

[pwd.sh](https://github.com/drduh/pwd.sh/)

[Pass: the standard unix password manager](http://www.passwordstore.org/)

[caodonnell/passman.sh: a pwd.sh fork](https://github.com/caodonnell/passman.sh)

[bndw/pick: a minimal password manager for OS X and Linux](https://github.com/bndw/pick)

[anders/pwgen: generate passwords using OS X Security framework](https://github.com/anders/pwgen)
Purse README 2018-06-02 20:31:01 +00:00			`# Purse`
Add README 2015-07-02 02:11:49 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`![screencast gif](https://user-images.githubusercontent.com/12475110/40880505-3834ce1c-6667-11e8-89d0-6961886842c6.gif)`
Add README 2015-07-02 02:11:49 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`Purse is a fork of [pwd.sh](https://github.com/drduh/pwd.sh/).`

			`Both programs are shell scripts which use GPG to manage passwords in an encrypted file. Purse uses asymmetric (public-key) encryption, while pwd.sh uses a symmetric (password) scheme.`

			`While both are reasonably secure by using a trusted crypto implementation (GPG) and safe handling of password input, Purse eliminates the need to remember or use a master password to unlock. Just plug in the key, enter the PIN to unlock it, then touch to decrypt Purse passwords.`

			`By using GPG keys and a hardware token like YubiKey, the risk of master password phishing or keylogging is eliminated; only physical possession of the hardware token AND knowledge of its PIN code may unlock private material.`
Add README 2015-07-02 02:11:49 +00:00
			`# Installation`

Purse README 2018-06-02 20:31:01 +00:00			`This script requires an existing GPG key and is intended to be used with a YubiKey or other hardware token for storing the private key.`

			`See [YubiKey Guide](https://github.com/drduh/YubiKey-Guide/) for instructions on setting one up.`
Smaller screencast 2015-07-03 04:52:34 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`To install the script:`

			```
			`git clone https://github.com/drduh/purse`
			```

			`Then modify it to use the preferred GPG key ID.`
Smaller screencast 2015-07-03 04:52:34 +00:00
Add README 2015-07-02 02:11:49 +00:00			`# Use`

Purse README 2018-06-02 20:31:01 +00:00			`cd purse` and run the script interactively using `./purse.sh`
Update README instructions and zap args variable 2015-07-31 04:14:09 +00:00
Purse README 2018-06-02 20:31:01 +00:00			* Type `w` to write a password.
Add README 2015-07-02 02:11:49 +00:00
Purse README 2018-06-02 20:31:01 +00:00			* Type `r` to read a password.
Add README 2015-07-02 02:11:49 +00:00
Purse README 2018-06-02 20:31:01 +00:00			* Type `d` to delete a password.
Add delete option 2015-07-02 02:31:38 +00:00
Improve README readability. 2015-10-31 02:25:03 +00:00			`Options can also be passed on the command line.`
Update README instructions and zap args variable 2015-07-31 04:14:09 +00:00
Purse README 2018-06-02 20:31:01 +00:00			Create password with length of 30 characters for `gmail`:
Update README instructions and zap args variable 2015-07-31 04:14:09 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`./purse.sh w gmail 30`
Support password length command line argument when generating and writing passwords 2015-07-31 04:35:35 +00:00
Improve README readability. 2015-10-31 02:25:03 +00:00			Append `<space>q` to suppress generated password output.
Support password length command line argument when generating and writing passwords 2015-07-31 04:35:35 +00:00
Purse README 2018-06-02 20:31:01 +00:00			Read password for `user@github`:
Indent by 2 spaces throughout. Add example for copying password to clipboard on OS X. 2015-07-31 04:53:28 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`./purse.sh r user@github`
Indent by 2 spaces throughout. Add example for copying password to clipboard on OS X. 2015-07-31 04:53:28 +00:00
Purse README 2018-06-02 20:31:01 +00:00			Delete password for `reddit`:
Initial check-in 2015-07-02 02:03:55 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`./purse.sh d reddit`
Improve README readability. 2015-10-31 02:25:03 +00:00
Purse README 2018-06-02 20:31:01 +00:00			Copy password for `github` to clipboard on macOS:
Improve README readability. 2015-10-31 02:25:03 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`./purse.sh r github \| cut -f 1 -d ' ' \| awk 'NR==4{print $1}' \| pbcopy`
Improve README readability. 2015-10-31 02:25:03 +00:00
Purse README 2018-06-02 20:31:01 +00:00			The script and encrypted `.purse` ciphertext file can be publicly shared between computers.
Improve README readability. 2015-10-31 02:25:03 +00:00
Remove redundant gpg.conf 2016-05-15 23:44:23 +00:00			A recommended `~/.gnupg/gpg.conf` configuration file can be found at [drduh/config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf).
Add option to suppress password output. Update README to mention this feature and Alternative projects. 2015-08-05 02:48:09 +00:00
Mention new fork. Close #26. 2015-09-21 23:23:13 +00:00			`# Similar software`
Add option to suppress password output. Update README to mention this feature and Alternative projects. 2015-08-05 02:48:09 +00:00
Purse README 2018-06-02 20:31:01 +00:00			`[pwd.sh](https://github.com/drduh/pwd.sh/)`

Add option to suppress password output. Update README to mention this feature and Alternative projects. 2015-08-05 02:48:09 +00:00			`[Pass: the standard unix password manager](http://www.passwordstore.org/)`

Mention new fork. Close #26. 2015-09-21 23:23:13 +00:00			`[caodonnell/passman.sh: a pwd.sh fork](https://github.com/caodonnell/passman.sh)`

Update README grammar & brevity, mention bndw/pick 2016-02-14 21:32:57 +00:00			`[bndw/pick: a minimal password manager for OS X and Linux](https://github.com/bndw/pick)`

Mention new fork. Close #26. 2015-09-21 23:23:13 +00:00			`[anders/pwgen: generate passwords using OS X Security framework](https://github.com/anders/pwgen)`