2.6 KiB
Purse
Purse is a fork of drduh/pwd.sh.
Both programs are shell scripts which use GPG to manage passwords in an encrypted text file. Purse uses asymmetric (public-key) encryption, while pwd.sh uses symmetric (password) encryption.
While both are reasonably secure by using a trusted crypto implementation (GPG) and safe handling of password input, Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt the password safe to stdout.
By using GPG keys and a hardware token like YubiKey, the risk of master password phishing or keylogging is eliminated; only physical possession of the hardware token AND knowledge of the PIN can unlock the password safe.
Installation
This script requires an existing GPG key and is intended to be used with a YubiKey or similar hardware token for storing the private key. See drduh/YubiKey-Guide for instructions on setting one up.
To install the script:
$ git clone https://github.com/drduh/Purse
Then modify it to use the preferred GPG key ID.
Use
cd Purse and run the script interactively using ./purse.sh
- Type
wto write a password. - Type
rto read a password. - Type
dto delete a password. - Type
hto print the help text.
Examples:
Create 30-character password for gmail:
$ ./purse.sh w gmail 30
Append q to create a password without displaying it.
Read password for user@github:
$ ./purse.sh r user@github
Delete password for reddit:
$ ./purse.sh d reddit
Copy password for github to clipboard (substitute pbcopy on macOS):
$ ./purse.sh r github | cut -f 1 -d ' ' | awk 'NR==4{print $1}' | xclip
This script and encrypted purse.enc file can be publicly shared between trusted computers. For additional privacy, the recipient key ID is not included in GPG metadata.
See drduh/config/gpg.conf for additional GPG options.