mirror of https://github.com/octoleo/Purse.git
73 lines
2.6 KiB
Markdown
73 lines
2.6 KiB
Markdown
# Purse
|
|
|
|
![screencast gif](https://user-images.githubusercontent.com/12475110/40880505-3834ce1c-6667-11e8-89d0-6961886842c6.gif)
|
|
|
|
Purse is a fork of [drduh/pwd.sh](https://github.com/drduh/pwd.sh).
|
|
|
|
Both programs are shell scripts which use [GPG](https://www.gnupg.org/) to manage passwords in an encrypted text file. Purse uses asymmetric (public-key) encryption, while pwd.sh uses symmetric (password) encryption.
|
|
|
|
While both are reasonably secure by using a trusted crypto implementation (GPG) and safe handling of password input, Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt the password safe to stdout.
|
|
|
|
By using GPG keys and a hardware token like YubiKey, the risk of master password phishing or keylogging is eliminated; only physical possession of the hardware token AND knowledge of the PIN can unlock the password safe.
|
|
|
|
# Installation
|
|
|
|
This script requires an existing GPG key and is intended to be used with a YubiKey or similar hardware token for storing the private key. See [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) for instructions on setting one up.
|
|
|
|
To install the script:
|
|
|
|
```console
|
|
$ git clone https://github.com/drduh/Purse
|
|
```
|
|
|
|
Then modify it to use the preferred GPG key ID.
|
|
|
|
# Use
|
|
|
|
`cd Purse` and run the script interactively using `./purse.sh`
|
|
|
|
* Type `w` to write a password.
|
|
* Type `r` to read a password.
|
|
* Type `d` to delete a password.
|
|
* Type `h` to print the help text.
|
|
|
|
Examples:
|
|
|
|
Create 30-character password for `gmail`:
|
|
|
|
```console
|
|
$ ./purse.sh w gmail 30
|
|
```
|
|
|
|
Append `q` to create a password without displaying it.
|
|
|
|
Read password for `user@github`:
|
|
|
|
```console
|
|
$ ./purse.sh r user@github
|
|
```
|
|
|
|
Delete password for `reddit`:
|
|
|
|
```console
|
|
$ ./purse.sh d reddit
|
|
```
|
|
|
|
Copy password for `github` to clipboard (substitute `pbcopy` on macOS):
|
|
|
|
```console
|
|
$ ./purse.sh r github | cut -f 1 -d ' ' | awk 'NR==4{print $1}' | xclip
|
|
```
|
|
|
|
This script and encrypted `purse.enc` file can be publicly shared between trusted computers. For additional privacy, the recipient key ID is **not** included in GPG metadata.
|
|
|
|
See [drduh/config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GPG options.
|
|
|
|
# Similar software
|
|
|
|
* [drduh/pwd.sh](https://github.com/drduh/pwd.sh)
|
|
* [bndw/pick: command-line password manager for macOS and Linux](https://github.com/bndw/pick)
|
|
* [Pass: the standard unix password manager](https://www.passwordstore.org/)
|
|
* [anders/pwgen: generate passwords using OS X Security framework](https://github.com/anders/pwgen)
|
|
* [caodonnell/passman.sh: a pwd.sh fork](https://github.com/caodonnell/passman.sh)
|