Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
---|---|---|---|---|---|---|---|---|---|---|
Keepassxc | 15,302 | 4 days ago | 651 | other | C++ | |||||
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”. | ||||||||||
Glauth | 1,890 | 3 | 19 days ago | 20 | February 28, 2022 | 58 | mit | Go | ||
A lightweight LDAP server for development, home use, or CI | ||||||||||
Yubico Pam | 606 | a year ago | 1 | February 27, 2018 | 52 | bsd-2-clause | C | |||
Yubico Pluggable Authentication Module (PAM) | ||||||||||
3snake | 524 | a year ago | other | C | ||||||
Tool for extracting information from newly spawned processes | ||||||||||
Purse | 491 | 3 months ago | mit | Shell | ||||||
GPG asymmetric (YubiKey) password manager | ||||||||||
Yubikey Luks | 430 | a year ago | 18 | Shell | ||||||
Two factor authentication for harddisk encryption | ||||||||||
Yubikey | 136 | 27 | 2 | 9 years ago | 10 | March 27, 2014 | 1 | mit | Ruby | |
A Ruby library for verifying, decoding, decrypting and parsing Yubikey one-time passwords. | ||||||||||
Python Yubico Client | 72 | 47 | 3 | 3 years ago | 8 | May 21, 2020 | bsd-3-clause | Python | ||
Python library for validating Yubico Yubikey One Time Passwords (OTPs) based on the validation protocol version 2.0. | ||||||||||
Python Pyhsm | 62 | 1 | 2 years ago | 7 | November 03, 2016 | 5 | bsd-2-clause | Python | ||
Python code for YubiHSM | ||||||||||
Passacre | 57 | 6 years ago | 12 | December 23, 2016 | 5 | other | C | |||
better repeatable password generation |
Purse is a fork of drduh/pwd.sh.
Both programs are Bash shell scripts which use GPG to manage passwords and other secrets in encrypted text files. Purse uses asymmetric (public-key) authentication, while pwd.sh uses symmetric (password-based) authentication.
While both scripts use a trusted crypto implementation (GPG) and safely handle passwords (never saving plaintext to disk), Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt a password to clipboard.
By using Purse with YubiKey, the risk of master password theft or keylogging is eliminated - only physical possession of the Yubikey AND knowledge of the PIN can unlock the encrypted index and password files.
Minor update to the second release. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.
Known Issues:
tr: Illegal byte sequence
- see issue #4
Changelist:
The second release of purse.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.
Known Issues:
Changelist:
The original release which has been available for general use and review since June 2018 (forked from pwd.sh which dates to 2015). There are no known bugs nor security vulnerabilities identified in this stable version of purse.sh. Compatible on Linux, OpenBSD, macOS.
This script requires a GPG identity - see drduh/YubiKey-Guide to set one up. Multiple identities stored on several YubiKeys are recommended for reliability.
$ git clone https://github.com/drduh/Purse
(Version 2b and older) Set your GPG key ID with export PURSE_KEYID=0xFF3E7D88647EBCDB
or by editing purse.sh
.
cd purse.sh
and run the script interactively using ./purse.sh
or symlink to a directory in PATH
:
w
to write a passwordr
to read a passwordl
to list passwordsb
to create an archive for backuph
to print the help textOptions can also be passed on the command line.
Example usage:
Create a 30-character password for userName
:
$ ./purse.sh w userName 30
Read password for userName
:
$ ./purse.sh r userName
Passwords are stored with a timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a previous version of a password:
$ ./purse.sh l
$ ./purse.sh r [email protected]
Create an archive for backup:
$ ./purse.sh b
Restore an archive from backup:
$ tar xvf purse*tar
The backup contains only encrypted passwords and can be publicly shared for use on trusted computers. For additional privacy, the recipient key ID is not included in GPG metadata (throw-keyids
option). The password index file can also be encrypted by changing the encrypt_index
variable to true
in the script.
See drduh/config/gpg.conf for additional GPG configuration options.