YAPET - Yet Another Password Encryption Tool 0.4

Rafael Ostertag

   $Id: README.sgml.in 2465 2009-07-12 10:55:25Z rafi $

   Copyright  2008, 2009 Rafael Ostertag <rafi@guengel.ch>
     __________________________________________________________________

   Table of Contents

   Introduction
   Motivation
   Supported Platforms
   Features
   Installation
   Usage
   Design
   A Word of Caution
   License

Introduction

   YAPET is a curses based password encryption tool using the Blowfish
   encryption algorithm to store password records encrypted on disk. Its
   primary aim is to provide a safe way to store passwords in a file on
   disk while having a small footprint, and compiling and running under
   today's most popular Unixes, such as Sun(TM) Solaris(TM), FreeBSD, and
   Linux.

   If you are looking for a fully fledged password encryption tool having
   a graphical user interface, I recommend you start with revelation
   (http://oss.codepoet.no/revelation/). YAPET is text based and less
   feature rich in comparison to revelation.

Motivation

   Using several different Unixes, I wanted to have a single application
   running on all Unixes for storing my passwords in a secure manner and
   running easily over a secure shell connection.

Supported Platforms

   YAPET builds and runs on following platforms:

     * FreeBSD
     * Sun(TM) Solaris(TM) x86
     * Linux
     * Cygwin

   If you want to use YAPET under Cygwin, you may want to read the
   README.Cygwin file.

Features

   YAPET features:

     * Blowfish encryption (http://www.schneier.com/blowfish.html) with
       448 bits key using the OpenSSL library (http://www.openssl.org/).
     * passwords are not kept clear text in memory.
     * doesn't depend on a graphical user interface and their "dependency
       hell" due to a text based user interface.
     * is only dependent of two libraries: openssl
       (http://www.openssl.org) and curses or ncurses
       (http://www.gnu.org/software/ncurses/).
     * locks the terminal on inactivity.
     * a utility to convert CSV files to the native YAPET format.

Installation

   YAPET uses a configure script for configuring the build process. Refer
   to the INSTALL file in the source tarball yapet-0.4.tar.gz.

Usage

   YAPET is kept simple. You should not find it difficult to use. The user
   interface has some quirks, though.

   See the manual page yapet(1) after installing YAPET for a minimal usage
   guide.

Design

   Refer to the DESIGN file which comes along with the source tarball in
   order to get an idea of the design of YAPET.

A Word of Caution

   Although several precautions were taken to avoid having any passwords
   stored clear text in memory, there were occassions when core files
   contained the master password. This means that it is possible, though
   not likely, for a malicious user to get hold of one or more passwords
   while YAPET is running.

License

   YAPET -- Yet Another Password Encryption Tool

   Copyright (C) 2008, 2009 Rafael Ostertag <rafi@guengel.ch>

   This program is free software: you can redistribute it and/or modify it
   under the terms of the GNU General Public License as published by the
   Free Software Foundation, either version 3 of the License, or (at your
   option) any later version.

   This program is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
   General Public License for more details.

   You should have received a copy of the GNU General Public License along
   with this program. If not, see http://www.gnu.org/licenses/.

   Additional permission under GNU GPL version 3 section 7.  If you modify
   this program, or any covered work, by linking or combining it with the
   OpenSSL project's OpenSSL library (or a modified version of that
   library), containing parts covered by the terms of the OpenSSL or
   SSLeay licenses, Rafael Ostertag grants you additional permission to
   convey the resulting work. Corresponding Source for a non-source form
   of such a combination shall include the source code for the parts of
   OpenSSL used as well as that of the covered work.
