commit - 40229f6cf5a708a3690509062692e3b12f785a2f
commit + 128a0de1becc0cfb57f69ecc03e1a3da7a426b7c
blob - b4a3e561090fcda9b75d70f4cbbc7e3e1d467173
blob + 40bbe5a4706ff0a5a64028a62adcc086a164bcc8
--- README
+++ README
@@ -1 +1,26 @@
-openbsd password suite with no dependencies outside base
+## OpenBSD password suite with no dependencies outside base!
+
+## Utilities
+
+# enc
+encodes (encrypts) passwords from stdin with a password name and a passpharse
+and stores them in a managed. passwords directory for later retrival with dec.
+
+# dec
+decodes password files encrypted using enc under .passwords 
+
+# gen
+generates a random strong password meant for encryption and storage/retrival
+with enc/dec.
+
+# entropy
+calculates password entropy in bits given the length of the password and the
+number of possible characters (permutations) that'll be used in that password.
+Useful for measuring password strength especially before genering a new
+password with gen or badphrase.
+
+# badphrase
+generates a memorable passphrase using a word list. supports diceware too.
+
+# encfile
+takes a file and encrypts it with a passphrase
blob - /dev/null
blob + 88d4f3e40c3d8265de72e7781506f80b6932477e (mode 755)
--- /dev/null
+++ dec
@@ -0,0 +1,13 @@
+#!/bin/sh
+# decode passwords
+# make sure you've added at least one readable line to the password so you can
+# confirm that the passphrase is correct, as openssl doesn't give errors
+# about wrong passphrases and spits out garbled output instead
+set -e
+[ "$#" -ne 1 ] && { echo "usage: ${0##*/} passname" 1>&2; exit 1; }
+passfile="$HOME/.passwords/${1}.cha20"
+if [ -r "$passfile" ]; then
+	openssl enc -d -chacha20 -pbkdf2 -iter 10000 -in "$passfile"
+else
+	echo "${0##*/}: file $passfile doesn't exist!" 1>&2
+fi
blob - /dev/null
blob + e616aec75334627e851ee5c3d777d6a377f52e6c (mode 755)
--- /dev/null
+++ enc
@@ -0,0 +1,20 @@
+#!/bin/sh
+# encode a password from stdin with a passphrase
+# make sure you add at least one readable line to the password so you can
+# confirm that the passphrase is correct, as openssl doesn't give errors
+# about wrong passphrases and spits out garbled output instead
+set -e
+[ "$#" -ne 1 ] && { echo "usage: ${0##*/} passname" 1>&2; exit 1; }
+mkdir -pm 700 "$HOME/.passwords/"
+passfile="$HOME/.passwords/${1}.cha20"
+if [ -r "$passfile" ]; then
+	res=''
+	while [ "$res" != 'yes' ]; do
+		echo -n "file ${passfile} already exists, overwrite it? (yes,no)[no] "
+		read -r res
+		if [ "$res" == '' ] || [ "$res" == 'no' ]; then
+			exit
+		fi
+	done
+fi
+openssl enc -e -chacha20 -pbkdf2 -iter 10000 -out "$passfile"
blob - /dev/null
blob + 01587ccddb652367fd95a5baf3b37548d4a32517 (mode 755)
--- /dev/null
+++ encfile
@@ -0,0 +1,4 @@
+#!/bin/sh
+# encade file with a passphrase
+set -e
+openssl enc -e -chacha20 -pbkdf2 -iter 10000 -in "$1" -out "$1.cha20"