$Id: README.sgml.in 2465 2009-07-12 10:55:25Z rafi $
Copyright © 2008, 2009 Rafael Ostertag <rafi@guengel.ch>
Table of Contents
YAPET is a curses based password encryption tool using the Blowfish encryption algorithm to store password records encrypted on disk. Its primary aim is to provide a safe way to store passwords in a file on disk while having a small footprint, and compiling and running under today's most popular Unixes, such as Sun™ Solaris™, FreeBSD®, and Linux.
If you are looking for a fully fledged password encryption tool having a graphical user interface, I recommend you start with revelation (http://oss.codepoet.no/revelation/). YAPET is text based and less feature rich in comparison to revelation.
Using several different Unixes, I wanted to have a single application running on all Unixes for storing my passwords in a secure manner and running easily over a secure shell connection.
YAPET builds and runs on following platforms:
If you want to use YAPET under Cygwin, you may want to read the
README.Cygwin file.
YAPET features:
Blowfish encryption (http://www.schneier.com/blowfish.html) with 448 bits key using the OpenSSL library (http://www.openssl.org/).
passwords are not kept clear text in memory.
doesn't depend on a graphical user interface and their "dependency hell" due to a text based user interface.
is only dependent of two libraries: openssl (http://www.openssl.org) and curses or ncurses (http://www.gnu.org/software/ncurses/).
locks the terminal on inactivity.
a utility to convert CSV files to the native YAPET format.
YAPET uses a configure script for
configuring the build process. Refer to the
INSTALL file in the source tarball
yapet-0.4.tar.gz.
YAPET is kept simple. You should not find it difficult to use. The user interface has some quirks, though.
See the manual page yapet(1) after installing YAPET for a minimal usage guide.
Refer to the DESIGN file which comes
along with the source tarball in order to get an idea of the
design of YAPET.
Although several precautions were taken to avoid having any passwords stored clear text in memory, there were occassions when core files contained the master password. This means that it is possible, though not likely, for a malicious user to get hold of one or more passwords while YAPET is running.
YAPET -- Yet Another Password Encryption Tool
Copyright (C) 2008, 2009 Rafael Ostertag <rafi@guengel.ch>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
Additional permission under GNU GPL version 3 section 7. If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, Rafael Ostertag grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work.