yapet — store passwords encrypted on disk
yapet [-c] [-h] [-V] [filename]
yapet stands for "Yet Another Password Encryption Tool" and is a curses(3X) based program for storing passwords encrypted on disk. It relies on the crypto(3) library provided by OpenSSL for encrypting and decrypting the passwords. The cipher for encryption and decryption is Blowfish with a 448 bits key.
shows the copyright information.
prints a help text.
shows the version of yapet.
filenamethe file to open. If the file does not exist, yapet asks whether it should be created.
Files created by yapet always have the
suffix .pet.
If you start yapet without any command line arguments given, you will see a screen as shown in Figure 1, “Main screen”.
Figure 1. Main screen
..::|| YAPET 0.2 ||::.. +---------------------------++---------------------------+ | || K E Y S | | ||---------------------------| | || S Save File | | || R Load File | | || L Lock Screen | | || A Add Entry | | || D Delete Entry | | || O Sort Order | | || / Search | | || N Search Next | | || C Change Password | | || ^L Redraw Screen | | || Q Quit | | || | | |+---------------------------+ | |+---------------------------+ | || | | || | | || | | || | +---------------------------++---------------------------+ No file loaded
Passwords are stored as records (also referred to as entries) having the following fields
Files created by yapet always have the
suffix .pet. This cannot be changed by the
user. Also, if a file is loaded using the command line the
suffix .pet is appended to the filename
given that it was not specified by the user.
The password entries are protected by a master password. The master password is used to encrypt and decrypt the records. If the master password is lost, so are the records.
The upper right frame in Figure 1, “Main screen” shows the keys recognized by yapet. The keys are not case-sensitive. Following is a short explanation of the keys.
Adds a new password entry to the currently loaded file. The entry will be permanently added to the file when the file is saved by pressing S.
Before you can use this function, you have to load an existing file or create a new one by pressing R.
Deletes a password entry from the currently loaded file. The entry will be permanently deleted when the file is saved by pressing S.
Changes the sort order to either ascending or descending. This setting is not kept permanently and is lost upon restart of yapet.
The default sort order is ascending.
Starts a new search. YAPET can search the name of the entries for a particular term. If the term is found, the item is highlighted. You can repeat a search by pressing N using the same term again.
Repeats a search using the search term specified invoking the search functionality by pressing /.
Change the
master password of the currently loaded file. This action
requires to save all changes first. The file with the old
master password will be saved as
filename.bakfilename the name of the
currently loaded file is.
Quits yapet. If changes are not written to disk yapet will ask whether they should be saved or not. Regardless of the answer, yapet quits, either saving the changes or discarding them.
The empty frame on the left side of the main screen will display the password entries' Name. You can move the selection by using Up, Down, Page Up, Page Down, Home, and End keys. A entry can be opened for viewing and editing by pressing Enter.
Tab will switch the focus to the next widget. Be aware that Shift+Tab does not work for focusing the previous widget.
If there is no key pressed for more than ten (10) minutes, yapet will blank the screen. It will prompt for the password of the currently load file when a key is pressed. This is the same behavior as seen by pressing the key L.
Although I took several precautions to avoid having any passwords stored clear text in memory, I was able to snoop up the master password in core files. This means for you, the user of YAPET, that it is possible, though not likely, for a malicious user to get hold of one or more passwords while YAPET is running. But remember, the passwords stored in the files created by YAPET are encrypted and not stored clear text. This is the best possible way of keeping them stored on a disk. The best overall method for keeping them, is to memorize them and not writing them down in any form.
The user interface is clumsy and not really user friendly. It may flicker running yapet in a ssh session.
Clearing the memory when it is no longer used seems buggy since I was able to snoop the master password in core dumps.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
The latest version of this program can be found under http://www.guengel.ch/myapps/yapet.