Metadata-Version: 2.1
Name: pwclip
Version: 1.3.6
Summary: password-manager - temporarily saves passwords to the clipboard
Home-page: https://pypi.org/project/pwclip/
Author: Leon Pelzer
Author-email: mail@leonpelzer.de
License: GPLv3+
Download-URL: http://deb.janeiskla.de/python/python3-pwclip_current_all.deb
Platform: UNKNOWN
Classifier: Environment :: Console
Classifier: Environment :: MacOS X
Classifier: Environment :: Win32 (MS Windows)
Classifier: Environment :: X11 Applications
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: End Users/Desktop
Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Desktop Environment
Classifier: Topic :: Utilities
Classifier: Topic :: Desktop Environment
Provides: pwcli
Provides: pwclip
Provides: ykclip
Requires-Dist: argcomplete
Requires-Dist: paramiko
Requires-Dist: psutil
Requires-Dist: python-gnupg
Requires-Dist: PyYAML

pwclip
""""""

What pwclip is
==============

pwclip is a password management tool. It's main target is having fast and
comfortable access to passwords by storing them for a variable time in the
systems clipboard (copy/paste buffer). It uses either GnuPG2 or OpenSSL
(converted to GPGSM) keys as cryptographic operations. It also works with
yubikey's challenge-response to generate uniq HMAC-SHA1 hashes stored to the
clipboard as well.

The main feature is the pwcli/pwclip mode which provides easy access to the
~/.passcrypt file. That file is used by default as password storage. The
program is executed in gui mode when pwclip is called and in cli mode when
pwcli is called respectivly. It creates the ~/.passcrypt file which is gpg
encrypted text using either the value of GPGKEYS from the users environment as
gpg encryption recipients. On startup it lookes for a ~/.pwd.yaml file which is
merged with the already known passwords from the ~/.passcrypt file if there
already is one. All entrys in the ~/.passcrypt file will be overridden by
entrys from the ~/.pwd.yaml file.

The second operating mode is for operating on yubikeys to generate uniq
responses which might be used as passwords while they can be generated by that
exact yubikey only. The first yubikey found on the system and the first slot,
configured with (HMAC-SHA1) challenge-response, will be used. For that function
Windows is supported (see "Install" section).

To catch user input python's Tk (tkinter) library is used to create a simple
password input window. The appropriate response is saved for only 3 seconds
by default to not have it exposed as soon as it's used. The utility also
supports the input of any integer which is then used as timer. Otherwise the
environment is searched for PWCLIPTIME and uses the value of that environment
variable as timer. The timer is used as time in which the received password
stays in the paste buffer bevore its replaced by the previously copied value.
As you may see there is an optional commet which is used as text notification
displayed on the screen if set. Therefor python3's gi notify2 is used which is
another reason for discontinuing python2 support.

I would encourage you to bind pwclip to a shortcut within your X-Environment
to have access to your passwords at any time. On Windows-Systems you need to
create a link for it somewhere. When editing that link you may set a keyboard
shortcut (could not find a nicer solution by now). The target for that link
then whould be "%PYTHONINSTALLDIR%\\scripts\\pwclip.exe".

I've been trying my best to keep the passwords from unwanted access BUT i do
!NOT GUARANTEE! that the passwords handled during runtime are safe from other
users access (especially "root" on linux systems - help on that is very
welcome) - please be aware of that!

Since version 1.2 openssl keys are supported. For the use with pwclip they will
be converted to gpg-keys automaticly and gpgsm is used instead of gpg - openssl
is not used for en/decryption to be precisely.


YAML-Format
===========

\-\-\-

realsystemuser:
    \- somename:
        \- Som3(rypt!cPass

        \- Some optional info to display as popup notification

    \- othername:
        \- Som3other(rypt!cPass


Installation
============

On Windows you need to install Python3 from http://python.org/ first. On most
Linux distributions python will be part of the system. With Python installed,
you can install the pwclip package from the Python-Package-Index (pyPI) by
running:

``pip3 install pwclip``

and installing the dependencies (not managed by pip) manually.

Installing from a source distribution archive
---------------------------------------------
To install this package from a source distribution archive, do the following:

1. Extract all the files in the distribution archive to some directory on your
   system.

2. In that directory, run: ``python setup.py install``


Usage
=====

Although is was planed as GUI-Program it's also possible to be executed from
terminals. For Windows, Linux and OSX there is an appropriate executable
packed which might be executed like the following examples will show:

GPG-Mode
--------

If there is an environment variable called GPGKEYS it will use those keys to
encrypt on changes to the password file. To list the password file you may use
the list switch followed by optional search pattern like:

``pwcli -l``

or

``pwcli -l $PATTERN``

as you can see the yaml format tends to be used for multiple user names to
better manage large lists. By default the current users entrys will be listed
only. To have them all listed (or searched for by the above pattern example)
use:

``pwcli -A -l $PATTERN``

Yubikey-Mode
------------
``ykclip``

The YKSERIAL environment variable is used if found to select the yubikey to use
if more than one key is connected. Otherwise the first one found is chosen.
Likewise it also accepts an option:

``pwcli -y $YKSERIAL``

To have it wait for a specific time like 60 seconds (bevore resetting the paste
buffer to the previously copied value) the PWCLIPTIME environment variable is
used or also the command accepts it as input:

``pwcli -t 60 -l somename``

Most of the options may be combined. For more information on possible options in
cli mode please see:

``pwcli --help``

GUI-Modes
---------

For the GUI-Mode just use one of the following commands, also accepting most of
the commandline arguments:

``pwclip``

``ykclip``


Troubleshooting
===============

When using the yubikey challenge-response mode there is a bug in the usb_hid
interface. This is because of python2 => 3 transition, most likely and can be
fixed by executing the following command:

``sudo vi +':107s/\(.* =\).*/\1 response[0]/' +':wq' /usr/local/lib/python3.5/dist-packages/yubico/yubikey_4_usb_hid.py``

Explained:

In line 107 of the file

``/usr/local/lib/python3.5/dist-packages/yubico/yubikey_4_usb_hid.py``

the ord() coversion of the response:

``r_len = ord(response[0])``

needs to be replaced by:

``r_len = response[0]``


Credits
=======

 * Python3 developers
 * stackoverflow.com for hosting endless threads of problems & trubleshooting
 * Pyperclip for that excellent Windows & OSX clipboard code
 * Yubico (cheap & solid HW-Security-Modules) & python-yubico developers
 * GNU Privacy Guard (basic kryptography) & python-gnupg developers
 * SonicLux for testing and telling me that a final version must not be 0.3.3 :D

I hope that this might be somewhat of help or at least be inspiring for own
ideas. You're alway welcome to leave me a message for requests, reviews or
feature requests as well as bug reports: <mail@leonpelzer.de>

Changelog
=========

1.3.6 (current)
---------------

Released: 2018-05-08

  * deletion of ~/.pwd.yaml is removed permanently

  * changed README again to fit current state

  * added trow_keyids option to the encrypt function trying to fix a bug with
    multiple recipients - if decrypting and having only one of the secret keys
    in the keyring while trying to decrypt it always fails


1.3.5
-----

Released: 2018-05-06

  * fixed bug when merging crypted dictionary resulting in a string where a
    dictionary should be

  * fix bug when adding/changing/deleting entrys will not show result on cli

  * minor update to error messages and small efficiency updates of output

  * fixed nonsense and formatting in README

  * fixed deb package dependencies

  * readded description to __pkginfo__.py (dunno how it lost em)

  * lots of changes to my build environment so files may have moved over
    the last releases


1.3.4
-----

Released: 2018-04-28

  * some more changes to build environment (not really of interest for pwclip)

  * fixed locations in pkginfo to match index/download url, fixed license
    in "intended audience" classifiers and changed some release information

  * some more changes for user dialogs in x mode like possible repitition of
    input as well as some more error messages

  * implemented most commandline options in gui mode as well

  * pwcli -o/--out now uses sys.stdout and pwclip -o/--out uses xvkbd

  * yubikey function was missing selection of correct slot if one is set and
    now it is able to operate on any slot of any yubikey even if more than one
    key is attached

  * some more changes merged from master whith different relationship to pwclip

  * download link now points to pwclip in my debian repo for current version

  * removed depricated dependencies from __pkginfo__ and deb/DEPENDS as i found
    out that they've never been used for packaging :-( i workaround building
    the package by hand for now

  * fixed bug when merging passwords from yaml into passcrypt also the deletion
    of the plain-text password file when finished merging is working again

  * made -p/--password & --comment independent from each other


1.3.3
-----

Released: 2018-04-26

  * made some more changes to docs and trying to add more of them by
    build environment

  * fixed bug implemented with 1.3.2 which causes crash in any case while
    trying to create README

  ** hotfix release **


