password generator
Project description
Abraxas Collaborative Password Utility
Introduction
Abraxas is powerful password utility that can store or generate your passwords and produce them from the command line. It can also be configured to autotype your username and password into the current window so that you can log in with a simple keystroke.
Abraxas is an alternative to the traditional password vault. The intent is not to store passwords, but rather to regenerate them as needed. This is done with the aid of two files. The first is an accounts file that contains useful information about each account along with the parameters that control how the password is generated for that account (which style of password to generate, how many characters or words to include, what alphabet to use, etc.) The second is the master password file. When you go to use the password generator, you will first need to unlock the master password file. You do so by providing its pass phrase, which only you should know. Thus, only you will be capable of generating the passwords associated with your accounts. Once generated, you can specify that they be displayed on the standard output, you can specify that they be copied to the clipboard, or you can specify that they be typed into some other program.
In your master password file you can store more than one master password (the password used to generate the passwords for your accounts). In this way this password generator makes it easy to collaborate with friends and colleagues. Simply start by sharing a master password that you only use for shared accounts. A password generated for a particular account is computed from the name of the account and the master password. Since your partner and you are sharing the master password, you will both generate the same password for an account as long as you both use the same name for the account. In other words, if Alice and Bob share a master password, and if Alice wants to create a Google Docs account for sharing documents with Bob, she need only create the account using the password generated by Abraxas using the shared master password, and then simply tells Bob that she has created a Google Docs account with the name “abdocs” and uploaded several documents. Without actually sharing the password, Bob uses the shared master password and the account name to regenerate the account’s password himself and downloads the documents.
Installing Prerequisites in Fedora with Yum
Abraxas is compatible with both python 2.6 and beyond or python 3.3 and beyond. It requires the following packages to fully function (run these commands as root):
yum install python yum install python-setuptools yum install libyaml-devel yum install PyYAML yum install pygobject3 (if using python2) yum install python3-gobject (if using python3) yum install python-docutils yum install xdotool yum install xsel easy_install python-gnupg
On Centos you will also need:
yum install python-argparse
On Redhat-based systems you can get these dependencies by running ./yum.sh.
If you would like to run the tests, you will also need the inform package from my github account (https://github.com/KenKundert/inform.git).
Installing Prerequisites in Arch Linux with Pacman
Abraxas requires the following Arch Linux packages to fully function (run these commands as root):
pacman -S git pacman -S python pacman -S python-setuptools pacman -S python-docutils pacman -S python-gobject pacman -S libyaml pacman -S xdotool pacman -S xsel easy_install python-gnupg easy_install PyYAML
You can install these prerequisites by running ./pacman.sh.
Installing Prerequisites in Ubuntu with Apt-Get
Abraxas requires the following Ubuntu packages to fully function (run these commands as root):
apt-get install git apt-get install libyaml-dev apt-get install python3 apt-get install python3-setuptools apt-get install python3-docutils apt-get install python3-gi apt-get install python3-yaml apt-get install xdotool apt-get install xsel easy_install3 python-gnupg
You can install these prerequisites by running ./ubuntu.sh. Ubuntu does not provide gpg2, so you will need to change GPG_BINARY in abraxas/prefs.py to gpg.
Installing Prerequisites from Source
Or, you can install Python from source. First get and install Python using:
$ cd ~/packages/python $ wget http://www.python.org/download/releases/3.3.2/Python-3.3.2.tgz $ tar zxf Python-3.3.2.tgz $ cd Python-3.3.2 $ ./configure --prefix=$HOME/.local $ make $ make install
Now get easy_install:
$ wget -O http://python-distribute.org/distribute_setup.py $ python3.3 distribute_setup.py
Then you can use easy_install to install python-gnupg, argparse, docutils, and PyYAML as above.
Configuring GPG Agent
If you do not yet have a GPG key, you can get one using:
$ gpg --gen-key
You should probably choose 4096 RSA keys. Now, edit ~/.gnupg/gpg-conf and add the line:
use-agent
That way, if you have an agent running (and most login environments such as Gnome or KDE will start an agent for you; if you do not have an agent running you can generally have one started for you when you login by configuring your Session settings) then you can just give your GPG key pass phrase once per login session.
The ultimate in convenience is to use Gnome Keyring to act as the GPG agent because it allows you to unlock the agent simply by logging in. To do so, make sure Keyring is installed:
yum install gnome-keyring gnome-keyring-pam
If you are using Gnome, it will start Keyring for you. Otherwise, you should modify your .xinitrc or .xsession file to add the following:
# Start the message bus if it is not already running if test -z "$DBUS_SESSION_BUS_ADDRESS"; then eval $(dbus-launch --sh-syntax --exit-with-session) fi # Set ssh and gpg agent environment variables export $(gnome-keyring-daemon --start)
GnuPG Issues
If abraxas crashes with the message:
ValueError: Unknown status message: u'PROGRESS'
you have encountered a bug in python-gnupg. I can be resolved by adding “PROGRESS” to line 219 of gnupg.py in the python-gnupg install (the path varies based on the version and where you install it, but you might try something like: /usr/lib/python3.3/site-packages/python_gnupg-0.3.6-py3.3.egg/gnupg.py).
If you use Gnome Keyring, you should be aware the Werner Koch is very annoyed at it and the latest versions of gnupg will emit a warning that Gnome Keyring has hijacked the GnuPG agent if you try to use Gnome Keyring as the GnuPG agent. You can safely ignore this message. The only way to use Gnome Keyring and avoid the message is to download the GnuPG source, delete the message, and compile it by hand.
Installing
To test the program, run:
$ ./test
or:
$ ./test3
if you plan to use python3 and have both python2 and python3 installed.
Once you are comfortable that everything is in order, you should install the program. To do so, first open the install file and make sure your version of python is given in the set python line. Then run:
$ ./install
The program along with the man pages should end up in ~/.local.
Once installed, you should be able to get information as follows:
$ man abraxas (information on how to use abraxas from the command line) $ man 3 abraxas (information on how to use the abraxas API) $ man 5 abraxas (information about the configuration files)
Configuring Vim
To be able to easily edit encrypted files (such as the Abraxas master password file), download the gnupg vim plugin from:
http://www.vim.org/scripts/script.php?script_id=3645
Then copy it into:
cp gnupg.vim ~/.vim/plugin
Configuring Abraxas
To start using Abraxas you need to do a one-time setup to create your account directory (~/.config/abraxas):
$ abraxas -I <GPG-Key>
where <GPG-Key> would be replaced by the email you provided to GPG when you created your key.
You will need to edit ~/.config/abraxas to add your accounts (see man 5 abraxas for the details). For example, to add a gmail accounts, add the following to accounts:
"gmail-derrickAsh": { 'aliases': ['gmail', 'google'], 'template': "=words", 'username': "derrickAsh", 'url': 'https://accounts.google.com', 'window': [ 'Gmail*', '*Google Accounts*', ], 'autotype': "{username}{tab}{password}{return}", },
You can now test this account using:
$ abraxas gmail PASSWORD: fallacy derby twinge clone
You would then change your gmail password to the generated pass phrase. Alternatively, you can simply enter your existing password into password_overrides in ~/.config/abraxas/master.gpg until the next time you get around to changing your password.
Configuring the Window Manager for Abraxas Autotype
If you use Firefox or Thunderbird, I recommend you install the ‘Hostname in Titlebar’ add-on to both so that Abraxas can recognize the account to use purely from the URL.
Finally, you will want to chose a keystroke sequence and configure the window manager to run the password generator when you trigger it with that keystroke. How you do that depends on your window manager. With Gnome, it requires that you open your Keyboard Shortcuts preferences and create a new shortcut. I recommend Alt-p as a reasonable keystroke sequence. Enter:
$HOME/.local/bin/abraxas --autotype
as the command to run. Then, when you create your accounts, you should add the appropriate window titles to the account entry so that the appropriate account can be determined automatically from the window title. For example, with the gmail account entered above, you can go to gmail.com, select the username field and then type Alt p to login.
Enjoy,-Ken
Changelog
1.7 (2014-01-24)
Replaced Zenity as the dialog tool for the account picker with an internal version that supports navigating and selecting with the keyboard (j, k, return, esc).
Fixed a bug in –init (-I). Program alternately worked on either python 2 or 3, but not both.
Provided an expanded set of templates.
Refactored the abraxas test suite.
Added –stateless option.
1.6 (2014-01-13)
Changed the name to Abraxas