1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

//! `pwv` (**p**ass**w**ord **v**ault) is a Windows command-line password manager.
//!
//! Passwords are stored encrypted in a vault file, encrypted to the vault's public key.
//! The private key can either be kept in a smart card that supports ECDH on the P256
//! curve (such as the YubiKey 4), or in software. Key access happens through the
//! Microsoft [CNG APIs][cng].
//!
//! The ciphersuite used in the vault:
//! * ECDH on P256 curve
//! * AES256 CBC
//! * HMAC SHA256
//! * NIST SP800 108 CTR HMAC KDF
//! See the [`crypto`] module for more details.
//!
//! [cng]: https://msdn.microsoft.com/en-us/library/windows/desktop/bb931355(v=vs.85).aspx
//! [`crypto`]: crypto/index.html
//!
//! # Examples
//!
//! ```
//! use pwv::authenticator::Key;
//! use pwv::prompt::Prompt;
//! use pwv::vault::Vault;
//! use std::io::Write;
//!
//! let authenticator = Key::Software(String::from("example"))
//!     .into_authenticator()
//!     .unwrap();
//! let mut vault = Vault::new(authenticator);
//!
//! // The thumbprint (hash of the vault's public key) should be shown
//! // to the user after vault creation (where they should be told to
//! // remember it), and then during each subsequent vault insertion (where
//! // they should be told to check and see if it matches the one they
//! // were shown during creation).
//! let _pk = vault.thumbprint().unwrap();
//!
//! // Insert and encrypt the password
//! let creds = ("user", "Pa$$w0rd!");
//! vault.insert(String::from("example.com"), &creds).unwrap();
//!
//! // Retrieve and decrypt it
//! {
//!     let entry = vault.get("example.com").unwrap();
//!     assert_eq!(entry.site(), "example.com");
//!     assert_eq!(entry.username(), "user");
//!     assert_eq!(entry.decrypt_password().unwrap().str(), "Pa$$w0rd!");
//! }
//!
//! // Serialize and deserialize to/from buffer
//! let mut buffer = Vec::new();
//! vault.to_writer(buffer.by_ref()).unwrap();
//! let deserialized = Vault::from_reader(&buffer[..]).unwrap();
//! assert_eq!(deserialized, vault);
//!
//! let entry = deserialized.get("example.com").unwrap();
//! assert_eq!(entry.decrypt_password().unwrap().str(), "Pa$$w0rd!");
//!
//! // Delete the persistent "example" software key.
//! vault.delete().unwrap();
//!
//! // Note that the other copy of the vault, `deserialized`, will now
//! // fail to perform any decryptions because the private key shared by
//! // the two vaults is gone.
//! assert!(entry.decrypt_password().is_err());
//! ```
#![cfg(windows)]

#[macro_use]
extern crate failure;
extern crate hex;
extern crate memsec;
extern crate seckey;
extern crate serde;
#[macro_use]
extern crate serde_derive;
extern crate serde_json;
extern crate winapi;

pub mod authenticator;
pub mod credentials;
pub mod crypto;
mod entry;
pub mod error;
pub mod prompt;
pub mod vault;
mod win32;