cloudflare / gokey Goto Github PK
View Code? Open in Web Editor NEWA simple vaultless password manager in Go
License: BSD 3-Clause "New" or "Revised" License
A simple vaultless password manager in Go
License: BSD 3-Clause "New" or "Revised" License
Looking at https://travis-ci.org/github/cloudflare/gokey, we see the following banner at the top of the page:
Since June 15th, 2021, the building on travis-ci.org is ceased. Please use travis-ci.com from now on.
Also, looks like the last time Travis CI ran on this repo was a year ago per the same page. Given the Travis CI change of support for open-source projects, it may make sense to either upgrade to a paid Travis CI offering or migrate to an alternative, such as GitHub Actions or any other service provider.
FWIW, I'm not affiliated with any of these, just thought I'd give you a heads up.
Hi, @secumod
I watched your presentation here:
https://www.usenix.org/conference/srecon17asia/program/presentation/korgachin
I have a question in regards to managing setups which consist of many servers. Do I need to store the same master seed in UEFI on every server? Is there a way to use different master seeds on different servers and still have secure trusted communication between the servers.
If the same master seed is stored on every server then it is easy but can this be done with separate unique master seeds stored in the UEFI and based on a random number generator for example.
I am trying to figure out if gokey can be used for something similar to this:
Each server machine in the data center has its own specific identity that can be tied to the hardware root of trust and the software with which the machine booted. This identity is used to authenticate API calls to and from low-level management services on the machine.
Does this implement a password-based encryption from a master password which is passed as a command line argument?
Not Recommended.
It seems that the master key is being used as entropy, and humans are super lazy so this means human picks something relatively short which has very small key space. not good for encryption. it seems then the master password is used as a limited key space to derive subsequent passwords through master-password-entropy + identifier string.
Not Recommended.
The PBDKF and HKDF algos are being used as derivation functions, for which they were not designed.
Not Recommended.
At the end of this little ditty, the standard algos are utilized, but its not going to help because the design is broken from the start.
"This way you need to remember only your master password and you can always recreate passwords for your services/resources."
LOL, no.
Please support ed25519 for SSH host keys.
% m1-terraform-provider-helper install hashicorp/template -v 2.2.0
Getting provider data from terraform registry
2023/11/28 10:46:34 Getting provider data from https://registry.terraform.io/v1/providers/hashicorp/template
2023/11/28 10:46:35 Provider data: {https://github.com/hashicorp/terraform-provider-template terraform-provider-template}
Getting source code...
2023/11/28 10:46:35 Extracted repo https://github.com/hashicorp/terraform-provider-template to terraform-provider-template
2023/11/28 10:46:35 Resetting /Users/loka/.m1-terraform-provider-helper/terraform-provider-template and pulling latest changes
Compiling...
FATA[0005] Bash execution did not run successfully: exit status 2.
Output:
go: github.com/hashicorp/[email protected] requires
labix.org/v2/[email protected]: unrecognized import path "labix.org/v2/mgo": GOVCS disallows using bzr for public labix.org/v2/mgo; see 'go help vcs'
make: *** [build] Error 1
Go getting and building gokey on Windows OS
go get github.com/cloudflare/gokey/cmd/gokey
gives this errors:
# github.com/cloudflare/gokey/cmd/gokey
...\src\github.com\cloudflare\gokey\cmd\gokey\main.go:121:43: cannot use syscall.Stdin (type syscall.Handle) as type int in argument to terminal.ReadPassword
...\src\github.com\cloudflare\gokey\cmd\gokey\main.go:133:47: cannot use syscall.Stdin (type syscall.Handle) as type int in argument to terminal.ReadPassword
The build is successful after replacing in main.go
:
terminal.ReadPassword(syscall.Stdin)
with:
terminal.ReadPassword(int(syscall.Stdin))
Several tests fail with go1.19, but pass with go1.18:
$ go version
go version go1.19 linux/amd64
$ go test ./...
--- FAIL: TestGetKey (2.99s)
gokey_test.go:161: keys with same invocation options do not match
FAIL
FAIL github.com/cloudflare/gokey 3.153s
? github.com/cloudflare/gokey/cmd/gokey [no test files]
--- FAIL: TestKnownKey (0.20s)
keygen_test.go:129: generated RSA 2048 does not match the expected result
--- FAIL: TestStdKey (0.25s)
keygen_test.go:149: mitigating crypto/internal/randutil.MaybeReadByte...
keygen_test.go:149: mitigating crypto/internal/randutil.MaybeReadByte...
keygen_test.go:194: RSA key generation algorithm from stdlib deviates from the one in gokey
FAIL
FAIL github.com/cloudflare/gokey/rsa 0.454s
FAIL
See the Debian FTBFS (fail-to-build-from-source) bug at https://bugs.debian.org/1017300 where @lnussbaum routinely rebuilds packages with the latest tools and libraries, and in this case, go1.19. It probably has to do with changes made to go1.19 built-in crypto libraries, see https://go.dev/doc/go1.19#minor_library_changes
Many thanks!
README is showing no hints on how to install the package. After go get github.com/cloudflare/gokey
there's no binary in $GOPATH/bin
.
At present either a password must be typed in or an unencrypted file must be present to encrypt a realm.
If the password could be specified with an environment variable the command requirements could be cut by 50% and concerns over master file storage security would be removed.
Would be nice if the master password prompt went to stderr so the output can be piped to a clipboard-grabber, e.g. on a Mac:
gokey -s myseed -r some/password | pbcopy
... resulting in the password being placed in the clipboard, rather than making the user select and copy it manually. In addition to being less manual, it also means the password doesn't actually ever need to be seen.
Note that this requires the newline after the password to not go to stdout either.
I really like the idea of this, but I'm struggling to understand how you'd deal with a situation where you might have generated passwords for a hundred sites/services, and one of them contacts you to say they've had a compromise and you need to change your password for that site.
Is this a scenario that gokey can cope with?
Guys,
Just downloaded Linux x64 binary from the release page and while playing with he app I've noticed strange thing:
seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 10
sPYL`0_9rj
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 11
D5`0Nm*nuY;
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 12
z/Beul!Q1,.V
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 13
/Beul!Q1,.V>]
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 14
Beul!Q1,.V>]<@
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 15
w+m6j-vJH{"bz/B
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 16
w+m6j-vJH{"bz/Be
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 17
w+m6j-vJH{"bz/Beu
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 18
w+m6j-vJH{"bz/Beul
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 19
w+m6j-vJH{"bz/Beul!
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 20
w+m6j-vJH{"bz/Beul!Q
[seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 50
w+m6j-vJH{"bz/Beul!Q1,.V>]<@0psPYL`0_9rjP[b,d~^`:%
seba@sebapc Pobrane]$ ./gokey-v0.1.2-linux-amd64 -p example-p@ss -r github.com -l 51
w+m6j-vJH{"bz/Beul!Q1,.V>]<@0psPYL`0_9rjP[b,d~^`:%3
As you may see the result password with additional character is very similar to the previous password.
The same is for different Master Password and different websites.
Is it the expected behaviour or not?
Thanks,
These days monitoring the commands, is becoming common. You have another option which does not see the secret password on the command line. Any chance of a python direct interface.
Used gokey on ClearLinux and Win10 to generate output (text/password) with/without seedfile.
Observed that the output from it is the same always-on respective OS.
The expectation was that the output is the same on both ClearLinux and Win10 so that gokey is reusable.
If it is an incorrect expectation then close this issue else consider enhancing gokey.
With the upcoming Go1.20, the tests fail
$ go version
go version go1.20rc2 linux/amd64
$ go test -count=1 ./...
? github.com/cloudflare/gokey/cmd/gokey [no test files]
--- FAIL: TestGetKey (0.02s)
gokey_test.go:161: keys with same invocation options do not match
FAIL
FAIL github.com/cloudflare/gokey 0.135s
ok github.com/cloudflare/gokey/rsa 2.279s
FAIL
It looks like real issue that the key generation is changed in Go1.20, but I haven't found related changelog in Go.
Hi,
On youtube in one of talks from 2017 @ignatk you mentioned that it's possible to re-encrypt seed file with new master password, so you still can generate the same passwords for all the realms as previous.
Could you please share the example command?
Every seed file generation needs a Master Password and when I use the seed file I already have it simply overwrites it.
Thank you
When I run go install github.com/cloudflare/gokey/cmd/gokey@latest
I am getting the following error
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:28:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:43:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:59:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:75:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:90:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:105:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:121:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:136:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:151:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:166:3: //go:linkname must refer to declared function or variable
../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:166:3: too many errors
When I am on a Linux machine, it works like a charm. But when I do this on a Mac(OS version 11.2) I run into this issue. go version go1.18.3 darwin/amd64
A few issues for reference: golang/go#49219, golang/go#51706
After installing go(go version go1.18.3 darwin/amd64) when I run go install github.com/cloudflare/gokey/cmd/gokey@latest
getting following error response-
# golang.org/x/sys/unix
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:28:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:43:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:59:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:75:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:90:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:105:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:121:3: //go:linkname # golang.org/x/sys/unix
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:28:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:43:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:59:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:75:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:90:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:105:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:121:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:136:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:151:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:166:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:166:3: too many errorsmust refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:136:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:151:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:166:3: //go:linkname must refer to declared function or variable
../../../go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:166:3: too many errors
As seen on https://travis-ci.org/cloudflare/gokey, with https://travis-ci.org/cloudflare/gokey/builds/474000487 from PR #16 in particular, the test TestGetKey fails on Go 1.11.4 as well as master (Go 1.12 in beta), while it passes on Go 1.10.7:
--- FAIL: TestGetKey (26.58s)
gokey_test.go:161: keys with same invocation options do not match
This was first detected by "autopkgtest" on Debian CI when we migrated the default Go version from 1.10 to 1.11, as reported at https://tracker.debian.org/pkg/golang-defaults:
Thanks in advance! Have a Happy New Year!
Anthony
Another way to avoid the password ending up in the shell history
It would be nice to have proper releases. Otherwise I have to take git snapshots for the Debian package which leads to long versions like 0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-2
.
Just wanted to try this tool but unable to go get ...
it...
$ go get -v github.com/cloudflare/gokey/cmd/gokey
github.com/cloudflare/gokey
# github.com/cloudflare/gokey
dev/go/src/github.com/cloudflare/gokey/gokey.go:103:39: key.(*ed25519.PrivateKey).Seed undefined (type *ed25519.PrivateKey has no field or method Seed)
$ go version
go version go1.13 linux/amd64
Any idea, please? Also tried go get -u ...
without any success...
Please describe the algorithm used for key generation.
For somebody unfamiliar with go, this would save a lot of time.
Thanks!
Hey @ignatk,
Based on your comment I understand that you want to add auto-release via GitHub actions, I am willing to help with this.
Here is how I am envisioning the workflow:
CHANGELOG.md
file to this repo.CHANGELOG.md
file in the master/main branch, a release is triggered.If you have a different vision for the auto-release, please do share it with me.
Before we start doing this, we could also change the primary branch to main (If I recall correctly, you wanted to change master to main).
Let me know your thoughts.......
The Debian package gokey 0.1.0-1 executes the test suite on build and takes normally a few minutes, but it takes hours on mips (running into a timeout for mipsel):
arch | gokey / s | gokey/rsa / s | total / s | total / min |
---|---|---|---|---|
amd64 | 62,699 | 9,48 | 72 | 1,2 |
arm64 | 55,506 | 14,007 | 70 | 1,2 |
armel | 794,092 | 232,153 | 1026 | 17,1 |
armhf | 209,169 | 55,441 | 265 | 4,4 |
i386 | 137,309 | 35,016 | 172 | 2,9 |
mips | 6315,264 | 1370,946 | 7686 | 128,1 |
mips64el | 4239,958 | 991,576 | 5232 | 87,2 |
mipsel | timeout | timeout | ||
ppc64 | 138,461 | 36,532 | 175 | 2,9 |
ppc64el | 40,098 | 10,276 | 50 | 0,8 |
s390x | 68,397 | 14,412 | 83 | 1,4 |
sparc64 | 324,662 | 71,095 | 396 | 6,6 |
Source: https://buildd.debian.org/status/package.php?p=gokey
Can the test suite be made faster for mips?
Go no longer uses go get
to install a binary from a project:
go get github.com/cloudflare/gokey/cmd/gokey
go: go.mod file not found in current directory or any parent directory.
'go get' is no longer supported outside a module.
To build and install a command, use 'go install' with a version,
like 'go install example.com/cmd@latest'
For more information, see https://golang.org/doc/go-get-install-deprecation
or run 'go help get' or 'go help install'.
Instead, use go install
with a version or @latest
:
$ go install github.com/cloudflare/gokey/cmd/gokey@latest
go: downloading github.com/cloudflare/gokey v0.1.0
go: downloading golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
go: downloading golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb
$ which gokey
/home/user/go/bin/gokey
Trying to use -l
as shown in the documentation doesn't work:
$ gokey -s seedfile -r domain.com -t pass -l 30
flag provided but not defined: -l
It's defined in the init()
function in gokey/main.go, but the function doesn't seem to be called.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.