pwclip
""""""

What is pwclip?
===============

pwclip is a password management tool. It's main target is having fast and
comfortable access to passwords by storing them for a variable time in the
systems clipboard (copy/paste) buffer.

It basically has two operating modes. One is for operating on yubikeys to
generate uniq responses which might be used as passwords while they can be
generated by that exact yubikey only. The first yubikey found on the system
and the first slot, configured with (HMAC-SHA1) challenge-response, will be
used. For that function Windows is supported (see "Install" section).

The second operating mode does currently only works (as so far tested) on
Linux due to lack of cmdline handling of gpg4win. It can be used to create
a ~/.pwdcrypt file which is gpg encrypted text using either the value of
GPGKEYS as gpg recipients if found in environment otherwise every key within
the users keyring will be used. For password-list managing there is a simple
"import" function. On startup it lookes for a ~/.pwd.yaml file and if found
merged with the already known passwords from the ~/.passcrypt if there is one.
All entrys in ~/.passcrypt will be overridden by the entrys from the
~/.pwd.yaml file. As soon as it has been merged the ~/.pwd.yaml file will be
deleted. See "YAML-Format" section for details.

To catch user input python's Tk (tkinter) library is used to create a simple
password input window. The appropriate response is saved for only 3 seconds
by default to not have it exposed as soon as it's used. The utility also
supports the input of any integer which is then used as timer. Otherwise the
environment is searched for PWCLIPTIME and uses the value of that environment
variable as timer. The timer is used as time in which the received password
stays in the paste buffer bevore its replaced by the previously copied value.
As you may see there is an optional commet which is used as text notification
displayed on the screen if set. Therefor python3's gi notify2 is used which is
another reason for discontinuing python2 support.

Last but not least i need to appoint the following: I've been trying my best
to keep the passwords secure from unwanted access BUT there is !NO GUARANTEE!
that the passwords handled with during runtime are safe from other users
access, especially root access on linux systems (help on that is very welcome).
Please be aware of that.


YAML-Format:
============

\-\-\-

realsystemuser:
    \- somename:
        \- Som3(rypt!cPass

        \- Some optional info to display as popup notification

    \- othername:
        \- Som3other(rypt!cPass


Installation
============

pwclip requires the "xsel" package on Debian-Like Systems to have access to
copy/paste buffers. On Windows Systems the libusb package must be integrated
to python3 as "USB-Backend". Here should be all infos needed for that:

* https://wiki.ubuntuusers.de/xsel/
* https://sourceforge.net/projects/libusb/
* http://libusb.info/

If you are on a Debian-Like systems, presuming you have my apt repository
deb.janeiskla.de/ubuntu in your sources list, install like:

$ apt-get install pwclip

Installing via pip3
--------------------

You can install this package from the Python Package Index (pyPI) by running:

* ``pip3 install pwclip``

and installing the dependencies (not managed by pip) manually.

Installing from a source distribution archive
---------------------------------------------
To install this package from a source distribution archive, do the following:

1. Extract all the files in the distribution archive to some directory on your
   system.
2. In that directory, run: ``python setup.py install``


Usage
=====

Although is was planed as GUI-Program it's also possible to be executed from
terminals. For Windows, Linux and OSX there is an appropriate executable
packed which might be executed like the following examples will show:

GPG-Mode
--------
``pwclip``

If there is an environment variable called GPGKEYS it will use those keys to
encrypt on changes to the password file. To list the password file you may use
the list switch followed by optional search pattern like:

``pwclip -l``

or

``pwclip -l $PATTERN``

as you can see the yaml format tends to be used for multiple user names to
better manage large lists. By default the current users entrys will be listed
only. To have them all listed (or searched for by the above pattern example)
use:

``pwclip -A -l $PATTERN``

To show even passwords in clear text (strongly unrecommanded for obvious
reasons) you may use:

``pwclip -l -s``

Most of the above may be combined.

Yubikey-Mode
------------
``pwclip -y``

The YKSERIAL environment variable is used if found to select the yubikey to use
if more than one key is connected. Otherwise the first one found is chosen.
Likewise it also accepts an option:

``pwclip -y $YKSERIAL``

Both-Modes
----------

To have it wait for a specific time like 5 seconds (bevore resetting the paste
buffer to the previously copied value) the PWCLIPTIME environment variable is
used or also the command accepts that as input:

``pwclip 5``


Credits
=======

* Python3 developers & the whole community (farmost those @stackoverflow.com)
* Yubico (cheap & solid HW-Security-Modules) & python-yubico developers
* GNU Privacy Guard (basic kryptography) & python-gnupg developers
* SonicLux for telling me that a final version cannot and must not be 0.3.3 :D

I hope that this might be somewhat of help or at least be inspiring for own
ideas. You're alway welcome to leave me a message for requests, review or
feature/bugrequests: <d0n@janeiskla.de>



Change log
==========

0.4.3 (current)
---------------

Released: 2016-10-28

* bunch of documentation corrections to fit the below implementations.

0.4.2
-----

Released: 2016-10-27

* fixed many issues caused by changes/implementations of v0.4.1

* fixed many search and listing issues caused by laziness (who ever did this)

* added another cmdline switch to not have passwords replaced by asterisks (*)
  which is now default for output on terminals

* fixed greedly matching entrys (if lenght of entered search pattern is < 2)

* added restriction of at least 2 caracters for each user, password and
  comment for not breaking the above greedly matching search fix

0.4.1
-----

Released: 2016-10-27

* python2 support is now discontinued (dependency differences are nasty)

* implemented command line argument parsing including help

* stylistic updates regarding cmdline output and passcrypt management

* fixed another bunch of bugs around the GUI for user input

* fixed empty gpg-passphrase usage (keys without passphrases are used anyways)

* fixed user input which was repeatedly asking for input on escape/cancle

* fixed error if no ~/.passcrypt file was found

* fixed some issues with adding/changing/deleting passwords from passcrypt

* fixed bugs caused by merging build environment development branch

0.4.0
-----

Released: 2016-10-26

* implemented PIN/Passphrase input gui for GPG decryption

* fixed many I/O encryption/decryption on-the-fly issues

* merged monolithic code into smaller files for better modularity/compliance

* some stylistic updates/fixes

0.3.3
-----

Released: 2016-10-22

* final release of pwclip with new function and documentation


0.2.6 - 0.3.2
-------------

Released: 2016-10-22

* minor documentation fixes (playing around with rst formatting)

0.2.5
-----

Released: 2016-10-22

* seperated the code into submodules within lib/ to be more compliant to my
  usual environment

* added complete new en/decryption mode via python3-gnupg - now it's capable
  of selecting gpg-keys by GPGKEYS environment variable to en/decrypt
  ~/.passcrypt

* documentation updated and cleanup on typo/irrelevant text

* FIXED: issue where the gpg-agent isn't able decrypt without passphrase/pin
  and clould not ask for it



Documentation
=============
http://packages.python.org/pwclip/
