#1 2020-09-06 11:31:20

duelf
Member
From: France, La Roche-Sur-Yon
Registered: 2020-08-30
Posts: 925

Barapass console Password Manager

Menu.
Barapass console Password Manager.

I decided to publish my simple console Password Manager

I called it barapass ().

I’ve been using It for quite some time in Linux and in Windows (in WSL)
Probably it will also work natively in Windows and MacOS with minimal fixes

but I haven’t tried it yet.
Why not use a ready-made password manager.
(thousands of them).
IMHO, it’s very hard to control how password managers store the passwords and often very unpleasant vulnerabilities appear in them.

I have everything in one small python file: a simple CLI

and functions for encryption/decryption.
It’s only 200 lines.
Currently.

Barapass stores passwords encrypted using AES

but you can easily change it to any other cryptographic algorithm or a combination of them and use various methods to generate the keys.
This customization can make it more secure in practical sense just because your passwords should be VERY interesting for the attacker to make this charades solving worth it.
????    How to run barapass?.
You will need to install python3 with some additional modules:    pip3 install clipboard stdiomask pycryptodome    And also some tool to work with clipboard:     For CentOS/RHEL:    sudo yum install xclip     For Ubuntu/Debian:    sudo apt-get install xclip    Then just run :    python3 barapass.py --interactive    How to use barapass?.

The scheme is following:    Create a text file with key-value data
Create an encrypted version of the file in barapass

Use barapass to search for keys in the encrypted file and copy values to the clipboard.
If you need to edit the file, decrypt it in barapass, make changes and create a new encrypted version of the file.

Something like this:         Encrypting and decrypting files

Barapass works with text files in this format:    $ cat testcred.txt ### My Email ### MyEmail|URL|https://yandex.ru MyEmail|account|[email protected] MyEmail|password|password1234  ### My Server ### MyServer|SSH_Command|ssh [email protected] MyServer|SSH_Password|password1234 MyServer|DB_User|testuser MyServer|DB_Password|testpass123    You can encrypt testcred.txt in testcred.brp:    $ python3 barapass.py --interactive Interactive mode (q for exit; fc for favorite commands) Command >> encrypt testcred.txt testcred.brp Container testcred.brp password >> ******** OK: Container testcred.brp was created successfully Command >> q    This encrypted file looks like this:     {"profile": "Simple AES", "nonce": "zGIX48DdarHVWXbgYpoBWg==", "tag": "I+JR1hX6F/WuVxcjF/K2zQ==", "ciphertext": "9EIOPOTPZ1HvCGrxS7Uc8BQno2O75aX8khEut/sU9EvKFPFwsfofLqL38BTwPicddXiEvFXZdgu6aPg9Rlg44Oo099YhW1V3bS9HyvFPaiheeFat/goj+RynH8sC+Pz4OWFqtbgSPzS4YHdMB3cw2Od/gVFRf2UHVTz8wFuL6LqgGgz6BuehGQN9/snmUgMeXHyV65ZWsUCpCvFo4uIxTn4Evd5aIAvR048Wc8YHUxOYYKg4sD5K8dLcVQLtOjcUrJ4k1BVSbHq8QLzBCk720TzlwbhuaaLz7wWSvKj7ml3w8fI6vEQeBoKOH/3TK5q+xHkqDIdi8uT7/BDIYo9818CPSEiyOmoxGw=="}    You can decrypt testcred.brp in clear text testcred2.txt like this:    $ python3 barapass.py --interactive Interactive mode (q for exit; fc for favorite commands) Command >> decrypt testcred.brp testcred2.txt Container testcred.brp password >> ******** OK: Container testcred.brp was decrypted successfully OK: Raw file testcred2.txt was created Command >> q  $ cat testcred2.txt ### My Email ### MyEmail|URL|https://yandex.ru MyEmail|account|[email protected] MyEmail|password|password1234  ### My Server ### MyServer|SSH_Command|ssh [email protected] MyServer|SSH_Password|password1234 MyServer|DB_User|testuser MyServer|DB_Password|testpass123a    Searching in encrypted file.
To search in an encrypted file you should use encrypted file, enter the password and perform search request:    $ python3 barapass.py --interactive Interactive mode (q for exit; fc for favorite commands) Command >> use testcred.brp Container testcred.brp password >> ******** OK: Container testcred.brp was decrypted successfully OK: Container testcred.brp was loaded successfully Command >> search Email Found: MyEmail:URL Found: MyEmail:account Found: MyEmail:password Copied to clipboard: MyEmail:URL (next value: Y/n) Copied to clipboard: MyEmail:account (next value: Y/n) Copied to clipboard: MyEmail:password (next value: Y/n) Command >> q    All found results will be copied to the clipboard one by one, so that you can paste them where it is necessary.
Is it safe to copy passwords to clipboard?.
Someone may say: what if the host is compromised and an attacker monitors the clipboard or searches for decrypted data in memory.
Well, it’s possible.
But the same attacker can also use keylogger or take screenshots.
It’s hard to talk about secure authentication when the host is compromised.
Anyway, it’s possible to store and retrieve passwords in more complex way, if  necessary.
????        If someone will use this or want to participate – welcome.
In fact, I want to make CLI more user friendly with autocomplete and command history (with up and down arrow keys).

I also think about some portable GUI for Linux

Windows and Android.
So your help will be highly appreciated.
????   Hi.

My name is Alexander and I am an Information Security Automation specialist

You can read more about me.
Currently, .

The best way to follow me is my Telegram channel

I update it much more often than this site.

If you haven’t used Telegram yet

give it a try.
It’s great.
You can also discuss my posts or ask a question at.
This entry was posted in ,  and tagged , , , , , , , ,  on  by.
Zbrunk universal data analysis system     Dante SOCKS5 server with authentication                   1 thought on “Barapass console Password Manager ”.
Pingback:.
Leave a Reply Cancel reply.
Required fields are marked Name   Email           This site uses Akismet to reduce spam.
Search for:                 Follow me in social networks:   My Telegram Channel:  My Youtube Channel:  My Podcast RSS feed:.
on.
on.
on.
on.
on.
This is my personal blog.
The opinions expressed here are my own and not of my employer.
All product names, logos, and brands are property of their respective owners.
All company, product and service names used here for identification purposes only.
Use of these names, logos, and brands does not imply endorsement.
You can freely use materials of this site, but it would be nice if you place a link on  and send message about it at  or contact me.

Offline

W88yes

Board footer

Powered by FluxBB