App-locket
view release on metacpan or search on metacpan
TODO:
- Make cfg 0600, check to see if 0600?
0.0022 Wednesday July 13 23:25:01 PDT 2011:
- Squashed some bugs
- Better and more consistent interface
- Documentation fixup
0.0021 Saturday July 09 23:14:41 PDT 2011:
- Don't backspace away the prompt
- Reload properly after cfg/setup
- Reload properly after an edit
- Better display post-edit, post-cfg
0.0020 2011 July 5
- Better navigation (interface overhaul)
- Better querying /, //, .., .
- More: help, reset, show, copy, show #, copy #, etc.
- Added randomart fingerprint of configuration
- Added lock/unlock option for configuration (but recommend VM)
- Code cleanup, reorganization
- Added tests
0.0015:
- Made $PATH more restrictive (/bin:/usr/bin)
0.0014 Friday June 24 10:13:51 PDT 2011:
- Added read command to emit plainstore onto stdout
- Added --safety command to prompt before emitting sensitive data
0.0013 Thursday June 23 19:48:53 PDT 2011:
- Allow custom cfg location
- Added some security considerations
- Sanitize $PATH before reading
0.0001 Thursday June 23 2011:
- Initial release
* openssl.vim <http://www.vim.org/scripts/script.php?script_id=2012>
* EasyPG <http://www.emacswiki.org/emacs/AutoEncryption>
SECURITY
Encryption/decryption
App::locket defers actual encryption/decryption to external tools. The
choice of the actual cipher/encryption method is left up to you
If you're using GnuPG, then you could use "gpg-agent" for passphrase
prompting and limited retention
In-memory encryption
App::locket does not perform any in-memory encryption; once the
cipherstore is loaded it is exposed in memory
In addition, if the process is swapped out while running then the
plaintextstore could be written to disk
Encrypting swap is one way of mitigating this problem
<http://search.cpan.org/perldoc?App::cpanminus#INSTALLATION>
USAGE
locket [options] setup|edit|<query>
--delay <delay> Keep value in clipboard for <delay> seconds
If value is still in the clipboard at the end of
<delay> then it will be automatically wiped from
the clipboard
--unsafe Turn the safety off. This will disable prompting
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
The configuration must have an "edit" value, e.g.:
lib/App/locket.pm view on Meta::CPAN
Usage: locket [options] setup|edit|<query>
--copy Copy value to clipboard using pbcopy, xsel, or xclip
--delay <delay> Keep value in clipboard for <delay> seconds
If value is still in the clipboard at the end of
<delay> then it will be automatically wiped from
the clipboard
--unsafe Turn the safety off. This will disable prompting
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
--cfg <file> Use <file> for configuration
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
lib/App/locket.pm view on Meta::CPAN
chomp $emit;
$self->stderr( $emit, "\n" );
}
sub stdin {
return \*STDIN;
}
sub read_passphrase {
my $self = shift;
my $prompt = shift;
if ( defined $prompt ) {
$self->stderr( $prompt );
}
my $passphrase;
ReadMode 2;
try {
$passphrase = $self->stdin->getline;
chomp $passphrase;
}
finally {
ReadMode 0;
lib/App/locket.pm view on Meta::CPAN
* EasyPG L<http://www.emacswiki.org/emacs/AutoEncryption>
=head1 SECURITY
=head2 Encryption/decryption
App::locket defers actual encryption/decryption to external tools. The choice of the actual
cipher/encryption method is left up to you
If you're using GnuPG, then you could use C<gpg-agent> for passphrase prompting and limited retention
=head2 In-memory encryption
App::locket does not perform any in-memory encryption; once the cipherstore is loaded it is exposed in memory
In addition, if the process is swapped out while running then the plaintextstore could be written to disk
Encrypting swap is one way of mitigating this problem
=head2 Clipboard access
lib/App/locket.pm view on Meta::CPAN
=head1 USAGE
locket [options] setup|edit|<query>
--delay <delay> Keep value in clipboard for <delay> seconds
If value is still in the clipboard at the end of
<delay> then it will be automatically wiped from
the clipboard
--unsafe Turn the safety off. This will disable prompting
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
The configuration must have an "edit" value, e.g.:
( run in 0.568 second using v1.01-cache-2.11-cpan-0b5f733616e )