Skip to content
/ pwdm Public

Rudimentary command-line tool and Rust library for managing passwords

License

Notifications You must be signed in to change notification settings

OTheDev/pwdm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

github

pwdm - Password Manager

Rudimentary command-line tool and Rust library for managing passwords.

Password Database

Passwords are encrypted and stored in a SQLite database where each password is uniquely identified by a service name and an optional username.

Security

Each password is encrypted using AES-256-GCM before it is stored in the database. pwdm uses the user-provided master password (with a randomly-generated salt) as an input to the Argon2 key derivation function (Argon2id) to derive the encryption key. There exists one master password associated with a database file. When the master password is first provided, Argon2 is also used (with another randomly-generated salt) to hash the password to a PHC string appropriate for password-based authentication. The hash is stored in the database to authenticate the master password in subsequent invocations.

The master password should be strong. Consequently, as a precaution, this password manager uses Dropbox's zxcvbn password strength estimator whenever the master password is set or updated, and enforces that zxcvbn's estimate (an integer in [0, 4]) for the given password is the maximum possible score of 4, which is documented to indicate "strong protection from offline slow-hash scenario(s)". Try zxcvbn interactively.

Command-line

$ pwdm --help
Command-line password manager.

Usage: pwdm [OPTIONS]

Options:
  -p, --path <PATH>  Path to the database file
  -h, --help         Print help
  -V, --version      Print version

By default, the pwdm CLI stores the password database file at ~/.pwdm/passwords.db. To specify a custom path, use the -p or --path option or set the PWDM_PATH environment variable.

On the command-line, after entering the master password, the following interactive commands can be used:

  • Add: Add a new password.
  • Get: Retrieve a password.
  • Delete: Remove a password entry.
  • Update: Update an existing password.
  • List: List all password IDs.
  • Update Master Password: Update the master password.
  • Exit: Exit the program.

In Add or Update, either input a password manually or choose to automatically generate a secure one.

Installation

cargo install pwdm

License

pwdm is licensed under Apache-2.0.