PassWord Keep (pwkeep)
======================
[![Gem Version](https://badge.fury.io/rb/pwkeep.png)](http://badge.fury.io/rb/pwkeep)

Simple password storage system. 

Quick start guide
=================

Run pwkeep -i to initialize a new storage into ~/.pwkeep. This will create an RSA key pair.

If you want to tune the algorithm(s), key sizes and such, you can create ~/.pwkeep/config.yml (see below for syntax).

If you want to place it somewhere else, set PWKEEP\_HOME environment variable, or use -H (--home) parameter when running pwkeep. 

To add credentials, use

    pwkeep -c -n <name of cred>

To modify them

    pwkeep -e -n <name>

And to show

    pwkeep -v -n <name>

See --help for more options.

When upgrading from <0.4, please run --migrate once to rename your files.  

Features
========

Password keep is intended to be simple and easy to use. It uses RSA + AES256 encryption for your credentials. The
data is not restricted to usernames and passwords, you can store whatever you want.

Editing is done with vipe, which you need to install.  

Configuration
=============

The configuration file is a simple YAML formatted file with following syntax (*NOT YET SUPPORTED*)

```yaml
---
  # less than 1k makes no sense. your files will be at least this / 8 bytes. 
  keysize: 2048 
  iterations: 2000
  # do not edit the following unless you know what you are doing. 
  cipher: AES-256-CTR
```

File formats
============

The private.pem file contains your private key. It is fully manipulatable with openssl binary without any specialities.

system-\* files contain actual credentials. The file name consists from system- prefix and hashed system name. The system
name is encrypted with your public key, then hashed iterations time with chosen hash, SHA512 by default.

The actual file format is:
 
  * header (encrypted with your public key)
    * nil terminated algorithm name
    * 16 byte iv (algorithm dependant)
    * 32 byte key (algorithm dependant)
  * data: encrypted credential with above key+id

You cannot decrypt this with openssl directly, but you can easily write a program to do this. The header is padded with OAEP 
padding.