App-locket

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN

TODO:
    - Make cfg 0600, check to see if 0600?

0.0022 Wednesday July 13 23:25:01 PDT 2011:
    - Squashed some bugs
    - Better and more consistent interface
    - Documentation fixup

0.0021 Saturday July 09 23:14:41 PDT 2011:
    - Don't backspace away the prompt
    - Reload properly after cfg/setup
    - Reload properly after an edit
    - Better display post-edit, post-cfg

0.0020 2011 July 5
    - Better navigation (interface overhaul)
    - Better querying /, //, .., .
    - More: help, reset, show, copy, show #, copy #, etc.
    - Added randomart fingerprint of configuration
    - Added lock/unlock option for configuration (but recommend VM)
    - Code cleanup, reorganization
    - Added tests

0.0015:
    - Made $PATH more restrictive (/bin:/usr/bin)

0.0014 Friday June 24 10:13:51 PDT 2011:
    - Added read command to emit plainstore onto stdout
    - Added --safety command to prompt before emitting sensitive data

0.0013 Thursday June 23 19:48:53 PDT 2011:
    - Allow custom cfg location
    - Added some security considerations
    - Sanitize $PATH before reading

0.0001 Thursday June 23 2011:
    - Initial release

README  view on Meta::CPAN

    * openssl.vim <http://www.vim.org/scripts/script.php?script_id=2012>

    * EasyPG <http://www.emacswiki.org/emacs/AutoEncryption>

SECURITY
  Encryption/decryption
    App::locket defers actual encryption/decryption to external tools. The
    choice of the actual cipher/encryption method is left up to you

    If you're using GnuPG, then you could use "gpg-agent" for passphrase
    prompting and limited retention

  In-memory encryption
    App::locket does not perform any in-memory encryption; once the
    cipherstore is loaded it is exposed in memory

    In addition, if the process is swapped out while running then the
    plaintextstore could be written to disk

    Encrypting swap is one way of mitigating this problem

README  view on Meta::CPAN

    <http://search.cpan.org/perldoc?App::cpanminus#INSTALLATION>

USAGE
        locket [options] setup|edit|<query>

            --delay <delay>     Keep value in clipboard for <delay> seconds
                                If value is still in the clipboard at the end of
                                <delay> then it will be automatically wiped from
                                the clipboard

            --unsafe            Turn the safety off. This will disable prompting
                                before emitting any sensitive information in
                                plaintext. There will be no opportunity to
                                abort (via CTRL-C)

            setup               Setup a new or edit an existing user configuration
                                file (~/.locket/cfg)

            edit                Edit the cipherstore
                                The configuration must have an "edit" value, e.g.:

lib/App/locket.pm  view on Meta::CPAN


    Usage: locket [options] setup|edit|<query>

        --copy              Copy value to clipboard using pbcopy, xsel, or xclip

        --delay <delay>     Keep value in clipboard for <delay> seconds
                            If value is still in the clipboard at the end of
                            <delay> then it will be automatically wiped from
                            the clipboard

        --unsafe            Turn the safety off. This will disable prompting
                            before emitting any sensitive information in
                            plaintext. There will be no opportunity to
                            abort (via CTRL-C)

        --cfg <file>        Use <file> for configuration

        setup               Setup a new or edit an existing user configuration
                            file (~/.locket/cfg)

        edit                Edit the cipherstore

lib/App/locket.pm  view on Meta::CPAN

    chomp $emit;
    $self->stderr( $emit, "\n" );
}

sub stdin {
    return \*STDIN;
}

sub read_passphrase {
    my $self = shift;
    my $prompt = shift;
    if ( defined $prompt ) {
        $self->stderr( $prompt );
    }

    my $passphrase;
    ReadMode 2;
    try {
        $passphrase = $self->stdin->getline;
        chomp $passphrase;
    }
    finally {
        ReadMode 0;

lib/App/locket.pm  view on Meta::CPAN


* EasyPG L<http://www.emacswiki.org/emacs/AutoEncryption>

=head1 SECURITY

=head2 Encryption/decryption

App::locket defers actual encryption/decryption to external tools. The choice of the actual
cipher/encryption method is left up to you

If you're using GnuPG, then you could use C<gpg-agent> for passphrase prompting and limited retention

=head2 In-memory encryption

App::locket does not perform any in-memory encryption; once the cipherstore is loaded it is exposed in memory

In addition, if the process is swapped out while running then the plaintextstore could be written to disk

Encrypting swap is one way of mitigating this problem

=head2 Clipboard access

lib/App/locket.pm  view on Meta::CPAN


=head1 USAGE

    locket [options] setup|edit|<query>

        --delay <delay>     Keep value in clipboard for <delay> seconds
                            If value is still in the clipboard at the end of
                            <delay> then it will be automatically wiped from
                            the clipboard

        --unsafe            Turn the safety off. This will disable prompting
                            before emitting any sensitive information in
                            plaintext. There will be no opportunity to
                            abort (via CTRL-C)

        setup               Setup a new or edit an existing user configuration
                            file (~/.locket/cfg)

        edit                Edit the cipherstore
                            The configuration must have an "edit" value, e.g.:



( run in 1.273 second using v1.01-cache-2.11-cpan-6aa56a78535 )