YAPET - Yet Another Password Encryption Tool 0.8pre2

Rafael Ostertag

$Id: README.sgml.in 3477 2010-12-30 20:55:35Z rafisol $

Copyright © 2008, 2009, 2010 Rafael Ostertag <rafi@guengel.ch>

Table of Contents

Introduction
Supported Platforms
Features
Important Changes
Version 0.8
Version 0.7
Version 0.6
Installation
Usage
Design
A Word of Caution
License

Introduction

YAPET is a text based password manager using the Blowfish encryption algorithm to store password and associated information encrypted on disk. Its primary aim is to provide a safe way to store passwords in a file on disk while having a small footprint, and compiling and running under today's most popular Unix Systems.

YAPET does not impose a limit of password records per file and the number of files the passwords are stored in, although YAPET is only able to display password records of one file at a time.

For convenience, YAPET provides a search function for password records of the currently displayed password file.

The password records are protected by a master password. The master password is used to encrypt and decrypt the password records.

YAPET relies on OpenSSL for encrypting and decrypting password records. The cipher for encryption and decryption is Blowfish with a 448 bits key.

Supported Platforms

YAPET has been tested to build and run on following platforms:

  • FreeBSD®
  • OpenBSD
  • NetBSD
  • SunSolaris™ x86
  • Linux
  • Cygwin

If you want to use YAPET under Cygwin, you may want to read the README.Cygwin file.

Features

YAPET features:

Important Changes

Version 0.8

On terminals supporting colors, passwords are hidden when viewing password records in read-only mode. Switching to edit mode will display the password clear text. Selection of hidden passwords still possible.

The screen is now also locked when a password record is open for reading or editing.

Version 0.7

Password records are opened in read-only mode by default for viewing in order to prevent accidental changes. Pressing Ctrl+e in any text field will switch to read-write mode for editing password records.

The password prompt of the lock screen will now time-out. The time-out can be specified in the configuration file.

Version 0.6

Warning

The file structure of YAPET files has changed in version 0.6. You are strongly advised to make backup copies of your files before using YAPET 0.6.

A design flaw in YAPET may prevent the exchange of YAPET files between different processor architectures (64/32 bit) due to varying header sizes in YAPET files.

All YAPET versions prior YAPET 0.6 are affected by this issue.

Starting with YAPET 0.6, the header size of YAPET files remains stable across processor architectures, thus exchanging YAPET files is possible unimpeded.

YAPET 0.6 will read and write version 0.5 or earlier files. Reading, deleting, and/or adding records won't update the file structure to version 0.6. However, changing the master password (or setting the same password again, for this matter) using YAPET 0.6 will update the file version to 0.6.

YAPET prior version 0.6 can read and write version 0.6 files, but it might be observed that the date when the master password was last changed is displayed incorrectly. YAPET prior 0.5 will update the file structure to pre-version 0.6 upon master password change. See Table 1, “File Compatibility Matrix of YAPET 0.5 or earlier” for an overview of the compatibility issues in YAPET 0.5 or earlier.

Table 1. File Compatibility Matrix of YAPET 0.5 or earlier

YAPET running on File created
Version 0.5 or earlierVersion 0.6
Little EndianBig EndianLittle EndianBig Endian
32bit64bit32bit64bit32bit64bit32bit64bit
Little Endian 32bit[a]yesyesyesyesyesyesyesyes
Little Endian 64bit[a]noyesnoyesyesyesyesyes
Big Endian 32bit [b] yesyesyesyesyesyesyesyes
Big Endian 64bit[b]noyesnoyesyesyesyesyes

[a] AMD, Intel, etc.

[b] PowerPC, SPARC, etc


YAPET 0.6 reads and writes any YAPET file regardless of the YAPET version used to create and the architecture.

Refer to the DESIGN file for further information on this issue.

Installation

YAPET uses a configure script for configuring the build process. Refer to the INSTALL file in the source tarball yapet-0.8pre2.tar.gz.

Usage

YAPET is kept simple. You should not find it difficult to use. The user interface has some quirks, though.

See the manual page yapet(1) after installing YAPET for a minimal user guide.

Design

Refer to the DESIGN file which comes along with the source tarball in order to get an idea of the design of YAPET.

A Word of Caution

Although several precautions were taken to avoid having any passwords stored clear text in memory, there were occasions when core files contained the master password. This means that it is possible, though not likely, for a malicious user to get hold of one or more passwords while YAPET is running.

License

YAPET -- Yet Another Password Encryption Tool

Copyright (C) 2008 - 2010 Rafael Ostertag

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Additional permission under GNU GPL version 3 section 7.  If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, Rafael Ostertag grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work.