This program is my plan B if I lose interest in maintaining rustpwman. This could happen if I either lose interest in Rust
programming or if at some point in time it becomes too tedious to migrate to newer versions of the over 200 dependencies
that rustpwman has accumulated. Files created with pwman can be used with rustpwman and vice versa.
The main component can be found in the clitool subdirectory. It implements a command line interface that allows to
access a password manager file as described in the rustpwman documentation. The following commands are provided.
The following commands are available:
clp: Adds/modifies an entry by setting its contents through the clipboard
dec: Decrypts a file
del: Deletes an entry from a file
enc: Encrypts a file
get: Get an entry from a file
init: Creates an empty password safe
list: Lists keys of entries in a file
put: Adds/modifies an entry by setting its contents through a file
pwd: Checks the password and transfers it to pwserv
ren: Renames an entry in a file
rst: Deletes the password from pwserv
You can get additional help for any given command by calling clitool <command> -h . There is a second optional component which resides in the
pwserv subdirectory. It implements a socket based server which allows to cache passwords. You can instruct clitool to cache a verified
password via pwserv by using the pwd command and you can make pwserv forget a password by issuing the rst command.
The enc and dec commands are not password manager specific. They can be used to encrypt or decrypt any file which has the format described
in the rustpwman documentation.
While you can use clitool without pwserv it is way more comfortable to use it in conjuction with pwserv in most cases. To do that you
obviously have to start pwserv before clitool can access it. In the default configuration pwserv creates a UNIX domain socket
named "/tmp/${username}.pwman" on UNIX and "%HOMEPATH%\pwman.sock" on Windows which can only by accessed by the user who started
pwserv. pwserv can also alternatively use the loopback device (or any other TCP socket) but without the additional access restrictions
afforded by a UNIX domain socket. In order to switch to the loopback device change the calls to Serve() in pwserv.go and NewContext()
in pwman.go accordingly.
Interestingly enough Windows implements UNIX domain sockets since around 2017/2018. The corresponding routines can be found in
windomainsock.go. UNIX domain sockets not only allow additional access control but on Windows they are also noticebly faster than
TCP over the loopback device.
I have added pwserv to my startup programs in Ubuntu to eliminate the hassle to remeber to start it before using clitool. Another way
to simplify calls to clitool is to set the environment variable PWMANFILE to the file system location of the password safe file. If this
variable is set and -i is not specified then clitool uses the value from the environment. If -i is present this value takes precedence.
If you want to be able to replace the contents of an entry by the contents of the clipboard through the clp command you can set the environment
variable PWMANCLIP to the value you would give to the -c option. If the -c option is present it takes precedence over the value of the
environment variable.
If you set the environment variable PWMANCIPHER to the value AES192 then pwman will use AES-192 GCM any other value makes pwman using
ChaCha20Poly1305` instead of AES-256-GCM for en- and decryption of the password data.
There are build scripts buildall.sh (for Linux and MacOS) and buildall.bat (for Windwos) which allow building the two binaries mentioned
above.