Background

One of the main reasons I carry a Palm Pilot is so that I have my (long) lists of passwords with me at all times. As a network administrator, I have dozens of 'em. I love my new iPAQ, but couldn't leave the Palm at home 'til I had a secure method of storing those passwords.

Since many apps in the Familiar gnu/linux distribution use python and GTK bindings, and since I'd been meaning to try to build something with the Glade IDE, and since I needed a project to really make python start sinking in, this app was born.

Security and Encryption

pypwd uses the RC4 encryption algorithm. I am no cryptography expert, and I make no guarantees, but with reasonable care, passwords saved with this program should be relatively safe. I wouldn't keep national security secrets using this method, but then I wouldn't be carrying them around on an unsecured handheld computer, either.

Maintain common sense, physical security, and use a good passphrase; your passwords should be safe from all but the most determined cracker.

Usage

Any time the program is launched, it first requests a passphrase. It uses this password to encrypt the data files that are created. If the cancel button is pressed in this window, the program exits rather than try to encrypt the file with an empty passphrase. If an incorrect passphrase has been entered, the data file will not be decrypted, and the display will be blank. A message will pop up warning that the data was not loaded. If the program is not immediately quit, any data that is saved during that session will overwrite any existing data. Furthermore, the data will be encrypted with the 'incorrect' password entered.

By default, the program will keep the data in a file named .pypwd in the user's home directory. If the user's home cannot be ascertained, the file is saved in the current directory. If called with the name of an alternate file as an argument, the program will use that data instead.

The add, edit, and remove buttons can be used to manipulate entries. The buttons are inactive unless an entry is highlighted. Note that there is no warning once the remove button is pressed; the item simply disappears. Use with caution.

The save button is used to save all entries to the data file. Note that there is no prompt on exit if data has not been saved. The user is expected to know when data needs saving. The only time data is automatically saved, is when the password button is used to change the passphrase. Since the passphrase is required to load and save the data, the disk file is updated with the new passphrase immediately.

By clicking on each of the category buttons on the top of the main window, the data may be sorted on that column. This provides a convenient method for selecting similar information, and for quickly locating records. The columns may be resized as needed, and the scrollbars provide access to long records that do no fit entirely into the viewing area.

rc4 - command line utility

In addition to the pypwd program, a command line utility is included in the package, rc4. Using this program, data files may be inspected by dumping their contents to a terminal window, or redirected to a file for export to another database. It is used by including the passphrase on the command line and redirecting its input from the data file:
rc4 mypassphrase < datafile

The program acts as a filter, and since the RC4 algorithm is symmetrical, will not only decrypt encrypted input, but can also be used to encrypt data on its input. Since the data file is a simple text file, this facility may be used for batch encryption, or for other facilities.

Note that on some systems, this invocation may be displayed in the output of a ps listing, thus exposing the passphrase. On those systems, the program should be called from a wrapper script to hide the command line. Note that in this case, the wrapper script must be carefully guarded since it will contain the unencrypted password.

Get It

You can grab it from here:

pypwd

rc4

pypwd_1.0_arm.ipk

pypwd_1.0_arm.ipk.asc

Or from the unstable feed on handhelds.org. Or... the easiest method (assuming that you've configured ipkg to point to the unstable feed) is to simply give the command:
ikpg install pypwd
The ipk includes a menu entry, so it should be available for use as soon as it's installed. For those using gtk-menu, add this line to /etc/gtk-menu:
pypwd=/usr/bin/pypwd

pypwd running under the MatchBox window manager on an iPAQ

Entry edit window running under the MatchBox window manager on an iPAQ

pypwd running under FVWM on a desktop gnu/linux system

edit window running under FVWM on a desktop gnu/linux system