/go-one-password

A password generator for website logins based on a single, private passphrase. This is a self-contained, statically compiled application which runs on the command line or as a simple gui, and does not require an internet connection.

Primary LanguageGoMIT LicenseMIT

go-one-password

About

This project is inspired by oneshallpass but is written in Go instead of javascript, and runs as a self-contained, statically compiled binary, either on the command line or as a gui, instead of a web browser.

The technical implementation is similar, i.e., HMAC-SHA512() hashing a combination of the host, username, generator and indicator numbers, but using scrypt instead of PBKDF2 for generating the shared private key (dk) value from the passphrase.

Building and Installing

This program now comes in two versions, a command line interface (cli), and a graphical user interface (gui).

go get github.com/howeyc/gopass@latest
go get github.com/mattn/go-gtk/gtk@latest

Note that go-gtk requires that the GTK-Development packages for your system are already installed.

GTK for macOS

In addition to the official installer, it is also available on Homebrew:

brew install gtk+
export LDFLAGS="-L/usr/local/opt/libffi/lib"
export CPPFLAGS="-I/usr/local/opt/libffi/include"
export PKG_CONFIG_PATH="/usr/local/opt/libffi/lib/pkgconfig"

Use the Makefile to build either or both versions:

make all # build both the cli and gui versions
$ make cli # build just the cli version
$ make gui # build just the gui version

Command Line Interface Version

The resulting binary is go-one-password-cl.

Update your $PATH to include the folder where go-one-password-cl was built, and add a shorter alias, if you prefer (e.g., "g1p", assuming that doesn't conflict with anything on your system).

Graphical User Interface Version

The resulting binary is go-one-password-ui.

You can add a launcher from your desktop menu to run it that way, if you prefer.

Usage

The core idea is that by remembering just one quality passphrase (known only by you), you can generate unique and secure passwords for multiple website logins.

There are many different ways of selecting a quality passphrase, but if you cannot come up with one on your own, there are several free sites which can pick one for you.

Once you settle on a passphrase, just make sure you commit it to memory; it's not stored anywhere by this code, and if lost or forgotten, is unrecoverable.

Command Line Interface Version

If you forget how to use go-one-password-cl type it (or whatever alias you've used for it) in a shell prompt followed by "-help":

$ ./go-one-password-cl -help
Usage of g1p:
  -host="": (required) the website you want to login to (e.g. "amazon.com")
  -plen=16: (optional) set the resulting password length (the default is 16)
  -spec="": (optional) if the website requires one or more "special" characters in the password (e.g., "#%*" etc.) specify one or more of them here
  -user="": (required) the username or email address you use to login

Usage Examples

Here's how to use it in practice (the passphrase is asked in an interactive prompt, instead of from a command line argument, because we don't want to save the passphrase in your shell history by accident).

Note that while the passphrase is hidden on Mac OSX, Windows and Linux systems, it may appear as viewable text on other operating systems. To keep the passphrase text hidden on such systems, use the gui version instead.

$ g1p -host example.org -user me@example.com
What's your passphrase? (or ctrl-c to quit) close introduced when lunch
Your password for example.org logging in as user me@example.com is:

o95gZHxeh7D9LYnp

This is another example, for when the site requires one or more "special" characters:

$ g1p -host example.org -user me@example.com -spec="#%"
What's your passphrase? (or ctrl-c to quit) close introduced when lunch
Your password for example.org logging in as user me@example.com is:

o95gZHxeh7D9LY#%

Graphical User Interface Version

The gui version supports all the same features of the cli version, with the additional benefit that it hides the passphrase by default:

Passphrases can be made visible if desired, and "special" characters work too:

Launching the gui version with any of these command-line switches automatically pre-populates the corresponding fields in the input:

$ ./go-one-password-ui -help
Usage of ./go-one-password-ui:
  -host string
    	the website you want to login to (e.g. "amazon.com")
  -plen string
    	set the resulting password length (the default is 16) (default "16")
  -spec string
    	if the website requires one or more "special" characters in the password (e.g., "#%*" etc.) specify one or more of them here
  -user string
    	the username or email address you use to login

Using these command-line switches to launch the gui is optional.