diff options
| -rw-r--r-- | docs/_r_e_a_d_m_e_8md_source.html | 2 | ||||
| -rw-r--r-- | docs/md__r_e_a_d_m_e.html | 8 |
2 files changed, 7 insertions, 3 deletions
diff --git a/docs/_r_e_a_d_m_e_8md_source.html b/docs/_r_e_a_d_m_e_8md_source.html index 4ca179dd..ea1f0260 100644 --- a/docs/_r_e_a_d_m_e_8md_source.html +++ b/docs/_r_e_a_d_m_e_8md_source.html @@ -65,7 +65,7 @@ $(function() { <div class="title">README.md</div> </div> </div><!--header--> <div class="contents"> -<a href="_r_e_a_d_m_e_8md.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> QtPass</div><div class="line"><a name="l00002"></a><span class="lineno"> 2</span> ======</div><div class="line"><a name="l00003"></a><span class="lineno"> 3</span> </div><div class="line"><a name="l00004"></a><span class="lineno"> 4</span> [](https://travis-ci.org/IJHack/QtPass)</div><div class="line"><a name="l00005"></a><span class="lineno"> 5</span> [](https://ci.appveyor.com/project/annejan/qtpass/branch/master)</div><div class="line"><a name="l00006"></a><span class="lineno"> 6</span> [](https://scan.coverity.com/projects/ijhack-qtpass)</div><div class="line"><a name="l00007"></a><span class="lineno"> 7</span> [](https://coveralls.io/github/IJHack/QtPass)</div><div class="line"><a name="l00008"></a><span class="lineno"> 8</span> </div><div class="line"><a name="l00009"></a><span class="lineno"> 9</span> QtPass is a GUI for [pass](https://www.passwordstore.org/),</div><div class="line"><a name="l00010"></a><span class="lineno"> 10</span> the standard unix password manager.</div><div class="line"><a name="l00011"></a><span class="lineno"> 11</span> </div><div class="line"><a name="l00012"></a><span class="lineno"> 12</span> Features</div><div class="line"><a name="l00013"></a><span class="lineno"> 13</span> --------</div><div class="line"><a name="l00014"></a><span class="lineno"> 14</span> </div><div class="line"><a name="l00015"></a><span class="lineno"> 15</span> * Using `pass` or `git` and `gpg2` directly</div><div class="line"><a name="l00016"></a><span class="lineno"> 16</span> * Configurable shoulder surfing protection options</div><div class="line"><a name="l00017"></a><span class="lineno"> 17</span> * Cross platform: Linux, BSD, OS X and Windows</div><div class="line"><a name="l00018"></a><span class="lineno"> 18</span> * Per-folder user selection for multi recipient encryption</div><div class="line"><a name="l00019"></a><span class="lineno"> 19</span> * Multiple profiles</div><div class="line"><a name="l00020"></a><span class="lineno"> 20</span> * Easy onboarding</div><div class="line"><a name="l00021"></a><span class="lineno"> 21</span> </div><div class="line"><a name="l00022"></a><span class="lineno"> 22</span> Logo based on [Heart-padlock by AnonMoos](https://commons.wikimedia.org/wiki/File:Heart-padlock.svg).</div><div class="line"><a name="l00023"></a><span class="lineno"> 23</span> </div><div class="line"><a name="l00024"></a><span class="lineno"> 24</span> Installation</div><div class="line"><a name="l00025"></a><span class="lineno"> 25</span> ------------</div><div class="line"><a name="l00026"></a><span class="lineno"> 26</span> </div><div class="line"><a name="l00027"></a><span class="lineno"> 27</span> ### From package</div><div class="line"><a name="l00028"></a><span class="lineno"> 28</span> </div><div class="line"><a name="l00029"></a><span class="lineno"> 29</span> OpenSUSE & Fedora</div><div class="line"><a name="l00030"></a><span class="lineno"> 30</span> `yum install qtpass`</div><div class="line"><a name="l00031"></a><span class="lineno"> 31</span> `dnf install qtpass`</div><div class="line"><a name="l00032"></a><span class="lineno"> 32</span> </div><div class="line"><a name="l00033"></a><span class="lineno"> 33</span> Debian, Ubuntu and derivates like Mint, Kali & Raspbian</div><div class="line"><a name="l00034"></a><span class="lineno"> 34</span> `apt-get install qtpass`</div><div class="line"><a name="l00035"></a><span class="lineno"> 35</span> </div><div class="line"><a name="l00036"></a><span class="lineno"> 36</span> Arch Linux</div><div class="line"><a name="l00037"></a><span class="lineno"> 37</span> `pacman -S qtpass`</div><div class="line"><a name="l00038"></a><span class="lineno"> 38</span> </div><div class="line"><a name="l00039"></a><span class="lineno"> 39</span> Gentoo</div><div class="line"><a name="l00040"></a><span class="lineno"> 40</span> `emerge -atv qtpass`</div><div class="line"><a name="l00041"></a><span class="lineno"> 41</span> </div><div class="line"><a name="l00042"></a><span class="lineno"> 42</span> Sabayon</div><div class="line"><a name="l00043"></a><span class="lineno"> 43</span> `equo install qtpass`</div><div class="line"><a name="l00044"></a><span class="lineno"> 44</span> </div><div class="line"><a name="l00045"></a><span class="lineno"> 45</span> FreeBSD</div><div class="line"><a name="l00046"></a><span class="lineno"> 46</span> `pkg install qtpass`</div><div class="line"><a name="l00047"></a><span class="lineno"> 47</span> </div><div class="line"><a name="l00048"></a><span class="lineno"> 48</span> macOS</div><div class="line"><a name="l00049"></a><span class="lineno"> 49</span> `brew cask install qtpass`</div><div class="line"><a name="l00050"></a><span class="lineno"> 50</span> </div><div class="line"><a name="l00051"></a><span class="lineno"> 51</span> Windows</div><div class="line"><a name="l00052"></a><span class="lineno"> 52</span> `choco install qtpass`</div><div class="line"><a name="l00053"></a><span class="lineno"> 53</span> </div><div class="line"><a name="l00054"></a><span class="lineno"> 54</span> ### From Source</div><div class="line"><a name="l00055"></a><span class="lineno"> 55</span> </div><div class="line"><a name="l00056"></a><span class="lineno"> 56</span> **Dependencies**</div><div class="line"><a name="l00057"></a><span class="lineno"> 57</span> </div><div class="line"><a name="l00058"></a><span class="lineno"> 58</span> * QtPass requires Qt 5.</div><div class="line"><a name="l00059"></a><span class="lineno"> 59</span> * The Linguist package is required to compile the translations.</div><div class="line"><a name="l00060"></a><span class="lineno"> 60</span> * For use of the fallback icons the SVG library is required.</div><div class="line"><a name="l00061"></a><span class="lineno"> 61</span> </div><div class="line"><a name="l00062"></a><span class="lineno"> 62</span> At runtime the only real dependency is `gpg2` but to make the most of it, you'll need `git` and `pass` too.</div><div class="line"><a name="l00063"></a><span class="lineno"> 63</span> </div><div class="line"><a name="l00064"></a><span class="lineno"> 64</span> Your GPG has to be set-up with a graphical pinentry when applicable, same goes for git authentication.</div><div class="line"><a name="l00065"></a><span class="lineno"> 65</span> On Mac OS X this currently seems to only work with MacGPG2 from gpgtools.</div><div class="line"><a name="l00066"></a><span class="lineno"> 66</span> </div><div class="line"><a name="l00067"></a><span class="lineno"> 67</span> On most unix systems all you need is:</div><div class="line"><a name="l00068"></a><span class="lineno"> 68</span> ```</div><div class="line"><a name="l00069"></a><span class="lineno"> 69</span> qmake && make && make install</div><div class="line"><a name="l00070"></a><span class="lineno"> 70</span> ```</div><div class="line"><a name="l00071"></a><span class="lineno"> 71</span> </div><div class="line"><a name="l00072"></a><span class="lineno"> 72</span> Security considerations</div><div class="line"><a name="l00073"></a><span class="lineno"> 73</span> -----------------------</div><div class="line"><a name="l00074"></a><span class="lineno"> 74</span> </div><div class="line"><a name="l00075"></a><span class="lineno"> 75</span> Using this program will not magically keep your passwords secure against</div><div class="line"><a name="l00076"></a><span class="lineno"> 76</span> compromised computers even if you use it in combination with a smartcard.</div><div class="line"><a name="l00077"></a><span class="lineno"> 77</span> </div><div class="line"><a name="l00078"></a><span class="lineno"> 78</span> It does protect future and changed passwords though against anyone with access to</div><div class="line"><a name="l00079"></a><span class="lineno"> 79</span> your password store only but not your keys.</div><div class="line"><a name="l00080"></a><span class="lineno"> 80</span> Used with a smartcard it also protects against anyone just monitoring/copying</div><div class="line"><a name="l00081"></a><span class="lineno"> 81</span> all files/keystrokes on that machine and such an attacker would only gain access</div><div class="line"><a name="l00082"></a><span class="lineno"> 82</span> to the passwords you actually use.</div><div class="line"><a name="l00083"></a><span class="lineno"> 83</span> Once you plug in your smartcard and enter your PIN (or due to CVE-2015-3298</div><div class="line"><a name="l00084"></a><span class="lineno"> 84</span> even without your PIN) all your passwords available to the machine can be</div><div class="line"><a name="l00085"></a><span class="lineno"> 85</span> decrypted by it, if there is malicious software targeted specifically against</div><div class="line"><a name="l00086"></a><span class="lineno"> 86</span> it installed (or at least one that knows how to use a smartcard).</div><div class="line"><a name="l00087"></a><span class="lineno"> 87</span> </div><div class="line"><a name="l00088"></a><span class="lineno"> 88</span> To get better protection out of use with a smartcard even against a targeted</div><div class="line"><a name="l00089"></a><span class="lineno"> 89</span> attack I can think of at least two options:</div><div class="line"><a name="l00090"></a><span class="lineno"> 90</span> </div><div class="line"><a name="l00091"></a><span class="lineno"> 91</span> * The smartcard must require explicit confirmation for each decryption operation.</div><div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  Or if it just provides a counter for decrypted data you could at least notice</div><div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  an attack afterwards, though at quite some effort on your part.</div><div class="line"><a name="l00094"></a><span class="lineno"> 94</span> * Use a different smartcard for each (group of) key.</div><div class="line"><a name="l00095"></a><span class="lineno"> 95</span> * If using a YubiKey or U2F module or similar that requires a "button" press for</div><div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  other authentication methods you can use one OTP/U2F enabled WebDAV account per</div><div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  password (or groups of passwords) as a quite inconvenient workaround.</div><div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  Unfortunately I do not know of any WebDAV service with OTP support except ownCloud</div><div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  (so you would have to run your own server).</div><div class="line"><a name="l00100"></a><span class="lineno"> 100</span> </div><div class="line"><a name="l00101"></a><span class="lineno"> 101</span> Known issues</div><div class="line"><a name="l00102"></a><span class="lineno"> 102</span> ------------</div><div class="line"><a name="l00103"></a><span class="lineno"> 103</span> </div><div class="line"><a name="l00104"></a><span class="lineno"> 104</span> * Filtering (searching) breaks the tree/model sometimes</div><div class="line"><a name="l00105"></a><span class="lineno"> 105</span> * Starting without a correctly set password-store folder</div><div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  gives weird results in the tree view</div><div class="line"><a name="l00107"></a><span class="lineno"> 107</span> * On Mac OS X only the gpgtools MacGPG2 version works with passphrase or PIN</div><div class="line"><a name="l00108"></a><span class="lineno"> 108</span> </div><div class="line"><a name="l00109"></a><span class="lineno"> 109</span> Planned features</div><div class="line"><a name="l00110"></a><span class="lineno"> 110</span> ----------------</div><div class="line"><a name="l00111"></a><span class="lineno"> 111</span> </div><div class="line"><a name="l00112"></a><span class="lineno"> 112</span> * Plugins based on field name, plugins follow same format as password files</div><div class="line"><a name="l00113"></a><span class="lineno"> 113</span> * Colour coding folders (possibly disabling folders you can't decrypt)</div><div class="line"><a name="l00114"></a><span class="lineno"> 114</span> * Optional table view of decrypted folder contents</div><div class="line"><a name="l00115"></a><span class="lineno"> 115</span> * Opening of (basic auth) urls in default browser?</div><div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  Possibly with helper plugin for filling out forms?</div><div class="line"><a name="l00117"></a><span class="lineno"> 117</span> * WebDAV (configuration) support</div><div class="line"><a name="l00118"></a><span class="lineno"> 118</span> * Some other form of remote storage that allows for</div><div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  accountability / auditing (web API to retrieve the .gpg files?)</div><div class="line"><a name="l00120"></a><span class="lineno"> 120</span> </div><div class="line"><a name="l00121"></a><span class="lineno"> 121</span> Further reading</div><div class="line"><a name="l00122"></a><span class="lineno"> 122</span> ---------------</div><div class="line"><a name="l00123"></a><span class="lineno"> 123</span> </div><div class="line"><a name="l00124"></a><span class="lineno"> 124</span> [FAQ](FAQ.md) and [CONTRIBUTING](CONTRIBUTING.md) documentation.</div><div class="line"><a name="l00125"></a><span class="lineno"> 125</span> [CHANGELOG](CHANGELOG.md)</div><div class="line"><a name="l00126"></a><span class="lineno"> 126</span> </div><div class="line"><a name="l00127"></a><span class="lineno"> 127</span> [Website](https://qtpass.org/)</div><div class="line"><a name="l00128"></a><span class="lineno"> 128</span> [Source code](https://github.com/IJHack/qtpass)</div><div class="line"><a name="l00129"></a><span class="lineno"> 129</span> [Issue queue](https://github.com/IJHack/qtpass/issues)</div><div class="line"><a name="l00130"></a><span class="lineno"> 130</span> [Chat](https://gitter.im/IJHack/qtpass)</div></div><!-- fragment --></div><!-- contents --> +<a href="_r_e_a_d_m_e_8md.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> QtPass</div><div class="line"><a name="l00002"></a><span class="lineno"> 2</span> ======</div><div class="line"><a name="l00003"></a><span class="lineno"> 3</span> </div><div class="line"><a name="l00004"></a><span class="lineno"> 4</span> [](https://travis-ci.org/IJHack/QtPass)</div><div class="line"><a name="l00005"></a><span class="lineno"> 5</span> [](https://ci.appveyor.com/project/annejan/qtpass/branch/master)</div><div class="line"><a name="l00006"></a><span class="lineno"> 6</span> [](https://scan.coverity.com/projects/ijhack-qtpass)</div><div class="line"><a name="l00007"></a><span class="lineno"> 7</span> [](https://coveralls.io/github/IJHack/QtPass)</div><div class="line"><a name="l00008"></a><span class="lineno"> 8</span> [](https://codecov.io/gh/IJhack/QtPass)</div><div class="line"><a name="l00009"></a><span class="lineno"> 9</span> </div><div class="line"><a name="l00010"></a><span class="lineno"> 10</span> QtPass is a GUI for [pass](https://www.passwordstore.org/),</div><div class="line"><a name="l00011"></a><span class="lineno"> 11</span> the standard unix password manager.</div><div class="line"><a name="l00012"></a><span class="lineno"> 12</span> </div><div class="line"><a name="l00013"></a><span class="lineno"> 13</span> Features</div><div class="line"><a name="l00014"></a><span class="lineno"> 14</span> --------</div><div class="line"><a name="l00015"></a><span class="lineno"> 15</span> </div><div class="line"><a name="l00016"></a><span class="lineno"> 16</span> * Using `pass` or `git` and `gpg2` directly</div><div class="line"><a name="l00017"></a><span class="lineno"> 17</span> * Configurable shoulder surfing protection options</div><div class="line"><a name="l00018"></a><span class="lineno"> 18</span> * Cross platform: Linux, BSD, OS X and Windows</div><div class="line"><a name="l00019"></a><span class="lineno"> 19</span> * Per-folder user selection for multi recipient encryption</div><div class="line"><a name="l00020"></a><span class="lineno"> 20</span> * Multiple profiles</div><div class="line"><a name="l00021"></a><span class="lineno"> 21</span> * Easy onboarding</div><div class="line"><a name="l00022"></a><span class="lineno"> 22</span> </div><div class="line"><a name="l00023"></a><span class="lineno"> 23</span> Logo based on [Heart-padlock by AnonMoos](https://commons.wikimedia.org/wiki/File:Heart-padlock.svg).</div><div class="line"><a name="l00024"></a><span class="lineno"> 24</span> </div><div class="line"><a name="l00025"></a><span class="lineno"> 25</span> Installation</div><div class="line"><a name="l00026"></a><span class="lineno"> 26</span> ------------</div><div class="line"><a name="l00027"></a><span class="lineno"> 27</span> </div><div class="line"><a name="l00028"></a><span class="lineno"> 28</span> ### From package</div><div class="line"><a name="l00029"></a><span class="lineno"> 29</span> </div><div class="line"><a name="l00030"></a><span class="lineno"> 30</span> OpenSUSE & Fedora</div><div class="line"><a name="l00031"></a><span class="lineno"> 31</span> `yum install qtpass`</div><div class="line"><a name="l00032"></a><span class="lineno"> 32</span> `dnf install qtpass`</div><div class="line"><a name="l00033"></a><span class="lineno"> 33</span> </div><div class="line"><a name="l00034"></a><span class="lineno"> 34</span> Debian, Ubuntu and derivates like Mint, Kali & Raspbian</div><div class="line"><a name="l00035"></a><span class="lineno"> 35</span> `apt-get install qtpass`</div><div class="line"><a name="l00036"></a><span class="lineno"> 36</span> </div><div class="line"><a name="l00037"></a><span class="lineno"> 37</span> Arch Linux</div><div class="line"><a name="l00038"></a><span class="lineno"> 38</span> `pacman -S qtpass`</div><div class="line"><a name="l00039"></a><span class="lineno"> 39</span> </div><div class="line"><a name="l00040"></a><span class="lineno"> 40</span> Gentoo</div><div class="line"><a name="l00041"></a><span class="lineno"> 41</span> `emerge -atv qtpass`</div><div class="line"><a name="l00042"></a><span class="lineno"> 42</span> </div><div class="line"><a name="l00043"></a><span class="lineno"> 43</span> Sabayon</div><div class="line"><a name="l00044"></a><span class="lineno"> 44</span> `equo install qtpass`</div><div class="line"><a name="l00045"></a><span class="lineno"> 45</span> </div><div class="line"><a name="l00046"></a><span class="lineno"> 46</span> FreeBSD</div><div class="line"><a name="l00047"></a><span class="lineno"> 47</span> `pkg install qtpass`</div><div class="line"><a name="l00048"></a><span class="lineno"> 48</span> </div><div class="line"><a name="l00049"></a><span class="lineno"> 49</span> macOS</div><div class="line"><a name="l00050"></a><span class="lineno"> 50</span> `brew cask install qtpass`</div><div class="line"><a name="l00051"></a><span class="lineno"> 51</span> </div><div class="line"><a name="l00052"></a><span class="lineno"> 52</span> Windows</div><div class="line"><a name="l00053"></a><span class="lineno"> 53</span> `choco install qtpass`</div><div class="line"><a name="l00054"></a><span class="lineno"> 54</span> </div><div class="line"><a name="l00055"></a><span class="lineno"> 55</span> ### From Source</div><div class="line"><a name="l00056"></a><span class="lineno"> 56</span> </div><div class="line"><a name="l00057"></a><span class="lineno"> 57</span> **Dependencies**</div><div class="line"><a name="l00058"></a><span class="lineno"> 58</span> </div><div class="line"><a name="l00059"></a><span class="lineno"> 59</span> * QtPass requires Qt 5.</div><div class="line"><a name="l00060"></a><span class="lineno"> 60</span> * The Linguist package is required to compile the translations.</div><div class="line"><a name="l00061"></a><span class="lineno"> 61</span> * For use of the fallback icons the SVG library is required.</div><div class="line"><a name="l00062"></a><span class="lineno"> 62</span> </div><div class="line"><a name="l00063"></a><span class="lineno"> 63</span> At runtime the only real dependency is `gpg2` but to make the most of it, you'll need `git` and `pass` too.</div><div class="line"><a name="l00064"></a><span class="lineno"> 64</span> </div><div class="line"><a name="l00065"></a><span class="lineno"> 65</span> Your GPG has to be set-up with a graphical pinentry when applicable, same goes for git authentication.</div><div class="line"><a name="l00066"></a><span class="lineno"> 66</span> On Mac OS X this currently seems to only work with MacGPG2 from gpgtools.</div><div class="line"><a name="l00067"></a><span class="lineno"> 67</span> </div><div class="line"><a name="l00068"></a><span class="lineno"> 68</span> On most unix systems all you need is:</div><div class="line"><a name="l00069"></a><span class="lineno"> 69</span> ```</div><div class="line"><a name="l00070"></a><span class="lineno"> 70</span> qmake && make && make install</div><div class="line"><a name="l00071"></a><span class="lineno"> 71</span> ```</div><div class="line"><a name="l00072"></a><span class="lineno"> 72</span> </div><div class="line"><a name="l00073"></a><span class="lineno"> 73</span> Testing</div><div class="line"><a name="l00074"></a><span class="lineno"> 74</span> -------</div><div class="line"><a name="l00075"></a><span class="lineno"> 75</span> </div><div class="line"><a name="l00076"></a><span class="lineno"> 76</span> This is done with `make check`</div><div class="line"><a name="l00077"></a><span class="lineno"> 77</span> </div><div class="line"><a name="l00078"></a><span class="lineno"> 78</span> Codecoverage can be done with `make lcov`, `make gcov`, `make coveralls` and/or `make codecov`.</div><div class="line"><a name="l00079"></a><span class="lineno"> 79</span> </div><div class="line"><a name="l00080"></a><span class="lineno"> 80</span> Be sure to first run: `make distclean && qmake CONFIG+=coverage qtpass.pro`</div><div class="line"><a name="l00081"></a><span class="lineno"> 81</span> </div><div class="line"><a name="l00082"></a><span class="lineno"> 82</span> Security considerations</div><div class="line"><a name="l00083"></a><span class="lineno"> 83</span> -----------------------</div><div class="line"><a name="l00084"></a><span class="lineno"> 84</span> </div><div class="line"><a name="l00085"></a><span class="lineno"> 85</span> Using this program will not magically keep your passwords secure against</div><div class="line"><a name="l00086"></a><span class="lineno"> 86</span> compromised computers even if you use it in combination with a smartcard.</div><div class="line"><a name="l00087"></a><span class="lineno"> 87</span> </div><div class="line"><a name="l00088"></a><span class="lineno"> 88</span> It does protect future and changed passwords though against anyone with access to</div><div class="line"><a name="l00089"></a><span class="lineno"> 89</span> your password store only but not your keys.</div><div class="line"><a name="l00090"></a><span class="lineno"> 90</span> Used with a smartcard it also protects against anyone just monitoring/copying</div><div class="line"><a name="l00091"></a><span class="lineno"> 91</span> all files/keystrokes on that machine and such an attacker would only gain access</div><div class="line"><a name="l00092"></a><span class="lineno"> 92</span> to the passwords you actually use.</div><div class="line"><a name="l00093"></a><span class="lineno"> 93</span> Once you plug in your smartcard and enter your PIN (or due to CVE-2015-3298</div><div class="line"><a name="l00094"></a><span class="lineno"> 94</span> even without your PIN) all your passwords available to the machine can be</div><div class="line"><a name="l00095"></a><span class="lineno"> 95</span> decrypted by it, if there is malicious software targeted specifically against</div><div class="line"><a name="l00096"></a><span class="lineno"> 96</span> it installed (or at least one that knows how to use a smartcard).</div><div class="line"><a name="l00097"></a><span class="lineno"> 97</span> </div><div class="line"><a name="l00098"></a><span class="lineno"> 98</span> To get better protection out of use with a smartcard even against a targeted</div><div class="line"><a name="l00099"></a><span class="lineno"> 99</span> attack I can think of at least two options:</div><div class="line"><a name="l00100"></a><span class="lineno"> 100</span> </div><div class="line"><a name="l00101"></a><span class="lineno"> 101</span> * The smartcard must require explicit confirmation for each decryption operation.</div><div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  Or if it just provides a counter for decrypted data you could at least notice</div><div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  an attack afterwards, though at quite some effort on your part.</div><div class="line"><a name="l00104"></a><span class="lineno"> 104</span> * Use a different smartcard for each (group of) key.</div><div class="line"><a name="l00105"></a><span class="lineno"> 105</span> * If using a YubiKey or U2F module or similar that requires a "button" press for</div><div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  other authentication methods you can use one OTP/U2F enabled WebDAV account per</div><div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  password (or groups of passwords) as a quite inconvenient workaround.</div><div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  Unfortunately I do not know of any WebDAV service with OTP support except ownCloud</div><div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  (so you would have to run your own server).</div><div class="line"><a name="l00110"></a><span class="lineno"> 110</span> </div><div class="line"><a name="l00111"></a><span class="lineno"> 111</span> Known issues</div><div class="line"><a name="l00112"></a><span class="lineno"> 112</span> ------------</div><div class="line"><a name="l00113"></a><span class="lineno"> 113</span> </div><div class="line"><a name="l00114"></a><span class="lineno"> 114</span> * Filtering (searching) breaks the tree/model sometimes</div><div class="line"><a name="l00115"></a><span class="lineno"> 115</span> * Starting without a correctly set password-store folder</div><div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  gives weird results in the tree view</div><div class="line"><a name="l00117"></a><span class="lineno"> 117</span> * On Mac OS X only the gpgtools MacGPG2 version works with passphrase or PIN</div><div class="line"><a name="l00118"></a><span class="lineno"> 118</span> </div><div class="line"><a name="l00119"></a><span class="lineno"> 119</span> Planned features</div><div class="line"><a name="l00120"></a><span class="lineno"> 120</span> ----------------</div><div class="line"><a name="l00121"></a><span class="lineno"> 121</span> </div><div class="line"><a name="l00122"></a><span class="lineno"> 122</span> * Plugins based on field name, plugins follow same format as password files</div><div class="line"><a name="l00123"></a><span class="lineno"> 123</span> * Colour coding folders (possibly disabling folders you can't decrypt)</div><div class="line"><a name="l00124"></a><span class="lineno"> 124</span> * Optional table view of decrypted folder contents</div><div class="line"><a name="l00125"></a><span class="lineno"> 125</span> * Opening of (basic auth) urls in default browser?</div><div class="line"><a name="l00126"></a><span class="lineno"> 126</span>  Possibly with helper plugin for filling out forms?</div><div class="line"><a name="l00127"></a><span class="lineno"> 127</span> * WebDAV (configuration) support</div><div class="line"><a name="l00128"></a><span class="lineno"> 128</span> * Some other form of remote storage that allows for</div><div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  accountability / auditing (web API to retrieve the .gpg files?)</div><div class="line"><a name="l00130"></a><span class="lineno"> 130</span> </div><div class="line"><a name="l00131"></a><span class="lineno"> 131</span> Further reading</div><div class="line"><a name="l00132"></a><span class="lineno"> 132</span> ---------------</div><div class="line"><a name="l00133"></a><span class="lineno"> 133</span> </div><div class="line"><a name="l00134"></a><span class="lineno"> 134</span> [FAQ](FAQ.md) and [CONTRIBUTING](CONTRIBUTING.md) documentation.</div><div class="line"><a name="l00135"></a><span class="lineno"> 135</span> [CHANGELOG](CHANGELOG.md)</div><div class="line"><a name="l00136"></a><span class="lineno"> 136</span> </div><div class="line"><a name="l00137"></a><span class="lineno"> 137</span> [Website](https://qtpass.org/)</div><div class="line"><a name="l00138"></a><span class="lineno"> 138</span> [Source code](https://github.com/IJHack/qtpass)</div><div class="line"><a name="l00139"></a><span class="lineno"> 139</span> [Issue queue](https://github.com/IJHack/qtpass/issues)</div><div class="line"><a name="l00140"></a><span class="lineno"> 140</span> [Chat](https://gitter.im/IJHack/qtpass)</div></div><!-- fragment --></div><!-- contents --> <!-- start footer part --> <hr class="footer"/><address class="footer"><small> Generated by  <a href="http://www.doxygen.org/index.html"> diff --git a/docs/md__r_e_a_d_m_e.html b/docs/md__r_e_a_d_m_e.html index 418d0a72..64e254f0 100644 --- a/docs/md__r_e_a_d_m_e.html +++ b/docs/md__r_e_a_d_m_e.html @@ -65,7 +65,7 @@ $(function() { <div class="title">QtPass </div> </div> </div><!--header--> <div class="contents"> -<div class="textblock"><p><a href="https://travis-ci.org/IJHack/QtPass"></a> <a href="https://ci.appveyor.com/project/annejan/qtpass/branch/master"></a> <a href="https://scan.coverity.com/projects/ijhack-qtpass"></a> <a href="https://coveralls.io/github/IJHack/QtPass"></a></p> +<div class="textblock"><p><a href="https://travis-ci.org/IJHack/QtPass"></a> <a href="https://ci.appveyor.com/project/annejan/qtpass/branch/master"></a> <a href="https://scan.coverity.com/projects/ijhack-qtpass"></a> <a href="https://coveralls.io/github/IJHack/QtPass"></a> <a href="https://codecov.io/gh/IJhack/QtPass"></a></p> <p>QtPass is a GUI for <a href="https://www.passwordstore.org/">pass</a>, the standard unix password manager.</p> <h2>Features </h2> <ul> @@ -96,7 +96,11 @@ $(function() { </ul> <p>At runtime the only real dependency is <code>gpg2</code> but to make the most of it, you'll need <code>git</code> and <code>pass</code> too.</p> <p>Your GPG has to be set-up with a graphical pinentry when applicable, same goes for git authentication. On Mac OS X this currently seems to only work with MacGPG2 from gpgtools.</p> -<p>On most unix systems all you need is: </p><div class="fragment"><div class="line">qmake && make && make install</div></div><!-- fragment --><h2>Security considerations </h2> +<p>On most unix systems all you need is: </p><div class="fragment"><div class="line">qmake && make && make install</div></div><!-- fragment --><h2>Testing </h2> +<p>This is done with <code>make check</code></p> +<p>Codecoverage can be done with <code>make lcov</code>, <code>make gcov</code>, <code>make coveralls</code> and/or <code>make codecov</code>.</p> +<p>Be sure to first run: <code>make distclean && qmake CONFIG+=coverage qtpass.pro</code></p> +<h2>Security considerations </h2> <p>Using this program will not magically keep your passwords secure against compromised computers even if you use it in combination with a smartcard.</p> <p>It does protect future and changed passwords though against anyone with access to your password store only but not your keys. Used with a smartcard it also protects against anyone just monitoring/copying all files/keystrokes on that machine and such an attacker would only gain access to the passwords you actually use. Once you plug in your smartcard and enter your PIN (or due to CVE-2015-3298 even without your PIN) all your passwords available to the machine can be decrypted by it, if there is malicious software targeted specifically against it installed (or at least one that knows how to use a smartcard).</p> <p>To get better protection out of use with a smartcard even against a targeted attack I can think of at least two options:</p> |