path: root/params.json
blob: 9ad72d5b2a2a474c5c242d69857ca13a070671e6 (plain)
{"name":"QtPass","tagline":"QtPass is a multi-platform GUI for pass","body":"Features\r\n--------\r\n* Using [pass]( or git and gpg2 directly\r\n* Configurable shoulder surfing protection options\r\n* Cross platform: Linux, BSD, OS X and Windows\r\n* Per-folder user selection for multi recipient encryption\r\n\r\nWhile QtPass will work with Qt4, currently multi-line editing is restricted to Qt5 only.\r\n\r\nSecurity considerations\r\n-----------------------\r\nUsing this program will not magically keep your passwords secure against\r\ncompromised computers even if you use it in combination with a smartcard.\r\n\r\nIt does protect future and changed passwords though against anyone with access to\r\nyour password store only but not your keys.\r\nUsed with a smartcard it also protects against anyone just monitoring/copying\r\nall files/keystrokes on that machine and such an attacker would only gain access\r\nto the passwords you actually use.\r\nOnce you plug in your smartcard and enter your PIN (or due to CVE-2015-3298\r\neven without your PIN) all your passwords available to the machine can be\r\ndecrypted by it, if there is malicious software targeted specifically against\r\nit installed (or at least one that knows how to use a smartcard).\r\n\r\nTo get better protection out of use with a smartcard even against a targeted\r\nattack I can think of at least two options:\r\n* The smartcard must require explicit confirmation for each decryption operation.\r\n  Or if it just provides a counter for decrypted data you could at least notice\r\n  an attack afterwards, though at quite some effort on your part.\r\n* Use a different smartcard for each (group of) key.\r\n* If using a YubiKey or U2F module or similar that requires a \"button\" press for\r\n  other authentication methods you can use one OTP/U2F enabled WebDAV account per\r\n  password (or groups of passwords) as a quite inconvenient workaround.\r\n  Unfortunately I do not know of any WebDAV service with OTP support except ownCloud\r\n  (so you would have to run your own server).\r\n\r\nPlanned features\r\n----------------\r\n* WebDAV support (configuration)\r\n* Templates (username, url etc)\r\n* First use wizards to set up password-store\r\n* Colour coding folders (possibly disabling folders you can't decrypt)\r\n* Optional table view of decrypted folder contents\r\n\r\nInstallation\r\n------------\r\nOn most systems all you need is:\r\n`qmake && make && make install`\r\n\r\nOn MacOsX:\r\n`qmake && make && macdeployqt -dmg`\r\n\r\nCurrently seems to only work with MacGPG2","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."}