YAPET - Yet Another Password Encryption Tool 1.0

Rafael Ostertag

$Id: README.sgml.in 6007 2014-02-23 14:52:26Z rafisol $

Copyright © 2008, 2009, 2010, 2011, 2013, 2014 Rafael Ostertag
<rafi@guengel.ch>

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Table of Contents

1. Introduction
2. Supported Platforms
3. Features
4. Important Changes

    4.1. Version 1.0
    4.2. Version 0.8
    4.3. Version 0.7
    4.4. Version 0.6

5. Installation
6. Usage
7. Design
8. A Word of Caution

1. Introduction

YAPET is a text based password manager using the Blowfish encryption algorithm
to store passwords and associated information encrypted on disk. Its primary
aim is to provide a safe way to store passwords in a file on disk while having
a small footprint, and compiling and running under today's most popular Unix
Systems.

The password records are protected by a master password which is used to
encrypt and decrypt the password records.

2. Supported Platforms

YAPET has been tested on following platforms:

  ● Oracle Solaris
  ● FreeBSD
  ● OpenBSD
  ● NetBSD
  ● Linux
  ● Cygwin

If you want to use YAPET under Cygwin, you may want to read the README.Cygwin
file.

3. Features

YAPET features:

  ● Blowfish encryption with 448 bits key.

  ● Passwords are not kept clear text in memory.

  ● Depends only on two libraries: OpenSSL (http://www.openssl.org/) and curses
    or ncurses (http://www.gnu.org/software/ncurses/).

  ● Locks the terminal on inactivity.

  ● Utilities to convert to and from CSV format.

  ● Built-in password generator.

4. Important Changes

4.1. Version 1.0

New user interface with experimental support for multi-byte characters.

In addition to csv2yapet, there is now also an utility yapet2csv which converts
PET files to CSV files.

4.2. Version 0.8

On terminals supporting colors, passwords are hidden when viewing password
records in read-only mode. Switching to edit mode will display the password
clear text. Selection of hidden passwords still possible.

The screen is now also locked when a password record is open for reading or
editing.

4.3. Version 0.7

Password records are opened in read-only mode by default for viewing in order
to prevent accidental changes. Pressing Ctrl+e in any text field will switch to
read-write mode for editing password records.

The password prompt of the lock screen will now time-out. The time-out can be
specified in the configuration file.

4.4. Version 0.6

Warning

The file structure of YAPET files has changed in version 0.6. You are strongly
advised to make backup copies of your files before using YAPET 0.6.

A design flaw in YAPET may prevent the exchange of YAPET files between
different processor architectures (64/32 bit) due to varying header sizes in
YAPET files.

All YAPET versions prior YAPET 0.6 are affected by this issue.

Starting with YAPET 0.6, the header size of YAPET files remains stable across
processor architectures, thus exchanging YAPET files is possible unimpeded.

YAPET 0.6 will read and write version 0.5 or earlier files. Reading, deleting,
and/or adding records won't update the file structure to version 0.6. However,
changing the master password (or setting the same password again, for this
matter) using YAPET 0.6 will update the file version to 0.6.

YAPET prior version 0.6 can read and write version 0.6 files, but it might be
observed that the date when the master password was last changed is displayed
incorrectly. YAPET prior 0.5 will update the file structure to pre-version 0.6
upon master password change. See Table 1, “File Compatibility Matrix of YAPET
0.5 or earlier” for an overview of the compatibility issues in YAPET 0.5 or
earlier.

Table 1. File Compatibility Matrix of YAPET 0.5 or earlier

┌───────────────────────┬───────────────────────────────────────────────────┐
│                       │                   File created                    │
│                       ├─────────────────────────┬─────────────────────────┤
│                       │ Version 0.5 or earlier  │       Version 0.6       │
│YAPET running on       ├─────────────┬───────────┼─────────────┬───────────┤
│                       │Little Endian│Big Endian │Little Endian│Big Endian │
│                       ├──────┬──────┼─────┬─────┼──────┬──────┼─────┬─────┤
│                       │32bit │64bit │32bit│64bit│32bit │64bit │32bit│64bit│
├───────────────────────┼──────┼──────┼─────┼─────┼──────┼──────┼─────┼─────┤
│Little Endian 32bit^[a]│ yes  │ yes  │ yes │ yes │ yes  │ yes  │ yes │ yes │
├───────────────────────┼──────┼──────┼─────┼─────┼──────┼──────┼─────┼─────┤
│Little Endian 64bit^[a]│  no  │ yes  │ no  │ yes │ yes  │ yes  │ yes │ yes │
├───────────────────────┼──────┼──────┼─────┼─────┼──────┼──────┼─────┼─────┤
│Big Endian 32bit ^[b]  │ yes  │ yes  │ yes │ yes │ yes  │ yes  │ yes │ yes │
├───────────────────────┼──────┼──────┼─────┼─────┼──────┼──────┼─────┼─────┤
│Big Endian 64bit^[b]   │  no  │ yes  │ no  │ yes │ yes  │ yes  │ yes │ yes │
├───────────────────────┴──────┴──────┴─────┴─────┴──────┴──────┴─────┴─────┤
│^[a] AMD, Intel, etc.                                                      │
│                                                                           │
│^[b] PowerPC, SPARC, etc                                                   │
└───────────────────────────────────────────────────────────────────────────┘


YAPET 0.6 reads and writes any YAPET file regardless of the YAPET version used
to create and the architecture.

Refer to the DESIGN file for further information on this issue.

5. Installation

YAPET uses a configure script for configuring the build process. For more
information, refer to the INSTALL file in the source tarball yapet-1.0.tar.gz.

6. Usage

YAPET is kept simple. You should not find it difficult to use.

See the manual page yapet(1) after installing YAPET for a minimal user guide.

7. Design

Refer to the DESIGN file which comes along with the source tarball in order to
get an idea of the design of YAPET.

8. A Word of Caution

Although several precautions were taken to avoid having any passwords stored
clear text in memory, there were occasions when core files contained the master
password. This means that it is possible, though not likely, for a malicious
user to get hold of one or more passwords while YAPET is running.

