Purse Versions Save

The third release of Purse features new usability features and improvements, specifically addressing:

• When creating passwords, having to read the password back after writing it (sometimes only to find it does not meet requirements). The password can now remain on the clipboard for the timeout duration before being saved. If the password is not compatible, just Control-C and generate a new one.
• Password generated with gpg often lacked special character diversity and did not meet website requirements. The character set is now a configurable tr setting to increase password quality.

Currently in beta testing.

Known Issues:

• Error handling from decryption operation does not always work
• No ability to switch between encrypted/plaintext index

Changelog:

• New option daily_backup: create daily backup archive on write. Off by default.
• New option pass_copy: keep password on clipboard before write. Helps ensure the password meets requirements before committing. Off by default.
• New option pass_chars: specify characters to use for password. Default is all alphanumeric and some common allowed special characters.
• Generate password with tr instead of gpg to improve compliance with password requirements.
• Reduce default password length 20->12 characters, remove maximum limit.
• Increase filename size 8->10 characters.
• Explicitly unset password variable after write.
• Minor code readability improvements.

Minor update to the second release. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.

Known Issues:

• Newer versions of macOS error with tr: Illegal byte sequence - see issue #4

Changelist:

• Purse now uses a GPG keygroup to encrypt secrets to multiple recipients for improved reliability. The program will prompt for key IDs to define the keygroup; a single key ID can still be used.
• Encrypted index is now optional and off by default, allowing a single touch to encrypt and decrypt secrets instead of two.
• GPG configuration file is now included in Purse backup archives.

The second release of purse.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.

Known issues:

• Read actions now require two Yubikey touches, if touch to decrypt is enabled - once for the index and twice for the encrypted password file.

Changelist:

• Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
• Individual password filenames are random, mapped to usernames in an encrypted index file.
• Index and password files are now "immutable" using chmod while purse.sh is not running.
• Read passwords are now copied to clipboard and cleared after a timeout, instead of printed to stdout.
• Use printf instead of echo for improved portability.
• New option: list passwords in the index.
• New option: create tar archive for backup.
• Removed option: delete password; the index is now a permanent ledger.
• Removed option: read all passwords; no use case for having a single command.
• Removed option: suppress generated password output; should be read from safe to verify save.

Original release which has been available for general use and review since June 2018 (forked from pwd.sh dating to 2015). There are no known bugs nor security vulnerabilities identified in this stable version of purse.sh. Compatible on Linux, OpenBSD, macOS.