jpass
A lightweight command line password manager. This was made because I wanted to take on a cryptography task.
precaution
jpass uses pickle for the persistent storage of entry objects. It is very easy for somebody with your encryption key to replace legitimate encrypted entry files with arbitrary serialized Python objects contain arbitrary Python code that will be executed at runtime. There is no risk here if somebody doesn't have your encryption key (as the the file will simply fail to decrypt).
To avoid this, ensure that you choose a strong encryption key for entries.
extra security
jpass is a young piece of software and is yet to have receieved a full security audit. jpass makes use of a library called pycrypto to perform cryptography tasks. pycrypto is reputable and secure, however, in spite of the fact that great care has been taken to ensure that the encryption of entry files is done securely, there is no margin for error as far as security is concerned.
It is for this reason that we advise you add another layer of security if you intend to use jpass. This extra layer of
security will involve the use of eCryptfs, a stacked cryptographic filesystem that allow you to have a secure, encrypted
directory (~/Private
) in your home directory. We will move the ~/.jpass
directory into the encrypted ~/Private
directory, adding an additional layer of encryption. This means that if jpass's encryption techniques are found to be
weak, your passwords and account details are still protected by an additional layer of security provided by eCryptfs.
Instructions on how to do this on a Debian based system are below:
- Install the package
ecryptfs-utils
as root. With sudo, use$ sudo apt-get install ecryptfs-utils
. With a root account, use# apt-get install ecryptfs-utils
. - Load the kernel module.
$ sudo modprobe ecryptfs
or# modprobe ecryptfs
. - Create the
~/Private
directory.$ ecryptfs-setup-private
- Log out and back in to your user account again.
- Verify that the directory
~/Private
exists.$ test -d ~/Private && echo "~/Private exists." || echo "~/Private doesn't exist -- something went wrong."
- Move your
~/.jpass
directory into~/Private
.$ mv ~/.jpass ~/Private
- Create a symbolic link so that jpass writes to the directory inside
~/Private
.$ ln -s ~/Private/.jpass ~/.jpass
- Done! jpass should now use
~/Private/.jpass
as its working directory.
Now, the contents of jpass's working directory will be encrypted by eCryptfs.
installation (using pip)
Using pip is the preferred method of installation.
- If you don't have pip installed, use your package manager to install the package
python-pip
. On Debian based systems, the command to use would be$ sudo apt-get install python-pip
. - Now that pip is installed, install jpass with
$ pip install jpass
.
installation (from source)
- Get the source.
$ git clone https://github.com/joechrisellis/jpass
- Enter the source directory.
$ cd jpass
- If you don't have sudo installed/configured, execute the setup.py file as the root user with
$ su && python setup.py install
. - If you have sudo installed, make sure that you are a sudoer and run
$ sudo python setup.py
. - Done! You should now be able to use the command
jpass
in your command line.