YAPET - Yet Another Password Encryption Tool 0.8pre2

Rafael Ostertag

   $Id: README.sgml.in 3477 2010-12-30 20:55:35Z rafisol $

   Copyright  2008, 2009, 2010 Rafael Ostertag <rafi@guengel.ch>
     __________________________________________________________________

   Table of Contents

   Introduction
   Supported Platforms
   Features
   Important Changes

        Version 0.8
        Version 0.7
        Version 0.6

   Installation
   Usage
   Design
   A Word of Caution
   License

Introduction

   YAPET is a text based password manager using the Blowfish encryption
   algorithm to store password and associated information encrypted on
   disk. Its primary aim is to provide a safe way to store passwords in a
   file on disk while having a small footprint, and compiling and running
   under today's most popular Unix Systems.

   YAPET does not impose a limit of password records per file and the
   number of files the passwords are stored in, although YAPET is only
   able to display password records of one file at a time.

   For convenience, YAPET provides a search function for password records
   of the currently displayed password file.

   The password records are protected by a master password. The master
   password is used to encrypt and decrypt the password records.

   YAPET relies on OpenSSL for encrypting and decrypting password records.
   The cipher for encryption and decryption is Blowfish with a 448 bits
   key.

Supported Platforms

   YAPET has been tested to build and run on following platforms:

     * FreeBSD
     * OpenBSD
     * NetBSD
     * Sun(TM) Solaris(TM) x86
     * Linux
     * Cygwin

   If you want to use YAPET under Cygwin, you may want to read the
   README.Cygwin file.

Features

   YAPET features:

     * Blowfish encryption (http://www.schneier.com/blowfish.html) with
       448 bits key using the OpenSSL library (http://www.openssl.org/).
     * passwords are not kept clear text in memory.
     * doesn't depend on graphical user interfaces and their "dependency
       hell" due to a text based user interface.
     * only dependent of two libraries: OpenSSL (http://www.openssl.org)
       and curses or ncurses (http://www.gnu.org/software/ncurses/).
     * locks the terminal on inactivity.
     * a utility to convert CSV files to the native YAPET format.
     * built-in password generator.

Important Changes

Version 0.8

   On terminals supporting colors, passwords are hidden when viewing
   password records in read-only mode. Switching to edit mode will display
   the password clear text. Selection of hidden passwords still possible.

   The screen is now also locked when a password record is open for
   reading or editing.

Version 0.7

   Password records are opened in read-only mode by default for viewing in
   order to prevent accidental changes. Pressing Ctrl+e in any text field
   will switch to read-write mode for editing password records.

   The password prompt of the lock screen will now time-out. The time-out
   can be specified in the configuration file.

Version 0.6

Warning

   The file structure of YAPET files has changed in version 0.6. You are
   strongly advised to make backup copies of your files before using YAPET
   0.6.

   A design flaw in YAPET may prevent the exchange of YAPET files between
   different processor architectures (64/32 bit) due to varying header
   sizes in YAPET files.

   All YAPET versions prior YAPET 0.6 are affected by this issue.

   Starting with YAPET 0.6, the header size of YAPET files remains stable
   across processor architectures, thus exchanging YAPET files is possible
   unimpeded.

   YAPET 0.6 will read and write version 0.5 or earlier files. Reading,
   deleting, and/or adding records won't update the file structure to
   version 0.6. However, changing the master password (or setting the same
   password again, for this matter) using YAPET 0.6 will update the file
   version to 0.6.

   YAPET prior version 0.6 can read and write version 0.6 files, but it
   might be observed that the date when the master password was last
   changed is displayed incorrectly. YAPET prior 0.5 will update the file
   structure to pre-version 0.6 upon master password change. See Table 1,
   "File Compatibility Matrix of YAPET 0.5 or earlier" for an overview of
   the compatibility issues in YAPET 0.5 or earlier.

   Table 1. File Compatibility Matrix of YAPET 0.5 or earlier
   YAPET running on File created
   Version 0.5 or earlier Version 0.6
   Little Endian Big Endian Little Endian Big Endian
   32bit 64bit 32bit 64bit 32bit 64bit 32bit 64bit
   Little Endian 32bit^[a] yes yes yes yes yes yes yes yes
   Little Endian 64bit^[a] no yes no yes yes yes yes yes
   Big Endian 32bit ^[b] yes yes yes yes yes yes yes yes
   Big Endian 64bit^[b] no yes no yes yes yes yes yes

   ^[a] AMD, Intel, etc.

   ^[b] PowerPC, SPARC, etc

   YAPET 0.6 reads and writes any YAPET file regardless of the YAPET
   version used to create and the architecture.

   Refer to the DESIGN file for further information on this issue.

Installation

   YAPET uses a configure script for configuring the build process. Refer
   to the INSTALL file in the source tarball yapet-0.8pre2.tar.gz.

Usage

   YAPET is kept simple. You should not find it difficult to use. The user
   interface has some quirks, though.

   See the manual page yapet(1) after installing YAPET for a minimal user
   guide.

Design

   Refer to the DESIGN file which comes along with the source tarball in
   order to get an idea of the design of YAPET.

A Word of Caution

   Although several precautions were taken to avoid having any passwords
   stored clear text in memory, there were occasions when core files
   contained the master password. This means that it is possible, though
   not likely, for a malicious user to get hold of one or more passwords
   while YAPET is running.

License

   YAPET -- Yet Another Password Encryption Tool

   Copyright (C) 2008 - 2010 Rafael Ostertag <rafi@guengel.ch>

   This program is free software: you can redistribute it and/or modify it
   under the terms of the GNU General Public License as published by the
   Free Software Foundation, either version 3 of the License, or (at your
   option) any later version.

   This program is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
   General Public License for more details.

   You should have received a copy of the GNU General Public License along
   with this program. If not, see http://www.gnu.org/licenses/.

   Additional permission under GNU GPL version 3 section 7.  If you modify
   this program, or any covered work, by linking or combining it with the
   OpenSSL project's OpenSSL library (or a modified version of that
   library), containing parts covered by the terms of the OpenSSL or
   SSLeay licenses, Rafael Ostertag grants you additional permission to
   convey the resulting work. Corresponding Source for a non-source form
   of such a combination shall include the source code for the parts of
   OpenSSL used as well as that of the covered work.
