Self-decrypting private text.

Go to file

Michael Breen bf99ae1ff3 v1.1 dial down paranoia on hibernate Since inactive pages are not copied to disk, hibernate (suspend to disk) should be a concern only while the program is running.		2 months ago
test	v1.1 dial down paranoia on hibernate	2 months ago
.gitignore	apocryphon v1	2 months ago
LICENSE	apocryphon v1	2 months ago
Makefile	apocryphon v1	2 months ago
README.md	v1.1 dial down paranoia on hibernate	2 months ago
apocryphon	v1.1 dial down paranoia on hibernate	2 months ago

README.md

Apocryphon: a self-decrypting private text store

Features

One self-contained file: the file containing the encrypted text is also the program to read or write to it.
Editing is append only, suited to log-style use cases -- a limitation, but also a safety feature.
Store contents never hit the disk in plaintext form.
Minimal dependencies: Apocryphon is a simple bash program which requires only openssl with AES-256 for encryption/decryption. As openssl is almost ubiquitous, there should be no install step.
Editor- and git-friendly: encrypted data is stored using base-64, and adding new text results in changes only at the end of the existing ciphertext.

Apocryphon was written and tested on Linux. It has not been tested with all versions of Openssl. Read the Security notice below.

Use

Make a copy of apocryphon with the filename of your choice, run it with the set-pass command to initialize the store with a password, write whenever you want to add more lines, and read to output the decrypted text.

Here's the program's own usage message:

    Usage:

        apocryphon read       # (or 'r') output contents
        apocryphon write      # (or 'w') add text to store
        apocryphon r w        # read and append
        apocryphon set-pass   # set or change passphrase

    This is an apocryphon: a readable/appendable encrypted text
    store. The following example shows one possible use, as a
    minimalist password manager (passphrase prompts omitted):

    Add one line to the stored text:

        apocryphon write      # and enter:
        example.com username=my.login   password=hello123
        <Ctrl-D>

    Read store contents:

        apocryphon read | grep example.com | tail -n1

    As writes are append-only, the 'tail' command here is to
    filter out any previous passwords for example.com.

    SECURITY: Be aware that this program cannot prevent the
    memory it uses from being swapped to disk. Also, it does
    not clear the passphrase from memory when it exits.

Security (Read This)

A store's passphrase should never be visible in the output of ps when this program is run. However, it will be part of process memory. That is accessible to any program running with root privileges or, in some cases, a program run by the same user. If malware is running on your computer with such privileges then nothing you do is safe, so this is not a vulnerability specific to this program. Other possible ways to access memory include a so-called cold boot attack and DMA via a Firewire or other hardware port. The process's memory is cleared by the OS only when it reallocates it to another process, so an attack of this kind could exfiltrate a password even after the program has terminated. For most people, however, a local hardware attack is unlikely, and any recent OS includes patches to prevent software exploiting known CPU vulnerabilities (Spectre/Meltdown).

If you run the program under a condition of memory pressure with swap enabled then its memory may be swapped to disk, where a passphrase may persist for an indefinite time. This will also happen if you hibernate (suspend to disk) while the program is running.

Computer security is an all-encompassing environmental concern. For a more immediate threat, what happens when you copy and paste a password? On a Linux desktop, the clipboard is probably the weakest link: any application can monitor it, including a clipboard manager that might, for your "convenience", persist all your selections to disk.