Lib.rs

Cryptography | Command line utilities
#password-manager #password #sqlite #argon2 #aes-gcm #command-line-tool

bin+lib pwdm

Rudimentary command-line tool and Rust library for managing passwords

Owned by OTheDev.

5 releases (3 breaking)

0.4.0 May 6, 2024
0.3.1 Apr 28, 2024
0.3.0 Apr 26, 2024
0.2.0 Apr 22, 2024
0.1.0 Apr 20, 2024

#1234 in Cryptography

26 downloads per month

Apache-2.0

47KB
1.5K SLoC

github

pwdm - Password Manager

Rudimentary command-line tool and Rust library for managing passwords.

Password Database

Passwords are encrypted and stored in a SQLite database where each password is uniquely identified by a service name and an optional username.

Security

Each password is encrypted using AES-256-GCM before it is stored in the database. pwdm uses the user-provided master password (with a randomly-generated salt) as an input to the Argon2 key derivation function (Argon2id) to derive the encryption key. There exists one master password associated with a database file. When the master password is first provided, Argon2 is also used (with another randomly-generated salt) to hash the password to a PHC string appropriate for password-based authentication. The hash is stored in the database to authenticate the master password in subsequent invocations.

The master password should be strong. Consequently, as a precaution, this password manager uses Dropbox's zxcvbn password strength estimator whenever the master password is set or updated, and enforces that zxcvbn's estimate (an integer in [0, 4]) for the given password is the maximum possible score of 4, which is documented to indicate "strong protection from offline slow-hash scenario(s)". Try zxcvbn interactively.

Command-line

$ pwdm --help
Command-line password manager.

Usage: pwdm [OPTIONS]

Options:
  -p, --path <PATH>  Path to the database file
  -h, --help         Print help
  -V, --version      Print version

By default, the pwdm CLI stores the password database file at ~/.pwdm/passwords.db. To specify a custom path, use the -p or --path option or set the PWDM_PATH environment variable.

On the command-line, after entering the master password, the following interactive commands can be used:

  • Add: Add a new password.
  • Get: Retrieve a password.
  • Delete: Remove a password entry.
  • Update: Update an existing password.
  • List: List all password IDs.
  • Update Master Password: Update the master password.
  • Exit: Exit the program.

In Add or Update, either input a password manually or choose to automatically generate a secure one.

Installation

cargo install pwdm

License

pwdm is licensed under Apache-2.0.

Dependencies

~35–48MB
~790K SLoC