____
| _ \ __ _ ___ _ _
| |_) )/ _` |/ __)| | | |
| __/( (_| |\__ \| |_| |
|_| \__,_|(___/ \__, |
(___/
=======================================================================
INTRODUCTION
============
Pasy is an experimental terminal based password manager using
symmetric encryption to securely store credentials and other pair
arranged sensitive information.
It was conceived to decrease the baggage related to the encryption
and decryption requirements, whereby all one has got to carry is
the pasy binary and the data store file. This is achieved by using
a memorizable passphrase as hashing key instead of a private key from
an asymmetric set.
Such approach certainly decreases the hardness of the hash, given
that long generated private keys, as RSA's 2048 bits and above,
have a much higher entropy concentration. However, the comprise is
a trade off in order to achieve the greater 'portability' goal.
The encrypting passphrase will not be stored anywhere, and Pasy has
no way to decrypt the store content without it, what highlights the
importance of choosing a passphrase one will be able to remember.
COMMANDS
========
When invoked with the help flag, the following usage explanation
is displayed:
Usage: pasy [-h|--help|-v|--version] <command> [<args>]
Available commands are:
add insert password
clip copy a password to the clipboard
list list password ids
remove delete a password
rename rename a password id
show show a password
The 'list' command is the only one which doesn't receive an
argument. 'show', 'clip' and 'remove' receive a single argument,
being it the identifier for the password record, commonly referred
to as simply 'id'. 'rename' takes 2 arguments, the old and new
identifiers. And lastly, 'add' takes 2 arguments, the record id
and password.
When adding a record, the record password may be omitted from the
command invocation, whereafter a dialogue will prompt for its input,
in the same manner the encryption passphrase is requested. Such prompt
will not display the typed keys for privacy reasons.
When clipping a password, Pasy will block while the clipboard stores
the credential, exiting after a 5 minutes timeout or when the buffer
is overwritten. This can be stopped by a <ctrl+c> event.
Each command may be further invoked with a help flag for detailed
usage information.
USAGE EXAMPLES
==============
Consuming a password from an environment variable with Pasy:
$ pasy add <record_id> $PASSWORD
Piping the encrypting passphrase, which is useful for scripts:
$ echo -n <encrypting_passphrase> | pasy add <record_id> $PASSWORD
Showing a password:
$ pasy show <record_id>
Listing all recorded passwords:
$ pasy list
BUILDING
========
This project targets Go 1.20 and above. Older versions may work but
are not actively tested. To build, run:
$ go build
Once finished, a Pasy binary will be present on the current directory.
CREDITS
=======
Pasy took inspiration in two existing password managers, where some
of the flows used in the program were learned. Those are:
pass, by Jason Donenfeld: https://www.passwordstore.org
pash, by Dylan Araps: https://github.com/dylanaraps/pash
For asymmetric encryption, I highly recommend them.
CONTRIBUTING
============
Send patches to <torr[at]disroot[dot]org>.
LICENSE
=======
This project is governed by the terms of the CDDL license version
1.0 only, see the 'LICENSE' file for more information.
---
Copyright 2023 Carlos Torres
Pasy - password manager built on symmetric encryption
Anon. clone
https://clif.peers.community/torr/pasy.git
SSH
git@clif.peers.community:torr/pasy
HEAD: refs/heads/master
Size: 1M