pwclip 1.2.10

gui to temporarily save passwords to system-clipboard

pwclip
""""""

What pwclip is
==============

pwclip is a password management tool. It's main target is having fast and
comfortable access to passwords by storing them for a variable time in the
systems clipboard (copy/paste) buffer.

It basically has two operating modes. One is for operating on yubikeys to
generate uniq responses which might be used as passwords while they can be
generated by that exact yubikey only. The first yubikey found on the system
and the first slot, configured with (HMAC-SHA1) challenge-response, will be
used. For that function Windows is supported (see "Install" section).

The second operating mode does currently only work (as so far tested) on Linux
due to lack of cmdline handling of gpg4win (which i am not sure about and will
go into as soon as i find the time and motivation for that). It can be used to
create a ~/.pwdcrypt file which is gpg encrypted text using either the value of
GPGKEYS as gpg recipients if found in environment otherwise every key within
the users keyring will be used. For password-list managing there is a simple
"import" function. On startup it lookes for a ~/.pwd.yaml file and if found
merged with the already known passwords from the ~/.passcrypt if there is one.
All entrys in ~/.passcrypt will be overridden by the entrys from the
~/.pwd.yaml file. As soon as it has been merged the ~/.pwd.yaml file will be
deleted. See "YAML-Format" section for details.

To catch user input python's Tk (tkinter) library is used to create a simple
password input window. The appropriate response is saved for only 3 seconds
by default to not have it exposed as soon as it's used. The utility also
supports the input of any integer which is then used as timer. Otherwise the
environment is searched for PWCLIPTIME and uses the value of that environment
variable as timer. The timer is used as time in which the received password
stays in the paste buffer bevore its replaced by the previously copied value.
As you may see there is an optional commet which is used as text notification
displayed on the screen if set. Therefor python3's gi notify2 is used which is
another reason for discontinuing python2 support.

I highly encourage you to bind pwclip to a shortcut within your X-Environment
to have access to your stored passwords from within any program. For example
i like binding it to `Super-Middle-Mouse-Button` for the pwclip default mode
and `Strg-Shift-Middle-Mouse-Button` for the yubico mode. On Windows-Systems
you need to create a link for it somewhere. When editing that link you may set
a keyboard shortcut (could not find a nicer solution by now). The target for
that link then whould be "%PYTHONINSTALLDIR%\\scripts\\pwclip.exe".


Last but not least i want to point something out: I've been trying my best
to keep the passwords secure from unwanted access BUT there is !NO GUARANTEE!
that the passwords handled with during runtime are safe from other users
access, especially root access on linux systems (help on that is very welcome).
Please be aware of that.

Since version 1.2 openssl keys are supported. For use with pwclip they will be
converted to gpg-keys automaticly - openssl is not used for en/decryption.


YAML-Format
===========

\-\-\-

realsystemuser:
\- somename:
\- Som3(rypt!cPass

\- Some optional info to display as popup notification

\- othername:
\- Som3other(rypt!cPass



Installation
============

pwclip requires the "xsel" package on Debian-Like Systems to have access to
copy/paste buffers.

* https://wiki.ubuntuusers.de/xsel/

Installing via pip3
--------------------

On Windows you need to install Python3 from http://python.org/ first. On most
Linux distributions python will be part of the system. With Python installed,
you can install the pwclip package from the Python-Package-Index (pyPI) by
running:

``pip3 install pwclip``

and installing the dependencies (not managed by pip) manually.

Installing from a source distribution archive
---------------------------------------------
To install this package from a source distribution archive, do the following:

1. Extract all the files in the distribution archive to some directory on your
system.

2. In that directory, run: ``python setup.py install``


Usage
=====

Although is was planed as GUI-Program it's also possible to be executed from
terminals. For Windows, Linux and OSX there is an appropriate executable
packed which might be executed like the following examples will show:

GPG-Mode
--------

If there is an environment variable called GPGKEYS it will use those keys to
encrypt on changes to the password file. To list the password file you may use
the list switch followed by optional search pattern like:

``pwcli -l``

or

``pwcli -l $PATTERN``

as you can see the yaml format tends to be used for multiple user names to
better manage large lists. By default the current users entrys will be listed
only. To have them all listed (or searched for by the above pattern example)
use:

``pwcli -A -l $PATTERN``

Yubikey-Mode
------------
``ykclip``

The YKSERIAL environment variable is used if found to select the yubikey to use
if more than one key is connected. Otherwise the first one found is chosen.
Likewise it also accepts an option:

``pwcli -y $YKSERIAL``

To have it wait for a specific time like 60 seconds (bevore resetting the paste
buffer to the previously copied value) the PWCLIPTIME environment variable is
used or also the command accepts it as input:

``pwcli -t 60 -l mysavedusername``

Most of the options may be combined. For more information on possible options in
cli mode please see:

``pwcli --help``

GUI-Mode
--------

For the GUI-Mode just use one of the following commands, not accepting any
options or arguments:

``pwclip``

``ykclip``


Troubleshooting
===============

When using the yubikey challenge-response mode there is a bug in the usb_hid
interface. This is because of python2 => 3 transition, most likely and can be
fixed easily (having root privileges) by executing the following commands:
``sudo su -`` # only needed if current user isn't root already
``sudo vi +':107s/\(.* =\).*/\1 response[0]/' +':wq' /usr/local/lib/python3.5/dist-packages/yubico/yubikey_4_usb_hid.py``
Explained:
In line 107 of the file
/usr/local/lib/python3.5/dist-packages/yubico/yubikey_4_usb_hid.py
the ord() coversion of the response
`r_len = ord(response[0])`
needs to be removed, like:
`r_len = response[0]`


Credits
=======

* Python3 developers & the whole community (farmost those @stackoverflow.com)
* Pyperclip for they excellent Windows & OSX clipboard code
* Yubico (cheap & solid HW-Security-Modules) & python-yubico developers
* GNU Privacy Guard (basic kryptography) & python-gnupg developers
* SonicLux for telling me that a final version cannot and must not be 0.3.3 :D

I hope that this might be somewhat of help or at least be inspiring for own
ideas. You're alway welcome to leave me a message for requests, review or
feature/bug requests: <d0n@janeiskla.de>

Changelog
=========

1.2.10 (current)
---------------

Released: 2018-04-01

* fix ykclip not choosing challenge-response slot automatically

* changed --help for -x option to better match its sence

* again lots of code linting (code rated at 9.52/10) disabled checks:
bad-continuation,too-many-arguments,too-many-locals,too-many-branches

* code cleanup and portability implementations for system.xlib


1.2.9
-----

Released: 2018-03-30

* fixed xsel stays running in background (it's options are nasty)

* lots of merges but it's too fuzzy to take them apart to see what has
changed - mostly no functionallity changes though

* replaced the xinput and xgetpasswd (each continaing the class XInput) by
the equal called functions each using the class XInput

* added message for failed input match or decryption

* fixed displaying messages for input windows

* reverted and finally fixed xsel running in background (sometimes?)
now explicitly terminating when finished


1.2.8
-----

Released: 2018-03-29

* fixed a few bugs implemented while linting in 1.2.5

* made GPGSMTool parent to GPGTool for common methods

* fixed wrong filerotate if no changes where made

* fixed bug in class import name


1.2.7
-----

Released: 2018-03-28

* fix for passwords are returned incorrectly

** hotfix release **