Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bwesterb/pol
pol /pɵl/ is a modern command line password manager with deniable encryption
https://github.com/bwesterb/pol
cli cryptography password-generator password-manager python
Last synced: 13 days ago
JSON representation
pol /pɵl/ is a modern command line password manager with deniable encryption
- Host: GitHub
- URL: https://github.com/bwesterb/pol
- Owner: bwesterb
- License: gpl-3.0
- Created: 2012-08-20T10:29:15.000Z (about 12 years ago)
- Default Branch: master
- Last Pushed: 2020-07-05T17:27:05.000Z (over 4 years ago)
- Last Synced: 2023-03-11T03:27:30.649Z (over 1 year ago)
- Topics: cli, cryptography, password-generator, password-manager, python
- Language: Python
- Homepage:
- Size: 357 KB
- Stars: 27
- Watchers: 6
- Forks: 4
- Open Issues: 4
-
Metadata Files:
- Readme: README.rst
- Changelog: CHANGES.rst
- License: LICENSE
Awesome Lists containing this project
README
pol
===
pol /pɵl/ is a password manager with two important features:
1. A nice commandline interface. Want to generate a password? Just type:
::
$ pol generate github "my username is John Doo"
Enter (append-)password:
Copied password to clipboard. Press any key to clear ...
This will generate a new password; copy it to the clipboard and store
it under the key *github* with the note *my username is John Doo*.
Want to retrieve the password you just stored? Just type:
::
$ pol copy github
Enter password:
note: 'my username is John Doo'
Copied secret to clipboard. Press any key to clear ...
See below for a description of all commands.
2. Hidden containers. The best way to keep a secret, is being able to
deny you are keeping one. Sometimes you are forced to give up your
passwords. For instance, by a criminal, government or employer.
Luckily a pol safe can have multiple containers. Each container is
opened by its own passwords. If someone does not have a password of a
container, he cannot prove the existence of the container in any way.
Even if he has multiple versions of your safe! Thus if you are forced
to open your pol safe, you can give a password to an uninteresting
container and keep your real secrets safe.
Getting started
---------------
Installation
~~~~~~~~~~~~
First, we install pol.
On Debian Wheezy
^^^^^^^^^^^^^^^^
::
$ sudo apt-get install libgmp3-dev build-essential \
python-dev python-pip
$ sudo pip install pol
On Ubuntu 13.04 and 14.04.1
^^^^^^^^^^^^^^^^^^^^^^^^^^^
::
$ sudo apt-get install libgmp-dev build-essential python-dev \
python-pip libssl-dev libyaml-dev libssl-dev
$ sudo pip install pol
On Mac with homebrew
^^^^^^^^^^^^^^^^^^^^
::
$ brew install python3 gmp mpfr libmpc
$ pip3 install pol
On Mac with MacPorts
^^^^^^^^^^^^^^^^^^^^
Install `MacPorts`_. Then run
::
$ sudo bash
# port install gmp py-pip py36-crypto
# pip-3.6 install pol
If you get ``pol: command not found`` when you try to run ``pol``, add
``/opt/local/Library/Frameworks/Python.framework/Versions/3.6/bin`` to
your ``PATH``. For instance, like this:
::
$ echo 'export PATH=/opt/local/Library/Frameworks/Python.framework/Versions/3.6/bin:$PATH' >> ~/.profile
Creating a safe
~~~~~~~~~~~~~~~
Then, we create a new safe with ``pol init``. ``pol`` will ask you for
the passwords of your containers.
::
$ pol init
You are about to create a new safe. A safe can have up to six
separate containers to store your secrets. A container is
accessed by one of its passwords. Without one of its passwords,
you cannot prove the existence of a container.
Container #1
Each container must have a master-password. This password gives
full access to the container.
Enter master-password:
A container can have a list-password. With this password you can
list and add entries. You cannot see the secrets of the existing
entries. Leave blank if you do not want a list-password.
Enter list-password [no list-password]:
A container can have an append-password. With this password you
can only add entries. You cannot see the existing entries.
Leave blank if you do not want an append-password.
Enter append-password [no append-password]:
Container #2
Now enter the passwords for the second container.
Leave blank if you do not want a second container.
Enter master-password [stop]:
Enter list-password [no list-password]:
Enter append-password [no append-password]:
Container #3
Enter master-password [stop]:
Generating group parameters for this safe. This can take a while ...
[#####################=========================================================]
449 tried, 63.6/s 56.7% 0:00:18
allocating container #1 ...
allocating container #2 ...
trashing freespace ...
Common commands
---------------
generate a new password
~~~~~~~~~~~~~~~~~~~~~~~
This will generate a new password, copy it to your clipboard and store
it under the key ``facebook``.
::
$ pol generate facebook
Enter (append-)password:
Copied password to clipboard. Press any key to clear ...
You might want to add a note. This note is shown when you retrieve the
password.
::
$ pol generate facebook "e-mail: [email protected]"
Enter (append-)password:
Copied password to clipboard. Press any key to clear ...
If you just want a password, but do not want to store it, omit the key:
::
$ pol generate
Copied password to clipboard. Press any key to clear ...
If you want to write it to the screen, add ``--stdout``:
::
$ pol generate --stdout
$^NxY{&Fsy,&->Gi$RZ}
There are several options to change the style of the password:
::
# xkcd style password with 40 bits of entropy
$ pol generate --stdout --kind english --entropy 40
dirty papal nephew repair
# alphanumeric password that would take ages to bruteforce with 10 tries per second
$ pol generate --sdtout --kind alphanum --web-crack-time ages
NNrZ9g8Sy
For all options, see ``pol generate -h``.
Copy password to clipboard
~~~~~~~~~~~~~~~~~~~~~~~~~~
To copy a password stored under the key ``digid`` from the safe to your
clipboard, write
::
$ pol copy digid
Enter password:
note: 'used the e-mail [email protected]'
Copied secret to clipboard. Press any key to clear ...
List passwords
~~~~~~~~~~~~~~
To list the entries in a container, use
::
$ pol list
Enter (list-)password:
Container @280
github 'user: johndoo'
router
facebook 'email: [email protected]'
bios.notebook
bios.pc
You can filter results as follows
::
$ pol list bios
Container @280
bios.notebook
bios.pc
Edit entries
~~~~~~~~~~~~
To edit all entries in a container, use
::
$ pol edit
Enter password:
This will open up your default text editor (``$EDITOR``) with, in this
example:
::
github #1 user: johndoo
router #2
facebook #3 email: [email protected]
bios.notebook #4
bios.pc #5
Simply edit the entries, save the file and exit the editor. ``pol`` will
apply the changes. Remove lines to remove entries; reorder lines to
reorder entries and add a line to add an entry.
By default, the secrets are replaced by pointers like ``#2``. To change
a secret, simply replace the pointer by the secret. For instance:
::
github mypassword user: johndoo
To show the secrets by default, use ``pol edit -s``.
You can filter the entries to edit: executing ``pol edit bios`` will
present the following file to edit.
::
bios.notebook #1
bios.pc #2
With ``pol edit -m`` you can enter multiple passwords to edit entries of
multiple containers. Enter as many passwords as you like and leave the
prompt blank to continue to the editor:
::
$ pol edit -m
Enter password:
Enter next password [done]:
Enter next password [done]:
You will be presented a file like:
::
CONTAINER 1
github #1 user: johndoo
router #2
facebook #3 email: [email protected]
bios.notebook #4
bios.pc #5
CONTAINER 2
supersecret #6
recoverykey #7
Move entries under different headers to move them between containers. It
is that simple.
Technical background
--------------------
For those who like context-free mumbo-jumbo: pol uses *El Gamal
rerandomization*, *Argon2d*, *AES-256 CTR*, *ECIES* on *secp160r1*,
*SHA-256*, *Fortuna* and *msgpack*. For actual details, see
`FORMAT.md`_
Attribution
-----------
The developers of pol are
- Bas Westerbaan
Others have been involved indirectly:
- Bart Jacobs suggested using El-Gamal rerandomization
- Wieb Bosma and Eric Cator have helped approximating the density of
the safe primes.
``pol`` builds on dozens of other (open source) projects, notably:
- `pycrypto`_
- `gmpy2`_
- `seccure`_
- `zxcvbn`_
Finally, the following projects have influenced the design.
- `Password Safe`_
.. _Password Safe: http://passwordsafe.sourceforge.net/quickstart.shtml
.. _pycrypto: https://www.dlitz.net/software/pycrypto/
.. _gmpy2: https://gmpy2.readthedocs.io
.. _seccure: http://point-at-infinity.org/seccure/
.. _zxcvbn: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/
.. _FORMAT.md: doc/FORMAT.md
.. _MacPorts: https://www.macports.org
.. image:: https://travis-ci.org/bwesterb/pol.png
:target: https://travis-ci.org/bwesterb/pol