| LICENSE.md | ||
| purse.sh | ||
| README.md | ||
Purse
Purse is a fork of drduh/pwd.sh.
Both programs are shell scripts which use GPG to manage passwords in an encrypted text file. Purse uses asymmetric (public-key) authentication, while pwd.sh uses symmetric (password-based) authentication.
While both scripts use a trusted crypto implementation (GPG) and safely handle passwords (never saving plaintext to disk), Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt the password safe to stdout.
By using Purse with YubiKey, the risk of master password phishing and keylogging is eliminated - only physical possession of the key AND knowledge of the PIN can unlock the password safe.
Installation
This script requires a GPG identity - see drduh/YubiKey-Guide to set one up.
To install Purse:
$ git clone https://github.com/drduh/Purse
Edit purse.sh to specify your GPG key ID.
Use
cd Purse and run the script interactively using ./purse.sh
- Type
wto write a password. - Type
rto read a password. - Type
dto delete a password. - Type
hto print the help text.
Examples:
Create 30-character password for gmail:
$ ./purse.sh w gmail 30
Append q to create a password without displaying it.
Read password for user@github:
$ ./purse.sh r user@github
Delete password for reddit:
$ ./purse.sh d reddit
Copy password for github to clipboard (substitute pbcopy on macOS):
$ ./purse.sh r github | cut -f 1 -d ' ' | awk 'NR==4{print $1}' | xclip
This script and encrypted purse.enc file can be publicly shared between trusted computers. For additional privacy, the recipient key ID is not included in GPG metadata.
See drduh/config/gpg.conf for additional GPG options.