black-bagg 0.4.6

Secure password manager with RAM-only execution, fixed contact display, and post-quantum cryptography
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

# Black-Bag

A quantum-secure password manager that runs entirely in RAM, leaving zero traces on disk.

## Features

- **RAM-Only Execution**: Runs entirely in volatile memory
- **Post-Quantum Cryptography**: ML-KEM and MLDSA algorithms
- **Zero Disk Traces**: No swap, no temp files, no forensic artifacts
- **Fixed Contact Display**: All contact fields now properly display with `get --reveal`
- **Memory Locking**: Prevents secrets from being swapped to disk

## Installation

```bash
cargo install black-bag
```

## Quick Start with RAM Drive (macOS)

```bash
# Create 512MB RAM disk
BLACK_BAG_RAM_SIZE=512 black-bag init --ram-drive

# Or manually create RAM disk
DISK=$(hdiutil attach -nomount ram://1048576)  # 512MB
diskutil erasevolume APFS "SecureVault" $DISK

# Run black-bag from RAM
cd /Volumes/SecureVault
black-bag init
```

## Basic Usage

```bash
# Initialize vault
black-bag init

# Add login
black-bag add login --title "GitHub" --username "user"

# Add contact (with fixed display)
black-bag add contact \
  --full-name "John Doe" \
  --phones "555-1234" \
  --emails "john@example.com"

# View contact (all fields now display properly)
black-bag get <UUID> --reveal

# List all entries
black-bag list
```

## RAM Drive Sizes

- **256MB**: Minimal vault (~1000 entries)
- **512MB**: Standard vault (~5000 entries) [Default]
- **1GB**: Large vault (~10000 entries)
- **2GB**: Maximum security (entire binary in RAM)

## Security Notes

- Master passphrase required for all operations
- Argon2id key derivation (262MB memory cost)
- ChaCha20-Poly1305 authenticated encryption
- Post-quantum KEX and signatures
- Automatic memory wiping on exit

## What's Fixed in This Version

### v0.4.5
- **Fixed**: Contact records now display all fields (full_name, emails, phones) with `get --reveal`
- **Added**: Built-in RAM drive support
- **Improved**: Memory security with better mlock handling

### v0.3.4 Bug Fix
Previously, `RecordData::Contact` had an empty render_sensitive() implementation at line 1605.
Now properly displays all contact fields when using `--reveal`.

## Platform Support

- **macOS**: Full RAM disk support via hdiutil
- **Linux**: tmpfs support
- **Windows**: ImDisk required for RAM drives

## License

MIT OR Apache-2.0