opass

OpenBSD password suite
git clone https://git.pastanoggin.com/opass.git
Log | Files | Refs | README | LICENSE
commit 128a0de1becc0cfb57f69ecc03e1a3da7a426b7c
parent 40229f6cf5a708a3690509062692e3b12f785a2f
Author: noodle <noodle@pastanoggin.com>
Date:   Thu,  5 Jun 2025 18:14:02 +0300

Add more utilities and flesh out the description in README

Diffstat:

MREADME | 27++++++++++++++++++++++++++-


Adec | 13+++++++++++++


Aenc | 20++++++++++++++++++++


Aencfile | 4++++


4 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/README b/README
@@ -1 +1,26 @@
-openbsd password suite with no dependencies outside base
+## OpenBSD password suite with no dependencies outside base!
+
+## Utilities
+
+# enc
+encodes (encrypts) passwords from stdin with a password name and a passpharse
+and stores them in a managed. passwords directory for later retrival with dec.
+
+# dec
+decodes password files encrypted using enc under .passwords 
+
+# gen
+generates a random strong password meant for encryption and storage/retrival
+with enc/dec.
+
+# entropy
+calculates password entropy in bits given the length of the password and the
+number of possible characters (permutations) that'll be used in that password.
+Useful for measuring password strength especially before genering a new
+password with gen or badphrase.
+
+# badphrase
+generates a memorable passphrase using a word list. supports diceware too.
+
+# encfile
+takes a file and encrypts it with a passphrase
diff --git a/dec b/dec
@@ -0,0 +1,13 @@
+#!/bin/sh
+# decode passwords
+# make sure you've added at least one readable line to the password so you can
+# confirm that the passphrase is correct, as openssl doesn't give errors
+# about wrong passphrases and spits out garbled output instead
+set -e
+[ "$#" -ne 1 ] && { echo "usage: ${0##*/} passname" 1>&2; exit 1; }
+passfile="$HOME/.passwords/${1}.cha20"
+if [ -r "$passfile" ]; then
+	openssl enc -d -chacha20 -pbkdf2 -iter 10000 -in "$passfile"
+else
+	echo "${0##*/}: file $passfile doesn't exist!" 1>&2
+fi
diff --git a/enc b/enc
@@ -0,0 +1,20 @@
+#!/bin/sh
+# encode a password from stdin with a passphrase
+# make sure you add at least one readable line to the password so you can
+# confirm that the passphrase is correct, as openssl doesn't give errors
+# about wrong passphrases and spits out garbled output instead
+set -e
+[ "$#" -ne 1 ] && { echo "usage: ${0##*/} passname" 1>&2; exit 1; }
+mkdir -pm 700 "$HOME/.passwords/"
+passfile="$HOME/.passwords/${1}.cha20"
+if [ -r "$passfile" ]; then
+	res=''
+	while [ "$res" != 'yes' ]; do
+		echo -n "file ${passfile} already exists, overwrite it? (yes,no)[no] "
+		read -r res
+		if [ "$res" == '' ] || [ "$res" == 'no' ]; then
+			exit
+		fi
+	done
+fi
+openssl enc -e -chacha20 -pbkdf2 -iter 10000 -out "$passfile"
diff --git a/encfile b/encfile
@@ -0,0 +1,4 @@
+#!/bin/sh
+# encade file with a passphrase
+set -e
+openssl enc -e -chacha20 -pbkdf2 -iter 10000 -in "$1" -out "$1.cha20"