gui to temporarily save passwords to clipboard (paste-buffer)
Project description
What is pwclip?
pwclip is a password management tool. It’s main target is having fast and comfortable access to passwords by storing them for a variable time in the systems clipboard (copy/paste) buffer.
It basically has two operating modes. One is for operating on yubikeys to generate uniq responses which might be used as passwords while they can be generated by that exact yubikey only. The first yubikey found on the system and the first slot, configured with (HMAC-SHA1) challenge-response, will be used. For that function Windows is supported (see “Install” section).
The second operating mode does currently only work (as so far tested) on Linux due to lack of cmdline handling of gpg4win (which i am not sure about and will go into as soon as i find the time and motivation for that). It can be used to create a ~/.pwdcrypt file which is gpg encrypted text using either the value of GPGKEYS as gpg recipients if found in environment otherwise every key within the users keyring will be used. For password-list managing there is a simple “import” function. On startup it lookes for a ~/.pwd.yaml file and if found merged with the already known passwords from the ~/.passcrypt if there is one. All entrys in ~/.passcrypt will be overridden by the entrys from the ~/.pwd.yaml file. As soon as it has been merged the ~/.pwd.yaml file will be deleted. See “YAML-Format” section for details.
To catch user input python’s Tk (tkinter) library is used to create a simple password input window. The appropriate response is saved for only 3 seconds by default to not have it exposed as soon as it’s used. The utility also supports the input of any integer which is then used as timer. Otherwise the environment is searched for PWCLIPTIME and uses the value of that environment variable as timer. The timer is used as time in which the received password stays in the paste buffer bevore its replaced by the previously copied value. As you may see there is an optional commet which is used as text notification displayed on the screen if set. Therefor python3’s gi notify2 is used which is another reason for discontinuing python2 support.
I highly encourage you to bind pwclip to a shortcut within your X-Environment to have access to your stored passwords from within any program. For example i like binding it to Super-Middle-Mouse-Button for the pwclip default mode and Strg-Shift-Middle-Mouse-Button for the yubico mode. On Windows-Systems you need to create a link for it somewhere. When editing that link you may set a keyboard shortcut (could not find a nicer solution by now). The target for that link then whould be “%PYTHONINSTALLDIR%scriptspwclip.exe”.
Last but not least i want to point something out: I’ve been trying my best to keep the passwords secure from unwanted access BUT there is !NO GUARANTEE! that the passwords handled with during runtime are safe from other users access, especially root access on linux systems (help on that is very welcome). Please be aware of that.
YAML-Format:
---
- realsystemuser:
- - somename:
- Som3(rypt!cPass
- Some optional info to display as popup notification
- - othername:
- Som3other(rypt!cPass
Installation
pwclip requires the “xsel” package on Debian-Like Systems to have access to copy/paste buffers. On Windows Systems the libusb package must be integrated to python3 as “USB-Backend”. Here should be all infos needed for that:
If you are on a Debian-Like systems, presuming you have my apt repository deb.janeiskla.de/ubuntu in your sources list, install like:
$ apt-get install pwclip
Installing via pip3
You can install this package from the Python Package Index (pyPI) by running:
pip3 install pwclip
and installing the dependencies (not managed by pip) manually.
Installing from a source distribution archive
To install this package from a source distribution archive, do the following:
Extract all the files in the distribution archive to some directory on your system.
In that directory, run: python setup.py install
Usage
Although is was planed as GUI-Program it’s also possible to be executed from terminals. For Windows, Linux and OSX there is an appropriate executable packed which might be executed like the following examples will show:
GPG-Mode
pwclip
If there is an environment variable called GPGKEYS it will use those keys to encrypt on changes to the password file. To list the password file you may use the list switch followed by optional search pattern like:
pwclip -l
or
pwclip -l $PATTERN
as you can see the yaml format tends to be used for multiple user names to better manage large lists. By default the current users entrys will be listed only. To have them all listed (or searched for by the above pattern example) use:
pwclip -A -l $PATTERN
To show even passwords in clear text (strongly unrecommanded for obvious reasons) you may use:
pwclip -l -s
Most of the above may be combined.
Yubikey-Mode
pwclip -y
The YKSERIAL environment variable is used if found to select the yubikey to use if more than one key is connected. Otherwise the first one found is chosen. Likewise it also accepts an option:
pwclip -y $YKSERIAL
Both-Modes
To have it wait for a specific time like 5 seconds (bevore resetting the paste buffer to the previously copied value) the PWCLIPTIME environment variable is used or also the command accepts that as input:
pwclip 5
The timer option can only be privided last on cmdline.
Credits
Python3 developers & the whole community (farmost those @stackoverflow.com)
Pyperclip for they excellent Windows & OSX clipboard code
Yubico (cheap & solid HW-Security-Modules) & python-yubico developers
GNU Privacy Guard (basic kryptography) & python-gnupg developers
SonicLux for telling me that a final version cannot and must not be 0.3.3 :D
I hope that this might be somewhat of help or at least be inspiring for own ideas. You’re alway welcome to leave me a message for requests, review or feature/bugrequests: <d0n@janeiskla.de>
Changelog
0.4.8 (current)
[L] bunch of optimisations for the linux clip library regarding the copy function which now is able to save into PRIMARY and CLIPBOARD instead of PRIMARY only.
[W] made some success on gpg4win but still does not work for our thing
some other things i’ve forgotten inbetween wich is caused by the fact that i’ve mistakenly released 0.4.7
implemented scp functionality to optionally mirror the passcrypt to some scp-compatible server and access it from more than one machine.
0.4.7
beginning to tag linux related stuff within the changelog with [L], windows entrys with [W] and OSX related ones with [O] if they are related to that topic only
fixed minor “try: except:” statement issues
code cleanup, misspelling corrections & some other minor fixes
renamed cypher library to secrecy while that better matches it’s intension
[W] continued windows implementation and again left it unfinished - gpg4win only supports gpg-2.0 keys what made me confused using it with gpg-2.1-made-keys which is incompatible when using ed25519-keys
[W] ran into python-gnupg bugs where gpg signals have not been catched (unsure if that is compromising somehow anyways)
[W] implementing gpg4win giving me a hard time while many issues appear which do not exists under linux regarding the libraries libusb and yubico and PATH related issues as gpg4win does not use C:Users%USER% as home directory for the personal .gnupg folder and so on…
0.4.6
Released: 2016-11-24
added compatibility for gpg on windows (assuming gpg4win installed)
fixed a few bugs on windows regarding input & copy/paste things but even so could not get it to work finally
again stolen code from pyperclip regarding windows & osx clips
added credits for pyperclip which i (shame on me) have forgotten untill now
fixed password input on false input by correctly raising exceptions
0.4.5
Released: 2016-11-21
fixed bug if not having a .passcrypt file already (workaround would have been touch ~/.passcrypt)
fixed bug when pressing ESC in yubi-mode - now inserts empty string hash
fixed bug when pressing ESC in gpg-mode - now error-exits with appropriate error-message (if on terminal)
added example .pwd.yaml file to explain a bit how pwclip is ment to work
updated the above explanation a bit
i feel like this is the first real, more or less, stable version ;D
0.4.4
Released: 2016-10-28
implemented the named but forgotten timer option
implemented gpg-agent restart function while that agent tends to fuck around
now there is an error message displayed in gpg-mode without an existing yaml and passcrypt file (if both don’t exist
fixed I/O issue where empty passcrypt was written (now double-checking)
fixed some argparse related issues (timer settings corrected)
fixed notification timer to be displayed as long as the password is stored
fixed crash on blank search pattern input in gpg-mode
0.4.3
Released: 2016-10-28
bunch of documentation corrections to fit the below implementations
0.4.2
Released: 2016-10-27
fixed many issues caused by changes/implementations of v0.4.1
fixed many search and listing issues caused by laziness (who ever did this)
added another cmdline switch to not have passwords replaced by asterisks (*) which is now default for output on terminals
fixed greedly matching entrys (if lenght of entered search pattern is < 2)
added restriction of at least 2 caracters for each user, password and comment for not breaking the above greedly matching search fix
0.4.1
Released: 2016-10-27
python2 support is now discontinued (dependency differences are nasty)
implemented command line argument parsing including help
stylistic updates regarding cmdline output and passcrypt management
fixed another bunch of bugs around the GUI for user input
fixed empty gpg-passphrase usage (keys without passphrases are used anyways)
fixed user input which was repeatedly asking for input on escape/cancle
fixed error if no ~/.passcrypt file was found
fixed some issues with adding/changing/deleting passwords from passcrypt
fixed bugs caused by merging build environment development branch
0.4.0
Released: 2016-10-26
implemented PIN/Passphrase input gui for GPG decryption
fixed many I/O encryption/decryption on-the-fly issues
merged monolithic code into smaller files for better modularity/compliance
some stylistic updates/fixes
0.3.3
Released: 2016-10-22
final release of pwclip with new function and documentation
0.2.6 - 0.3.2
Released: 2016-10-22
minor documentation fixes (playing around with rst formatting)
0.2.5
Released: 2016-10-22
seperated the code into submodules within lib/ to be more compliant to my usual environment
added complete new en/decryption mode via python3-gnupg - now it’s capable of selecting gpg-keys by GPGKEYS environment variable to en/decrypt ~/.passcrypt
documentation updated and cleanup on typo/irrelevant text
FIXED: issue where the gpg-agent isn’t able decrypt without passphrase/pin and clould not ask for it
Documentation
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pwclip-0.4.8.linux-x86_64.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | cf03c944a227de9ded6c552a9348500804b1e10b373a6ce576bb39bef7ad68fb |
|
MD5 | 129c4af35316102602ffea6edfe97918 |
|
BLAKE2b-256 | d91d527cb8f355b1326723bc075e6f98cd6e7bb67033c1556a676186ffb42a41 |