gui to temporarily save passwords to system-clipboard
Project description
What pwclip is
pwclip is a password management tool. It’s main target is having fast and comfortable access to passwords by storing them for a variable time in the systems clipboard (copy/paste) buffer.
It basically has two operating modes. One is for operating on yubikeys to generate uniq responses which might be used as passwords while they can be generated by that exact yubikey only. The first yubikey found on the system and the first slot, configured with (HMAC-SHA1) challenge-response, will be used. For that function Windows is supported (see “Install” section).
The second operating mode does currently only work (as so far tested) on Linux due to lack of cmdline handling of gpg4win (which i am not sure about and will go into as soon as i find the time and motivation for that). It can be used to create a ~/.pwdcrypt file which is gpg encrypted text using either the value of GPGKEYS as gpg recipients if found in environment otherwise every key within the users keyring will be used. For password-list managing there is a simple “import” function. On startup it lookes for a ~/.pwd.yaml file and if found merged with the already known passwords from the ~/.passcrypt if there is one. All entrys in ~/.passcrypt will be overridden by the entrys from the ~/.pwd.yaml file. As soon as it has been merged the ~/.pwd.yaml file will be deleted. See “YAML-Format” section for details.
To catch user input python’s Tk (tkinter) library is used to create a simple password input window. The appropriate response is saved for only 3 seconds by default to not have it exposed as soon as it’s used. The utility also supports the input of any integer which is then used as timer. Otherwise the environment is searched for PWCLIPTIME and uses the value of that environment variable as timer. The timer is used as time in which the received password stays in the paste buffer bevore its replaced by the previously copied value. As you may see there is an optional commet which is used as text notification displayed on the screen if set. Therefor python3’s gi notify2 is used which is another reason for discontinuing python2 support.
I highly encourage you to bind pwclip to a shortcut within your X-Environment to have access to your stored passwords from within any program. For example i like binding it to Super-Middle-Mouse-Button for the pwclip default mode and Strg-Shift-Middle-Mouse-Button for the yubico mode. On Windows-Systems you need to create a link for it somewhere. When editing that link you may set a keyboard shortcut (could not find a nicer solution by now). The target for that link then whould be “%PYTHONINSTALLDIR%\scripts\pwclip.exe”.
Last but not least i want to point something out: I’ve been trying my best to keep the passwords secure from unwanted access BUT there is !NO GUARANTEE! that the passwords handled with during runtime are safe from other users access, especially root access on linux systems (help on that is very welcome). Please be aware of that.
Since version 1.2 openssl keys are supported. For use with pwclip they will be converted to gpg-keys (gpgsm) automaticly - openssl is not used for en/decryption.
YAML-Format
---
- realsystemuser:
- - somename:
- Som3(rypt!cPass
- Some optional info to display as popup notification
- - othername:
- Som3other(rypt!cPass
Installation
On Windows you need to install Python3 from http://python.org/ first. On most Linux distributions python will be part of the system. With Python installed, you can install the pwclip package from the Python-Package-Index (pyPI) by running:
pip3 install pwclip
and installing the dependencies (not managed by pip) manually.
Installing from a source distribution archive
To install this package from a source distribution archive, do the following:
Extract all the files in the distribution archive to some directory on your system.
In that directory, run: python setup.py install
Usage
Although is was planed as GUI-Program it’s also possible to be executed from terminals. For Windows, Linux and OSX there is an appropriate executable packed which might be executed like the following examples will show:
GPG-Mode
If there is an environment variable called GPGKEYS it will use those keys to encrypt on changes to the password file. To list the password file you may use the list switch followed by optional search pattern like:
pwcli -l
or
pwcli -l $PATTERN
as you can see the yaml format tends to be used for multiple user names to better manage large lists. By default the current users entrys will be listed only. To have them all listed (or searched for by the above pattern example) use:
pwcli -A -l $PATTERN
Yubikey-Mode
ykclip
The YKSERIAL environment variable is used if found to select the yubikey to use if more than one key is connected. Otherwise the first one found is chosen. Likewise it also accepts an option:
pwcli -y $YKSERIAL
To have it wait for a specific time like 60 seconds (bevore resetting the paste buffer to the previously copied value) the PWCLIPTIME environment variable is used or also the command accepts it as input:
pwcli -t 60 -l mysavedusername
Most of the options may be combined. For more information on possible options in cli mode please see:
pwcli --help
GUI-Mode
For the GUI-Mode just use one of the following commands, not accepting any options or arguments:
pwclip
ykclip
Troubleshooting
When using the yubikey challenge-response mode there is a bug in the usb_hid interface. This is because of python2 => 3 transition, most likely and can be fixed easily (having root privileges) by executing the following commands: sudo su - # only needed if current user isn’t root already sudo vi +':107s/\(.* =\).*/\1 response[0]/' +':wq' /usr/local/lib/python3.5/dist-packages/yubico/yubikey_4_usb_hid.py Explained: In line 107 of the file /usr/local/lib/python3.5/dist-packages/yubico/yubikey_4_usb_hid.py the ord() coversion of the response r_len = ord(response[0]) needs to be removed, like: r_len = response[0]
Credits
Python3 developers & the whole community (farmost those @stackoverflow.com)
Pyperclip for they excellent Windows & OSX clipboard code
Yubico (cheap & solid HW-Security-Modules) & python-yubico developers
GNU Privacy Guard (basic kryptography) & python-gnupg developers
SonicLux for telling me that a final version must not be 0.3.3 :D
I hope that this might be somewhat of help or at least be inspiring for own ideas. You’re alway welcome to leave me a message for requests, reviews or feature requests as well as bug reports: <mail@leonpelzer.de>
Changelog
1.3.1 (current)
Released: 2018-04-19
reverted changes from last version while clipboards are not accessible from other processes in python Gtk/Gdk
readded xsel dependency
fixed last release date
1.3.0
Released: 2018-04-19
fixed path related build environment issues
removed xsel dependency
1.2.11
Released: 2018-04-16
fixed usage of os.utime instead of system.filetime
added man page and changed whole build environment as well as the script i’ve been using to build
removed few files not needed for pwclip and updated the README
1.2.10
Released: 2018-03-31
fix ykclip not choosing challenge-response slot automatically
changed –help for -x option to better match its sence
again lots of code linting (code rated at 9.52/10) disabled checks: bad-continuation,too-many-arguments,too-many-locals,too-many-branches
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for pwclip-1.3.1.linux-x86_64.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 09d13127fea7c0a70c1890f7d8fb141fd3f7a6a681a72aac76cdabd40dbff02e |
|
MD5 | d27e0bed73b13497a2c13e3fa0ccf39e |
|
BLAKE2b-256 | b861187100b1f8a28140941ae9f7308d1b7022a0ad4d4831d9fbb0091f800962 |