bjk's blog

pwmd

Password Manager Daemon is a daemon that serves data to application via a socket. The data is stored in an encrypted XML file and the client must provide a key when opening and saving a file. I originally wrote this because I hate having to update account credentials for multiple applications that use the same data but it can be used for storing potentially anything. It uses a shared memory cache for storing a key so keys aren’t required for each open or save. Also features a configuration file to set the number of encryption iterations, logging and more.

Read the pwmd manual for available commands and syntax. There is also a tutorial to help you get started.

11 Comments »

  1. I will check out the tutorial of it soon! thanks

    Comment by Steve Harper — January 20, 2014 @ 11:31 pm

  2. Hello

    I recently upgraded my system from centos5-i686 to centos6-x86_64
    I can still decrypt my datafiles entries, but when adding new entries , it goes wrong
    the keys no longer work . Is there a way to decrypt the complete datafiles , and encrypt them anew ?
    Thanks

    Comment by Wim Bakker — June 8, 2013 @ 9:19 am

    • What version of pwmd are you using? Is there an error when adding new entries? Does the error occur when adding them or when trying to save? What client are you using (pwmc, qpwmc)? Knowing these things can make it easier to help you and improve the next version.

      Yes, you can decrypt and output to a plain XML file by doing:
      echo dump | pwmc datafile > data.xml

      To re-encrypt the XML, you will need to import the XML:
      pwmd --import data.xml -o new_datafile

      Then move new_datafile to ~/.pwmd/data.

      If you want to use your existing keys, pass the –keygrip option (if using version 3.x) when importing.

      Comment by bjk — June 8, 2013 @ 12:28 pm

  3. All problems solved , except for the allowed users, whatever I do , as soon as I uncomment
    the #allowed config option and add some users behind it, pwmd refuses any connection
    including from root.

    Comment by Wim Bakker — October 19, 2011 @ 5:00 pm

    • Be sure there are no spaces between the comma separated list of users/groups.

      Comment by bjk — October 19, 2011 @ 10:20 pm

      • As far as a tutorial, there is one included in the libpwmd package. Version 2.x of pwmd and version 6.x of libpwmd arent’t really worked on anymore, though. You may want to try the development versions by checking out the git repository for each since each include quite a few improvements from the previous stable version.

        The development version of pwmd depends on a development version of gpg-agent (gnupg) and so cannot be released as stable until gnupg v2.1 is released. But, it works and is better than pwmd 2.x if you don’t mind the gpg-agent dependency. The qpwmc client depends on libpwmd7 (also in development and requires the unreleased pwmd 3.0) and is much easier to use than the included pwmc client from the libpwmd package.

        Comment by bjk — October 19, 2011 @ 11:36 pm

  4. Upgrading glib to 2.16 helped , but now I get these errors :
    [/root]# echo -ne ’isp\tsmtp\thostname\tsomehost.com’ | pwmc –socket /var/run/.pwmd/socket –inquire STORE -S filename
    Connected.
    Opening data file “filename” …
    XFER 36/0 0%
    Saving changes …
    COMPRESS 228/228 100%
    ENCRYPT 1/1 100%
    Connection closed.
    [/root]# echo -ne ’get isp\tsmtp\thostname’ | pwmc –socket /var/run/.pwmd/socket filename
    Connected.
    Opening data file “filename” …
    DECRYPT 1/1 100%
    DECOMPRESS 228/228 100%
    CACHE 1
    ERR 275 Unknown IPC command
    Connection closed.

    So basically , I can now store something but retrieving gives an error
    Interactive mode does not work at all, either I don’t understand the manual
    or the utility does not function
    Is there a manual with some more elaborate instructions on how to use this
    utility ?

    Thanks
    Wim Bakker

    Comment by Wim Bakker — October 19, 2011 @ 1:12 pm

  5. Hai It does not compile , there seems to be an error :
    —————————————————————————————————–
    make[1]: Entering directory `/root/pwmd-2.20/src’
    gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -I../assuan/src -DLOCALEDIR=\”/usr/share/locale\” -I/usr/include/libxml2 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -g -O2 -MT pwmd-pwmd.o -MD -MP -MF .deps/pwmd-pwmd.Tpo -c -o pwmd-pwmd.o `test -f ‘pwmd.c’ || echo ‘./’`pwmd.c
    In file included from pwmd.c:66:
    xml.h:65: error: expected declaration specifiers or ‘…’ before ‘goffset’
    In file included from pwmd.c:67:
    common.h:132: error: expected specifier-qualifier-list before ‘goffset’
    common.h:185: error: expected specifier-qualifier-list before ‘goffset’
    In file included from pwmd.c:73:
    commands.h:27: error: expected declaration specifiers or ‘…’ before ‘goffset’
    pwmd.c: In function ‘cleanup_crypto’:
    pwmd.c:500: error: ‘struct crypto_s’ has no member named ‘outbuf’
    pwmd.c:501: error: ‘struct crypto_s’ has no member named ‘outbuf’
    pwmd.c:502: error: ‘struct crypto_s’ has no member named ‘outbuf’
    pwmd.c:505: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:506: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:508: error: ‘struct crypto_s’ has no member named ‘gh’
    pwmd.c:509: error: ‘struct crypto_s’ has no member named ‘gh’
    pwmd.c:511: error: ‘struct crypto_s’ has no member named ‘gh’
    pwmd.c: In function ‘export_common’:
    pwmd.c:843: error: ‘struct crypto_s’ has no member named ‘insize’
    pwmd.c: In function ‘xml_import’:
    pwmd.c:989: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:991: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:996: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c: In function ‘do_cache_push’:
    pwmd.c:1051: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1053: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1069: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1083: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1084: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1098: error: too many arguments to function ‘try_xml_decrypt’
    pwmd.c: In function ‘init_client_crypto2’:
    pwmd.c:1618: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1620: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1627: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1630: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1638: error: ‘struct crypto_s’ has no member named ‘keysize’
    pwmd.c:1644: error: ‘struct crypto_s’ has no member named ‘blocksize’
    pwmd.c:1649: error: ‘struct crypto_s’ has no member named ‘gh’
    pwmd.c:1650: error: ‘struct crypto_s’ has no member named ‘gh’
    pwmd.c:1652: error: ‘struct crypto_s’ has no member named ‘gh’
    pwmd.c: In function ‘convert_file’:
    pwmd.c:1688: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1690: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1699: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1725: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1725: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1725: error: too many arguments to function ‘try_xml_decrypt’
    pwmd.c:1730: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1730: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1730: error: too many arguments to function ‘convert_xml’
    pwmd.c:1737: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1739: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1740: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1740: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1742: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1743: error: ‘struct crypto_s’ has no member named ‘fh’
    pwmd.c:1743: error: ‘struct crypto_s’ has no member named ‘fh’
    make[1]: *** [pwmd-pwmd.o] Error 1
    make[1]: Leaving directory `/root/pwmd-2.20/src’
    make: *** [install-recursive] Error 1

    Comment by Wim Bakker — October 12, 2011 @ 10:29 am

    • Be sure your using libglib2 >= 2.14.0 since this version introduced the goffset data type.

      Comment by bjk — October 12, 2011 @ 9:57 pm

  6. I see that pwmd is xml based, can it manage foaf+ssl based credentials?

    thx

    Comment by Ed — May 17, 2010 @ 4:59 pm

    • Never heard of FOAF+SSL until you mentioned it. Seems like something that could be implemented though. The XML portion is only for the data file format. Remote access can be done by using a libpwmd client which can connect to an SSH server (still buggy).

      Comment by bjk — May 17, 2010 @ 10:52 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: