README
¶
PWSafe
Cross Platform simple and secure password management from commandline.
Since the Password Safe file format is open-source and widely used, there are also compatible clients for many platforms.
You can choose to store all your passwords in a single encrypted master password database, or use multiple databases to further organize your passwords (work and home, for example).
Create a new password store (init)
| => pwsafe init -file test.dat
Secret phrase: *****
Secret phrase again: *****
👍 password store 'test.dat' successfully created
Add a new account info (push)
| => pwsafe push -file test.dat -url http://www.mysecretsite.com -user pinco.pallo@gmail.com -pass abbraadabbra "My Cool Site"
Secret phrase: *****
👍 record successfully pushed to store 'test.dat'
Show a summary of all records (list)
| => pwsafe list -file test.dat
Secret phrase: *****
/Users/lucasepe/Temp/test.dat
My Cool Site pinco.pallo@gmail.com http://www.mysecretsite.com
Edit / Update a record (push)
| => pwsafe push -file test.dat -category Bank "My Cool Site"
Secret phrase: *****
👍 record successfully pushed to store 'test.dat'
Fetch a specific field content (pull)
| => pwsafe pull -file test.dat "my cool site"
Secret phrase: *****
abbraadabbra
- by default `field=pass``
You can specify a field name
| => pwsafe pull -field url upwork
Secret phrase:
https://www.upwork.com
Copy a specific field value to clipboard (clip)
Useful if you want to grab the password without showing the record content.
| => pwsafe clip -file test.dat "my cool site"
Secret phrase: *****
👍 check your clipboard for the content of the field 'pass'
- by default the password value is copied to clipboard (
-pass)- you can also specify
-urlor-user.
- you can also specify
Remove a record (remove)
| => pwsafe remove "my cool site"
Secret phrase: *****
👍 record successfully removed from store '/Users/lucasepe/Temp/test.dat'
How to avoid typing the secret phrase each time
Caution: use this method only if you are sure the you are the only one accessing to your computer!
Given PWSAFE_HOME=$HOME/.pwsafe as the pwsafe home folder.
The default database will reside in this folder named as vault.dat.
If you are tired to type each time the secret phrase, follow those steps:
Goto the $PWSAFE_HOME folder
cd $PWSAFE_HOME
Generate a private RSA key
Save it in a file called vault-pri.pem:
$ openssl genrsa -out vault-pri.pem 1024
Export the public key
Save it in a file called vault-pub.pem:
$ openssl rsa -in vault-pri.pem -pubout -out vault-pub.pem
Encrypt your secret phrase (base64 encode it)
Save it in a file called vault.key:
$ echo 'abbracadabbra!' | openssl rsautl -encrypt -inkey vault-pub.pem -pubin | base64 > vault.key
That's all!
Now you can access to data in your default database (vault.dat) without typing the secret phrase.
If you wants to enable the secret phrase typing again, simply remove the following files:
vault.key,vault-pri.key,vault-pub.key
Credits
PWSafe database file encryption/decryption derived from the original work of https://github.com/tkuhlman/gopwsafe
Documentation
¶
Index ¶
- func WritePWSafeFile(db DB, path string) error
- type DB
- type Record
- type V3
- func (db *V3) Decrypt(reader io.Reader, passwd string) (int, error)
- func (db *V3) DeleteRecord(title string)
- func (db *V3) Encrypt(writer io.Writer) (int, error)
- func (db *V3) Equal(other DB) (bool, error)
- func (db *V3) GetName() string
- func (db V3) GetRecord(title string) (Record, bool)
- func (db V3) Groups() []string
- func (db *V3) Identical(other DB) (bool, error)
- func (db V3) List() []string
- func (db V3) ListByGroup(group string) []string
- func (db V3) NeedsSave() bool
- func (db *V3) SetPassword(pw string) error
- func (db *V3) SetRecord(record Record)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WritePWSafeFile ¶
WritePWSafeFile Writes a pwsafe.DB to disk, using either the specified path or the LastSavedPath
Types ¶
type DB ¶
type DB interface {
Encrypt(io.Writer) (int, error)
Equal(DB) (bool, error)
Decrypt(io.Reader, string) (int, error)
GetName() string
GetRecord(string) (Record, bool)
Groups() []string
Identical(DB) (bool, error)
List() []string
ListByGroup(string) []string
NeedsSave() bool
SetPassword(string) error
SetRecord(Record)
DeleteRecord(string)
}
DB The interface representing the core functionality available for any password database
type Record ¶
type Record struct {
AccessTime time.Time `field:"09"`
Autotype string `field:"0e"`
CreateTime time.Time `field:"07"`
DoubleClickAction [2]byte `field:"13"`
Email string `field:"14"`
Group string `field:"02"`
ModTime time.Time `field:"0c"`
Notes string `field:"05"`
Password string `field:"06"`
PasswordExpiry time.Time `field:"0a"`
PasswordExpiryInterval [4]byte `field:"11"`
PasswordHistory string `field:"0f"`
PasswordModTime string `field:"08"`
PasswordPolicy string `field:"10"`
PasswordPolicyName string `field:"18"`
ProtectedEntry byte `field:"15"`
OwnSymbols string `field:"16"`
RunCommand string `field:"12"`
ShiftDoubleClickAction [2]byte `field:"17"`
Title string `field:"03"`
Username string `field:"04"`
URL string `field:"0d"`
UUID [16]byte `field:"01"`
}
Record The primary type for password DB entries
type V3 ¶
type V3 struct {
CBCIV [16]byte //Random initial value for CBC
Description string `field:"0a"`
EmptyGroups []string `field:"11"`
EncryptionKey [32]byte
Filters string `field:"0b"`
HMAC [32]byte //32bytes keyed-hash MAC with SHA-256 as the hash function.
HMACKey [32]byte
Iter uint32 //the number of iterations on the hash function to create the stretched key
LastMod time.Time
LastSave time.Time `field:"04"`
LastSaveBy []byte `field:"06"`
LastSaveHost []byte `field:"08"`
LastSavePath string
LastSaveUser []byte `field:"07"`
LastMasterChange time.Time `field:"13"`
Name string `field:"09"`
PasswordPolicy string `field:"10"`
Preferences string `field:"02"`
Records map[string]Record //the key is the record title
RecentyUsed string `field:"0f"`
Salt [32]byte
StretchedKey [sha256.Size]byte
Tree string `field:"03"`
UUID [16]byte `field:"01"`
Version [2]byte `field:"00"`
}
V3 The type representing a password safe v3 database
func (*V3) Decrypt ¶
Decrypt Decrypts the data in the reader using the given password and populates the information into the db
func (*V3) DeleteRecord ¶
DeleteRecord Removes a record from the db
func (*V3) Encrypt ¶
Encrypt Encrypt the data in the db building it up in memory then writing to the writer, returns bytesWritten, error
func (*V3) Equal ¶
Equal returns true if the two dbs have the same data but not necessarily the same keys nor same LastSave time
func (V3) GetRecord ¶
GetRecord Returns a record from the db with the title matching the given String
func (V3) Groups ¶
Groups Returns an slice of strings which match all groups used by records in the DB
func (*V3) Identical ¶
Identical returns true if the two dbs have the same fields including the cryptographic keys note this doesn't check times and uuid's of the records
func (V3) ListByGroup ¶
ListByGroup Returns the list of record titles that have the given group.
func (*V3) SetPassword ¶
SetPassword Sets the password that will be used to encrypt the file on next save
Source Files
Directories