{ "info": { "author": "Stefan Marsiske", "author_email": "sphinx@ctrlc.hu", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", "Topic :: Security", "Topic :: Security :: Cryptography" ], "description": "sphinx: a password **S**tore that **P**erfectly **H**ides from **I**tself\n(**N**o **X**aggeration)\n\npwdsphinx is python wrapper around libsphinx - a cryptographic password storage\nas described in https://eprint.iacr.org/2015/1099\n\n## Dependencies\n\nYou need [libsphinx](https://github.com/stef/libsphinx).\n\nYou need also to install `pysodium` using either your OS package\nmanager or pip.\n\nIf you want to use also the websphinx browser extension you need to\ninstall also an X11 variant of pinentry from the gnupg project:\n\n - either `apt-get install pinentry-qt`\n - or `apt-get install pinentry-gtk2`\n - or `apt-get install pinentry-gnome3`\n - or `apt-get install pinentry-fltk`\n\n(or anything equivalent to `apt-get install` on your OS)\n\n## Installation\n\n`pip3 install pwdsphinx` should get you started.\n\n## API\n\n`sphinxlib` is a `ctypes`-based python wrapper around [libsphinx](https://github.com/stef/libsphinx), so\nyou can build whatever you fancy immediately in python. The interface\nexposed wraps the 3 sphinx functions from the library like this:\n\n```\ndef challenge(pwd)\n```\n\nreturns bfac and chal\n\n```\ndef respond(chal, secret)\n```\nreturn the response\n\n```\ndef finish(pwd, bfac, resp)\n```\n\nreturns the raw 32 byte password.\n\nThe functions for the PAKE (OPAQUE) protocol are not yet exposed.\n\n## Server/Client\n\nSince the sphinx protocol only makes sense if the \"device\" is\nsomewhere else than where you type your password, pitchforked sphinx\ncomes with a server implemented in py3 which you can host off-site\nfrom your usual desktop/smartphone. Also a client is supplied which is\nable to communicate with the server and manage passwords.\n\nBoth the client and the server can be configured by any of the\nfollowing files:\n - `/etc/sphinx/config`\n - `~/.sphinxrc`\n - `~/.config/sphinx/config`\n - `./sphinx.cfg`\n\nFiles are parsed in this order, this means global settings can be\noverridden by per-user and per-directory settings.\n\n### oracle - the server\n\nThe server can be \"configured\" by changing the variables in the\n`[server]` section of the config file.\n\nThe `address` is the IP address on which the server is listening,\ndefault is `localhost` - you might want to change that.\n\nThe `port` where the server is listening is by default 2355.\n\n`datadir` specifies the data directory where all the device \"secrets\"\nare stored, this defaults to \"data/\" in the current directory. You\nmight want to back up this directory from time to time to an encrypted\nmedium.\n\n`verbose` enables logging to standard output.\n\n`keydir` is the directory where the server stores its secret key, that\nis used to sign messages to the clients.\n\nChange these settings to fit your needs. Starting the server\ncan be done simply by:\n\n```\n./oracle.py\n```\n\n### sphinx - the client\n\nThis is the client that connects to the oracle to manage passwords\nusing the sphinx protocol.\n\n#### Client Configuration\n\nLike the server, the client can be configured changing the settings in\nthe `[client]` section of the config file. The `host` and `port` should\nmatch what you set in the server.\n\nThe datadir (default: `~/.sphinx`) variable holds the location for\nyour client parameters. Particularly it contains a salt (by default\n`~/.sphinx/salt`) which is used to calculate the ids for secrets on\nthe server, and more importantly it also contains a secret key\n(default: `~/.sphinx/key`) that is used to sign every message sent to\nthe server to authorize the operations on your passwords. Both the\nsalt and the key is generated automatically if not available. You\nmight want to back up and encrypt both the salt and the key.\n\n#### Authorization\n\nAll operations are authenticated by your (default: `~/.sphinx/key`)\nfile which is used to sign all operations. You should protect this\nfile, so that only you can operate on your passwords.\n\n#### Operations\n\nThe client provides the following operations: Create, Get, Change,\nDelete. Note there is no command to list \"records\", as the server does\nnot contain any textual information about what it stores. All\noperations need a username and a site this password belongs to.\n\n#### Create password\n\nCreating a new password for a site is easy, pass your \"master\"\npassword on standard input to the client, and provide parameters like\nin this example:\n\n```\necho 'my master password' | ./sphinx.py create username https://example.com ulsd 0\n```\n\nThe parameters to the client are `create` for the operation, then\n`username` for the username on the site `https://example.com` then a\ncombination of the letters `ulsd` and the `0` for the size of the\nfinal password. The letters `ulsd` stand in order for the following\ncharacter classes: `u` upper-case letters, `l` lower-case letters, `s`\nsymbols and `d` for digits.\n\nNote, you can actually use different \"master\" passwords for different\nuser/site combinations.\n\n#### Get password\n\nGetting a password from the sphinx oracle works by running the\nfollowing command:\n\n```\necho 'my master password' | ./sphinx.py get username https://example.com\n```\n\nHere again you supply your master password on standard input, provide\nthe `get` operation as the first parameter, your `username` as the 2nd\nand the `site` as the 3rd parameter. The resulting password is\nreturned on standard output.\n\n#### Change password\n\nYou might want to (be forced to regularly) change your password, this\nis easy while you can keep your master password the unchanged (or you\ncan change it too, if you want). The command is this:\n\n```\necho 'my master password' | ./sphinx.py change username https://example.com\n```\n\nHere again you supply your master password on standard input. This\nmaster password can be the same, but can also be a new password if you\nwant to change also the master password. You provide the `change`\noperation as the first parameter to the client, your `username` as the\n2nd and the `site` as the 3rd parameter. Your new new password is\nreturned on standard output.\n\nAfter changing the password, you will get back the old password, until you commit the changes with\n\n```\necho 'my master password' | ./sphinx.py commit username https://example.com\n```\n\n#### Deleting passwords\n\nIn case you want to delete a password, you can do using the following\ncommand:\n\n```\n./sphinx.py delete username https://example.com\n```\n\nYou provide the `delete` operation as the first parameter to the\nclient, your `username` as the 2nd and the `site` as the 3rd\nparameter. This command does not need anything on standard input, nor\ndoes it provide anything on standard output in case everything goes\nwell.\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/stef/pitchforkedsphinx", "keywords": "", "license": "GPLv3", "maintainer": "", "maintainer_email": "", "name": "pwdsphinx", "package_url": "https://pypi.org/project/pwdsphinx/", "platform": "", "project_url": "https://pypi.org/project/pwdsphinx/", "project_urls": { "Homepage": "https://github.com/stef/pitchforkedsphinx" }, "release_url": "https://pypi.org/project/pwdsphinx/0.4/", "requires_dist": null, "requires_python": "", "summary": "SPHINX password protocol", "version": "0.4" }, "last_serial": 4520173, "releases": { "0.2": [ { "comment_text": "", "digests": { "md5": "d617033233ba22a4ac62b1ef2bbb0936", "sha256": "e2a13e58ff343dc037f873844a7667a8dbf6c501d77c4cf45e104c1917cca409" }, "downloads": -1, "filename": "pwdsphinx-0.2.tar.gz", "has_sig": true, "md5_digest": "d617033233ba22a4ac62b1ef2bbb0936", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12243, "upload_time": "2018-02-19T22:11:12", "url": "https://files.pythonhosted.org/packages/3b/07/91e7e64922a55eb1e29b0e35b00d5e158acac14982d0a1fe086d97f3b81d/pwdsphinx-0.2.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "ce37e649839f4971b6b157be78a2c33f", "sha256": "dfcebd237f7e49a7889d8ab10f2929bb562689a0549893f3a23ca57cc8e5330b" }, "downloads": -1, "filename": "pwdsphinx-0.2.1.tar.gz", "has_sig": true, "md5_digest": "ce37e649839f4971b6b157be78a2c33f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12744, "upload_time": "2018-02-19T23:53:18", "url": "https://files.pythonhosted.org/packages/e6/38/e4dfdc7a140e504769951ec0efd20cf3e63aadd0054cf236dada96f20383/pwdsphinx-0.2.1.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "e8db9b5c1ac52f5d2e0c0c48bdb4cec4", "sha256": "e6f9fa871b5305a299e5eb0fa3ddf132aae95a66e6d1478bfff791dd1bb145f5" }, "downloads": -1, "filename": "pwdsphinx-0.3.tar.gz", "has_sig": true, "md5_digest": "e8db9b5c1ac52f5d2e0c0c48bdb4cec4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12889, "upload_time": "2018-03-07T21:45:21", "url": "https://files.pythonhosted.org/packages/ad/36/15af4bb65ec5c4a858d01cdf9762d0bd54fd3cffc2394bc83185378a8f52/pwdsphinx-0.3.tar.gz" } ], "0.3.1": [ { "comment_text": "", "digests": { "md5": "08cfaca908c90df295ead549a6fc795a", "sha256": "e815c41ef861386efd02a4de64f11eb691ae70d522bf86f291d0191f342851e1" }, "downloads": -1, "filename": "pwdsphinx-0.3.1.tar.gz", "has_sig": true, "md5_digest": "08cfaca908c90df295ead549a6fc795a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13575, "upload_time": "2018-03-14T14:05:19", "url": "https://files.pythonhosted.org/packages/37/47/3294a2a184e4d60729dcf8a6fe4acc9162d14e585ecdf7fbfe7feefa6943/pwdsphinx-0.3.1.tar.gz" } ], "0.4": [ { "comment_text": "", "digests": { "md5": "2b09399791414578b67237a802a294b6", "sha256": "dcd50b040e450c14c3165d8991b6f0785db9e8ef5e37044029817ee9a2387e7a" }, "downloads": -1, "filename": "pwdsphinx-0.4.tar.gz", "has_sig": true, "md5_digest": "2b09399791414578b67237a802a294b6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13871, "upload_time": "2018-11-23T10:58:59", "url": "https://files.pythonhosted.org/packages/20/1c/709e3161d4262b53034cae1043a6836bc5f751f0d9cdfd3629d6aa89608d/pwdsphinx-0.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2b09399791414578b67237a802a294b6", "sha256": "dcd50b040e450c14c3165d8991b6f0785db9e8ef5e37044029817ee9a2387e7a" }, "downloads": -1, "filename": "pwdsphinx-0.4.tar.gz", "has_sig": true, "md5_digest": "2b09399791414578b67237a802a294b6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13871, "upload_time": "2018-11-23T10:58:59", "url": "https://files.pythonhosted.org/packages/20/1c/709e3161d4262b53034cae1043a6836bc5f751f0d9cdfd3629d6aa89608d/pwdsphinx-0.4.tar.gz" } ] }