App-locket
view release on metacpan or search on metacpan
* openssl.vim <http://www.vim.org/scripts/script.php?script_id=2012>
* EasyPG <http://www.emacswiki.org/emacs/AutoEncryption>
SECURITY
Encryption/decryption
App::locket defers actual encryption/decryption to external tools. The
choice of the actual cipher/encryption method is left up to you
If you're using GnuPG, then you could use "gpg-agent" for passphrase
prompting and limited retention
In-memory encryption
App::locket does not perform any in-memory encryption; once the
cipherstore is loaded it is exposed in memory
In addition, if the process is swapped out while running then the
plaintextstore could be written to disk
Encrypting swap is one way of mitigating this problem
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
The configuration must have an "edit" value, e.g.:
/usr/bin/vim -n ~/.locket.gpg
/<query> Search the cipherstore for <query> and emit the
resulting secret
The configuration must have a "read" value to
tell it how to read the cipherstore. Only piped
commands are supported today, and they should
be something like:
</usr/local/bin/gpg -q --no-tty -d ~/.locket.gpg'
If the found key in the cipherstore is of the format
"<username>@<site>" then the username will be emitted
first before the secret (which is assumed to be a password/passphrase)
Type <help> in-process for additional usage
Example YAML cipherstore
%YAML 1.1
---
alice@gmail: p455w0rd
# Some frequently used credit card information
cc4123: |
4123412341234123
01/23
123
Example configuration file
%YAML 1.1
---
read: '</usr/local/bin/gpg --no-tty --decrypt --quiet ~/.locket.gpg'
edit: '/usr/bin/vim -n ~/.locket.gpg'
AUTHOR
Robert Krimen <robertkrimen@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2011 by Robert Krimen.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
lib/App/locket.pm view on Meta::CPAN
abort (via CTRL-C)
--cfg <file> Use <file> for configuration
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
The configuration must have an "edit" value, e.g.:
/usr/bin/vim -n ~/.locket.gpg
/<query> Search the cipherstore for <query> and emit the
resulting secret
The configuration must have a "read" value to
tell it how to read the cipherstore. Only piped
commands are supported today, and they should
be something like:
</usr/local/bin/gpg -q --no-tty -d ~/.locket.gpg'
If the found key in the cipherstore is of the format
"<username>@<site>" then the username will be emitted
first before the secret (which is assumed to be a password/passphrase)
Example YAML cipherstore:
%YAML 1.1
---
# A GMail identity
lib/App/locket.pm view on Meta::CPAN
'setup' => sub {
my ( $self, $method ) = @_;
my $cfg_file = $self->cfg_file;
my $plaincfg = $self->plaincfg;
if ( ! defined $plaincfg || $plaincfg =~ m/^\S*$/ ) {
$plaincfg = <<_END_;
%YAML 1.1
---
#read: '</usr/bin/gpg -d <file>'
#read: '</usr/bin/openssl des3 -d -in <file>'
#edit: '/usr/bin/vim -n <file>'
#copy: -
#paste: -
_END_
}
my $file = File::Temp->new( template => '.locket.cfg.XXXXXXX', dir => '.', unlink => 1 ); # TODO A better dir?
my $plaincfg_edit = Term::EditorEdit->edit( file => $file, document => $plaincfg );
if ( length $plaincfg_edit ) {
$self->write_cfg( $plaincfg_edit );
lib/App/locket.pm view on Meta::CPAN
* EasyPG L<http://www.emacswiki.org/emacs/AutoEncryption>
=head1 SECURITY
=head2 Encryption/decryption
App::locket defers actual encryption/decryption to external tools. The choice of the actual
cipher/encryption method is left up to you
If you're using GnuPG, then you could use C<gpg-agent> for passphrase prompting and limited retention
=head2 In-memory encryption
App::locket does not perform any in-memory encryption; once the cipherstore is loaded it is exposed in memory
In addition, if the process is swapped out while running then the plaintextstore could be written to disk
Encrypting swap is one way of mitigating this problem
=head2 Clipboard access
lib/App/locket.pm view on Meta::CPAN
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
The configuration must have an "edit" value, e.g.:
/usr/bin/vim -n ~/.locket.gpg
/<query> Search the cipherstore for <query> and emit the
resulting secret
The configuration must have a "read" value to
tell it how to read the cipherstore. Only piped
commands are supported today, and they should
be something like:
</usr/local/bin/gpg -q --no-tty -d ~/.locket.gpg'
If the found key in the cipherstore is of the format
"<username>@<site>" then the username will be emitted
first before the secret (which is assumed to be a password/passphrase)
Type <help> in-process for additional usage
=head1 Example YAML cipherstore
%YAML 1.1
lib/App/locket.pm view on Meta::CPAN
# Some frequently used credit card information
cc4123: |
4123412341234123
01/23
123
=head1 Example configuration file
%YAML 1.1
---
read: '</usr/local/bin/gpg --no-tty --decrypt --quiet ~/.locket.gpg'
edit: '/usr/bin/vim -n ~/.locket.gpg'
=head1 AUTHOR
Robert Krimen <robertkrimen@gmail.com>
=head1 COPYRIGHT AND LICENSE
This software is copyright (c) 2011 by Robert Krimen.
This is free software; you can redistribute it and/or modify it under
( run in 0.532 second using v1.01-cache-2.11-cpan-e1769b4cff6 )