____ | _ \ __ _ ___ _ _ | |_) )/ _` |/ __)| | | | | __/( (_| |\__ \| |_| | |_| \__,_|(___/ \__, | (___/ ======================================================================= INTRODUCTION ============ Pasy is an experimental terminal based password manager using symmetric encryption to securely store credentials and other pair arranged sensitive information. It was conceived to decrease the baggage related to the encryption and decryption requirements, whereby all one has got to carry is the pasy binary and the data store file. This is achieved by using a memorizable passphrase as hashing key instead of a private key from an asymmetric set. Such approach certainly decreases the hardness of the hash, given that long generated private keys, as RSA's 2048 bits and above, have a much higher entropy concentration. However, the comprise is a trade off in order to achieve the greater 'portability' goal. The encrypting passphrase will not be stored anywhere, and Pasy has no way to decrypt the store content without it, what highlights the importance of choosing a passphrase one will be able to remember. COMMANDS ======== When invoked with the help flag, the following usage explanation is displayed: Usage: pasy [-h|--help|-v|--version] <command> [<args>] Available commands are: add insert password clip copy a password to the clipboard list list password ids remove delete a password rename rename a password id show show a password The 'list' command is the only one which doesn't receive an argument. 'show', 'clip' and 'remove' receive a single argument, being it the identifier for the password record, commonly referred to as simply 'id'. 'rename' takes 2 arguments, the old and new identifiers. And lastly, 'add' takes 2 arguments, the record id and password. When adding a record, the record password may be omitted from the command invocation, whereafter a dialogue will prompt for its input, in the same manner the encryption passphrase is requested. Such prompt will not display the typed keys for privacy reasons. When clipping a password, Pasy will block while the clipboard stores the credential, exiting after a 5 minutes timeout or when the buffer is overwritten. This can be stopped by a <ctrl+c> event. Each command may be further invoked with a help flag for detailed usage information. USAGE EXAMPLES ============== Consuming a password from an environment variable with Pasy: $ pasy add <record_id> $PASSWORD Piping the encrypting passphrase, which is useful for scripts: $ echo -n <encrypting_passphrase> | pasy add <record_id> $PASSWORD Showing a password: $ pasy show <record_id> Listing all recorded passwords: $ pasy list BUILDING ======== This project targets Go 1.20 and above. Older versions may work but are not actively tested. To build, run: $ go build Once finished, a Pasy binary will be present on the current directory. CREDITS ======= Pasy took inspiration in two existing password managers, where some of the flows used in the program were learned. Those are: pass, by Jason Donenfeld: https://www.passwordstore.org pash, by Dylan Araps: https://github.com/dylanaraps/pash For asymmetric encryption, I highly recommend them. CONTRIBUTING ============ Send patches to <torr[at]disroot[dot]org>. LICENSE ======= This project is governed by the terms of the CDDL license version 1.0 only, see the 'LICENSE' file for more information. --- Copyright 2023 Carlos Torres