PassWord Keep (pwkeep)

Gem Version

Simple password storage system.

Quick start guide

Run pwkeep -i to initialize a new storage into ~/.pwkeep. This will create an RSA key pair.

If you want to tune the algorithm(s), key sizes and such, you can create ~/.pwkeep/config.yml (see below for syntax).

If you want to place it somewhere else, set PWKEEP_HOME environment variable, or use -H (--home) parameter when running pwkeep.

To add credentials, use

pwkeep -c -n <name of cred>

To modify them

pwkeep -e -n <name>

And to show

pwkeep -v -n <name>

See --help for more options.

When upgrading from <0.4, please run --migrate once to rename your files.

Features

Password keep is intended to be simple and easy to use. It uses RSA + AES256 encryption for your credentials. The data is not restricted to usernames and passwords, you can store whatever you want.

Editing is done with vipe, which you need to install.

Configuration

The configuration file is a simple YAML formatted file with following syntax (NOT YET SUPPORTED)

---
  # less than 1k makes no sense. your files will be at least this / 8 bytes. 
  keysize: 2048 
  iterations: 2000
  # do not edit the following unless you know what you are doing. 
  cipher: AES-256-CTR

File formats

The private.pem file contains your private key. It is fully manipulatable with openssl binary without any specialities.

system-* files contain actual credentials. The file name consists from system- prefix and hashed system name. The system name is encrypted with your public key, then hashed iterations time with chosen hash, SHA512 by default.

The actual file format is:

  • header (encrypted with your public key)
    • nil terminated algorithm name
    • 16 byte iv (algorithm dependant)
    • 32 byte key (algorithm dependant)
  • data: encrypted credential with above key+id

You cannot decrypt this with openssl directly, but you can easily write a program to do this. The header is padded with OAEP padding.