Skip to content
GPG asymmetric (YubiKey) password manager
Shell
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE.md Set umask, don't hide safe, update documentation and license Jan 31, 2019
README.md Clarify authentication vs encryption Jan 31, 2019
purse.sh Set umask, don't hide safe, update documentation and license Jan 31, 2019

README.md

Purse

screencast gif

Purse is a fork of drduh/pwd.sh.

Both programs are shell scripts which use GPG to manage passwords in an encrypted text file. Purse uses asymmetric (public-key) authentication, while pwd.sh uses symmetric (password-based) authentication.

While both scripts use a trusted crypto implementation (GPG) and safely handle passwords (never saving plaintext to disk), Purse eliminates the need to remember and use a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt the password safe to stdout.

By using Purse with YubiKey, the risk of master password phishing and keylogging is eliminated - only physical possession of the key AND knowledge of the PIN can unlock the password safe.

Installation

This script requires a GPG identity - see drduh/YubiKey-Guide to set one up.

To install Purse:

$ git clone https://github.com/drduh/Purse

Edit purse.sh to specify your GPG key ID.

Use

cd Purse and run the script interactively using ./purse.sh

  • Type w to write a password.
  • Type r to read a password.
  • Type d to delete a password.
  • Type h to print the help text.

Examples:

Create 30-character password for gmail:

$ ./purse.sh w gmail 30

Append q to create a password without displaying it.

Read password for user@github:

$ ./purse.sh r user@github

Delete password for reddit:

$ ./purse.sh d reddit

Copy password for github to clipboard (substitute pbcopy on macOS):

$ ./purse.sh r github | cut -f 1 -d ' ' | awk 'NR==4{print $1}' | xclip

This script and encrypted purse.enc file can be publicly shared between trusted computers. For additional privacy, the recipient key ID is not included in GPG metadata.

See drduh/config/gpg.conf for additional GPG options.

Similar software

You can’t perform that action at this time.