Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

pinentry-touchid

pinentry-touchid logo

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

Macbook Pro devices without Touch ID are currently not supported. These devices > lack a Touch ID sensor and while the alternative offered by Apple is to use (if available) an Apple Watch, this feature it is not yet implemented.

See it in action

pinentry-touchid in action with gopass

How does it work

This program interacts with the gpg-agent for providing a password, using the following rules:

  • If the password entry for the given key cannot be found in the Keychain we fallback to the pinentry-mac program to get the password. We recommend preventing pinentry-mac from storing the password: uncheck the Save in keychain checkbox in the dialog.

  • If a password entry is found the user will be shown the Touch ID dialog and upon successful authentication the password stored from the keychain will be returned to the gpg-agent.

  • If a password entry is found but is not "owned" by the pinentry-touchid program after the successful authentication with Touch ID, a normal password will be shown. This is an extra step enforced by the macOS keychain. In this dialog click Always allow after entering the password. This will allow pinentry-touchid to access the password entry without the need to type the additional password, but still, the access to the password will be guarded by Touch ID.

Installation

Homebrew

As part of our release process we keep an updated Homebrew Formula. To install pinentry-touchid using homebrew execute the following commands:

❯ brew tap jorgelbg/tap
❯ brew install pinentry-touchid

Homebrew will print the next steps, which will look similar to:

Summary 🍺 /usr/local/Cellar/pinentry-touchid/0.0.2: 4 files, 2.2MB, built in 10 seconds ">
==> Caveats
✅ Add the following line to your ~/.gnupg/gpg-agent.conf file:
      pinentry-program /usr/local/opt/pinentry-touchid/bin/pinentry-touchid

🔄  Then reload your gpg-agent:
    gpg-connect-agent reloadagent /bye

🔑  Run the following command to disable "Save in Keychain" in pinentry-mac:
    defaults write org.gpgtools.common DisableKeychain -bool yes

⛔️  If you are upgrading from a previous version, you will be asked to give
    access again to the keychain entry. Click "Always Allow" after the
    Touch ID verification to prevent this dialog from showing.
==> Summary
🍺  /usr/local/Cellar/pinentry-touchid/0.0.2: 4 files, 2.2MB, built in 10 seconds

Manual installation

  • Download the pinentry-touchid binary from our Releases page

  • Configure the gpg-agent to use pinentry-touchid as its pinentry program. Add or replace the following line to your gpg agent configuration in: ~/.gnupg/gpg-agent.conf:

pinentry-program /usr/local/bin/pinentry-touchid

You can replace /usr/local/bin/pinentry-touchid with the path where the binary was stored.

Configuration

We recommend disabling the option to store the password in the macOS Keychain for the default pinentry-mac program with the following option:

$ defaults write org.gpgtools.common DisableKeychain -bool yes

This will allow pinentry-touchid to create and automatically take ownership of the entry in the Keychain. If an entry already exists in the Keychain you need to always allow pinentry-touchid to access the existing entry.

Disclaimer

This project does not store the password/pin in the Secure Enclave of your device, instead uses the normal Keychain entry from pinentry-mac if available, or creates a new one.

Tested on

I've tested pinentry-touchid in the following combinations of devices and macOS versions:

  • MacBook Pro (15-inch, 2018), macOS Catalina - 10.15.7
  • MacBook Pro (15-inch, 2018), macOS Big Sur - 11.4, 11.5.0, 11.5.1
  • MacBook Pro (16-inch, Late 2019), macOS Big Sur - 11.4, 11.5.1

Links

Owner
Jorge Luis Betancourt
Software Engineer. Odd mix between SRE and DevOps. Occasional blogger/speaker. Love #metrics, #logs, and monitoring (now #observability).
Jorge Luis Betancourt
Comments
  • Support for ARM/M1 Macs

    Support for ARM/M1 Macs

    Tried generating binaries for the M1 Macs via goreleaser, but it fails with:

       ⨯ release failed after 6.02s error=failed to build for darwin_arm64: package command-line-arguments
    	imports github.com/lox/go-touchid: build constraints exclude all Go files in /Users/jbetancourt/dev/go/pkg/mod/github.com/lox/[email protected]
    

    There seems to be a build constraint in https://github.com/lox/go-touchid.

  • Update the root README with verbose configuration information

    Update the root README with verbose configuration information

    To help out people who may not be super familiar with GPG configuration, and may have trouble debugging.

    This is probably far too verbose as-is, but it's an abbreviated version of the steps in #3 .

  • pinentry-touchid -fix is not a command

    pinentry-touchid -fix is not a command

    Describe the bug

    I just installed pinentry-touchid from homebrew, and I'm following the readme, and when I run:

    $ pinentry-touchid -fix
    

    I get the message:

    flag provided but not defined: -fix
    Usage of pinentry-touchid:
      -check
        	Verify that pinentry-mac is present in the system
    

    pinentry-touchid -check works fine though.

    System information

    macOS

    • Architecture: Intel
    • Version: 12.3.1

    GPG

    • Output of gpg --version
    gpg (GnuPG) 2.3.6
    libgcrypt 1.10.1
    
    • Installed via Homebrew? yes

    Configuration

    • Please attach the output of the command gpgconf.
    gpg:OpenPGP:/usr/local/Cellar/gnupg/2.3.6/bin/gpg
    gpgsm:S/MIME:/usr/local/Cellar/gnupg/2.3.6/bin/gpgsm
    keyboxd:Public Keys:/usr/local/Cellar/gnupg/2.3.6/libexec/keyboxd
    gpg-agent:Private Keys:/usr/local/Cellar/gnupg/2.3.6/bin/gpg-agent
    scdaemon:Smartcards:/usr/local/Cellar/gnupg/2.3.6/libexec/scdaemon
    dirmngr:Network:/usr/local/Cellar/gnupg/2.3.6/bin/dirmngr
    pinentry:Passphrase Entry:/usr/local/opt/pinentry/bin/pinentry
    

    I couldn't actually get gpgconf to interact at all with my ~/.gnupg/gpg-agent.conf file, changes there just weren't respected, and gpgconf always output the same, even after restarting:

    As such the rest of the questions here aren't particularly answerable. The issue from pinentry-touchid -fix does seem directly that it's just missing that CLI flag.


    Logs

    gpg-agent:

    It would be very useful for us if you could enable the basic debug info for your gpg-agent and attach the generated log. Add the following to your ~/.gpg-agent.conf:

    debug-level basic
    log-file /Users/<USERNAME>/.gnupg/gpg-agent.log
    

    Reload gpg-agent with the following command:

    $ gpg-connect-agent reloadagent /bye
    

    Add/attach the relevant section of the log to this issue (feel free to redact your key IDs).

    pinentry-touchid:

    pinentry-touchid also generates its own log which you can find in $TMPDIR/pinentry-touchid.log.

  • feat: fallback to pinentry-mac if no touchID

    feat: fallback to pinentry-mac if no touchID

    There might be a situation when device has TouchID, but once the lid is closed sensor.IsTouchIDAvailable() returns false. It happens when you connect and external display to your laptop and have the lid closed.

    This PR adds a fallback scenario to call pinentry-mac when touchID is not available.

  • Allow for 18 chars long keys

    Allow for 18 chars long keys

    My key's ID has the following format: 0x123456789ABCDEF0 (I'm using rsa4096). When trying to use it with pinentry-touchid, it fails and prints Invalid keyID: 0x123456789ABCDEF0 to /tmp/pinentry-touchid.log. I added code allowing for 18-chars long keys and compiled it locally, and it works perfectly fine.

  • pinentry-touchid cannot be configured until after you have a key

    pinentry-touchid cannot be configured until after you have a key

    I set up pinentry-touchid at the start of a new machine before creating a new GPG key, I was never asked for a passphrase when going through key generation and was left very confused. Only after disabling the configuration (commenting out the gpg-agent.conf configuration line) was I prompted for a GPG key passphrase.

    I'm not informed enough on the particulars of GPG to offer a documentation change, but I am left feeling like it should be made clear that pinentry-touchid should only be configured after creating a new / importing an existing key, and that the key must have a passphrase, hence the whole purpose of pinentry.

  • gpg: [stdin]: clear-sign failed: No pinentry

    gpg: [stdin]: clear-sign failed: No pinentry

    Describe the bug

    I have freshly installed the pinentry-touchid from homebrew. The configuration didn't work well. I would appreciate it if you can locate what the problem is.

    I tried: pinentry-touchid returns: OK Hi from pinentry-touchid!

    When pinentry program is set to pinentry-mac, running echo "test" | gpg -vvv clearsign returns:

     ❯  echo "test" | gpg -vvv --clearsign
    gpg: using character set 'utf-8'
    gpg: Note: RFC4880bis features are enabled.
    gpg: no running gpg-agent - starting '/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg-agent'
    gpg: waiting for the agent to come up ... (5s)
    gpg: connection to the agent established
    gpg: using pgp trust model
    gpg: writing to stdout
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    test
    gpg: pinentry launched (61958 mac 1.1.1 - xterm-256color /private/tmp/com.apple.launchd.N7eC4KL1mw/org.xquartz:0 - 501/20 0)
    gpg: RSA/SHA256 signature from: "??? SunsetYe66"
    -----BEGIN PGP SIGNATURE-----
    
    iQGzBAEBCAAdFiEE3HGm3LzMJDi5MmgVmWNPzt9VFbcFAmHnokQACgkQmWNPzt9V
    Fbc8rgwAsyhMRA3gk+KZtNkhND5++ag8cLMkfSW5xFEYScNMp5EHPATM5aagTbhG
    ZS2DvBKOhWoo2oLZR7C1Kt5TOU4u92rgrjppBs5273Map27KQYKF0bYlo/5+mBzf
    DGd9ffdvhmcm/IMReyV5ABSPTDUNPi2He9CVzpT5gxTYceHe39aiR5Ij+7e5cy3j
    ZHtihlGJULSj8AaV6VuyCJO3vef1/4DVkjHKjy8pZR66IrcBin4dBMeQ1RkIPmkA
    hqqziORwY7c7zhQRB7qDp/l3xP76WgKwMFFQ3vkufl+GPr/+e0GT778EUaUxRxvr
    A0CVCibgFQWQSE2/CVSrRkgPzdwfDOzQ3Dy8T+RS6eISHi3eVv2BUQjWipM+7U8u
    8QyZOsR0zE+9T/8rPTJGmkC6zlVCEnebxMjfWxY30sKVIezSxhtkeCcmArqxKuVr
    58guXJB4fFHZ+D2spKVmodmWzubfNzN/vItbfxozPjSibraj5NEeNFCphXLMBbmX
    EUwQ0zcj
    =xfL3
    -----END PGP SIGNATURE-----
    

    But if set to pinentry-touchid, it fails:

    gpg: using character set 'utf-8'
    gpg: Note: RFC4880bis features are enabled.
    gpg: using pgp trust model
    gpg: writing to stdout
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    test
    gpg: signing failed: No pinentry
    gpg: [stdin]: clear-sign failed: No pinentry
    

    System information

    macOS

    • Architecture: M1
    • Version: 12.1

    GPG

    • Output of gpg --version
    gpg (GnuPG) 2.3.4
    libgcrypt 1.9.4
    Copyright (C) 2021 Free Software Foundation, Inc.
    License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Home: /Users/shawn.ye/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    AEAD: EAX, OCB
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2
    
    - Installed via Homebrew? Yes, via homebrew.

    Configuration

    • Please attach the output of the command gpgconf.
    gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg
    gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpgsm
    keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.4/libexec/keyboxd
    gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg-agent
    scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.4/libexec/scdaemon
    dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.4/bin/dirmngr
    pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry
    

    Logs

    gpg-agent:

     ❯  cat .gnupg/gpg-agent.log
    2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent'
    2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent.extra'
    2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent.browser'
    2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent.ssh'
    2022-01-19 13:26:38 gpg-agent[61090] gpg-agent (GnuPG) 2.3.4 started
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK Pleased to meet you, process 61088
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- RESET
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION ttytype=xterm-256color
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION display=/private/tmp/com.apple.launchd.N7eC4KL1mw/org.xquartz:0
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- GETINFO version
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> D 2.3.4
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION allow-pinentry-notify
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION agent-awareness=2.1.0
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SCD SERIALNO
    2022-01-19 13:26:38 gpg-agent[61090] no running /opt/homebrew/Cellar/gnupg/2.3.4/libexec/scdaemon daemon - starting it
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK GNU Privacy Guard's Smartcard server ready
    2022-01-19 13:26:38 gpg-agent[61090] first connection to daemon /opt/homebrew/Cellar/gnupg/2.3.4/libexec/scdaemon established
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> GETINFO socket_name
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- D /Users/shawn.ye/.gnupg/S.scdaemon
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: additional connections at '/Users/shawn.ye/.gnupg/S.scdaemon'
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> OPTION event-signal=31
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> SERIALNO
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- ERR 100696144 Operation not supported by device <SCD>
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> ERR 100696144 Operation not supported by device <SCD>
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- HAVEKEY --list=1000
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> KEYINFO --list
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> [ 44 20 f2 34 bd d3 f8 cd a8 7e 28 3d 88 e8 f5 c8 ...(28 byte(s) skipped) ]
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- KEYINFO ???
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> KEYINFO --list
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> S KEYINFO ??? - - - P - - -
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- RESET
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SIGKEY ???
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22SunsetYe66+<???>%22%0A3072-bit+RSA+key,+ID+???,%0Acreated+2021-12-07.%0A
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SETHASH 8 ???
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- PKSIGN
    2022-01-19 13:26:38 gpg-agent[61090] starting a new PIN Entry
    2022-01-19 13:26:38 gpg-agent[61090] can't connect to the PIN entry module '/opt/homebrew/bin/pinentry-touchid': End of file
    2022-01-19 13:26:38 gpg-agent[61090] DBG: error calling pinentry: No pinentry <GPG Agent>
    2022-01-19 13:26:38 gpg-agent[61090] failed to unprotect the secret key: No pinentry
    2022-01-19 13:26:38 gpg-agent[61090] failed to read the secret key
    2022-01-19 13:26:38 gpg-agent[61090] command 'PKSIGN' failed: No pinentry
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> ERR 67108949 No pinentry <GPG Agent>
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- [eof]
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> RESTART
    2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK
    

    Add/attach the relevant section of the log to this issue (feel free to redact your key IDs).

    pinentry-touchid:

     ❯ cat $TMPDIR/pinentry-touchid.log
    cat: /var/folders/91/jnf_k3s16lv1fg4q386yppb00000gn/T//pinentry-touchid.log: No such file or directory
    
  • fix issue with

    fix issue with "end of file"

    Detailed issue:

    can't connect to the PIN entry module '/opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid': End of file

    Reason:

    dig into the issue find out when gpg calls out to pinentry-touchi binary, it adds "--display /private/tmp/com.apple.launchd.MGdSfNPjrJ/org.xquartz:0" flag.

    Because --display is an unrecognized flag for the binary, it errors out immediately. This then result in an unclear message returned from gpg: "No pinentry".

    Fix:

    adding the dummy --dispaly flag to the flag parser.

  • Conflict log file owner when using fast user switching on the Macbook.

    Conflict log file owner when using fast user switching on the Macbook.

    Hello.

    I face a problem that conflicting log file owners when using fast user switching. Therefore, every time I switch users, required to remove /tmp/pinentry-touchid.log as a root.

    Could you possibly add some prefix or suffix to the default log file name, enable a specific log file path, or just the option of omitting logfile?

    Thank you.

  • Store the password in the Secure enclave

    Store the password in the Secure enclave

    It would be nice to store the password in the Secure Enclave similar to how https://github.com/maxgoedjen/secretive does.

    I didn't find a Golang library that allowed this and for now it is stored as an issue/would be nice to have at some point. This would also imply not being compatible with the normal pinentry-mac.

  • Fix pinentry for GPG ssh-agent emulation

    Fix pinentry for GPG ssh-agent emulation

    When using GPG's ssh-agent emulation, pinentry-touchid will panic and crash. This is due to GetPIN expecting the description to always come from a GPG signing request, and panicking when the regex matches don't actually capture anything.

    This PR is a quick fix that adds support for the pinentry description provided by GPG's ssh-agent emulation. Tested and works consistently on my M1.

  • Password not saved to Keychain

    Password not saved to Keychain

    Describe the bug

    pinentry-touchid doesn't save the password into the Keychain.

    As a result, I get the password/confirm password popup every time I use my GPG key which is really quite annoying 😅

    System information

    macOS

    • Architecture: M1 Pro
    • Version: 12.6 (21G115)

    GPG

    • Output of gpg --version
    gpg (GnuPG) 2.3.7
    libgcrypt 1.10.1
    Copyright (C) 2021 Free Software Foundation, Inc.
    
    • Installed via Homebrew? ✅

    Configuration

    • Please attach the output of the command gpgconf.
    ❯ gpgconf
    gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg
    gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpgsm
    keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/keyboxd
    gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg-agent
    scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/scdaemon
    dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/dirmngr
    pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry
    

    Logs

    gpg-agent:

    It would be very useful for us if you could enable the basic debug info for your gpg-agent and attach the generated log. Add the following to your ~/.gpg-agent.conf:

    debug-level basic
    log-file /Users/<USERNAME>/.gnupg/gpg-agent.log
    

    Reload gpg-agent with the following command:

    $ gpg-connect-agent reloadagent /bye
    

    Add/attach the relevant section of the log to this issue (feel free to redact your key IDs).

    gpg-agent.log

    pinentry-touchid:

    pinentry-touchid also generates its own log which you can find in $TMPDIR/pinentry-touchid.log.

    ❯ cat $TMPDIR/pinentry-touchid.log
    2022/10/12 13:15:22 main.go:118: Ready!
    2022/10/12 13:52:16 main.go:118: Ready!
    2022/10/12 15:03:37 main.go:118: Ready!
    2022/10/12 15:19:26 main.go:118: Ready!
    2022/10/12 16:29:32 main.go:118: Ready!
    2022/10/12 16:44:35 main.go:118: Ready!
    2022/10/12 17:01:53 main.go:118: Ready!
    2022/10/12 17:12:30 main.go:118: Ready!
    2022/10/13 00:01:17 main.go:118: Ready!
    2022/10/13 00:16:21 main.go:118: Ready!
    2022/10/13 10:43:06 main.go:118: Ready!
    2022/10/13 10:49:28 main.go:118: Ready!
    2022/10/13 10:50:56 main.go:118: Ready!
    2022/10/13 10:52:42 main.go:118: Ready!
    
  • gpg: signing failed: Bad Passphrase

    gpg: signing failed: Bad Passphrase

    Happens when I run $ echo "1234" | gpg -as - Reset Passphrase used from TouchID?

    (using) M1 Mac GPG $ gpg --version

    gpg (GnuPG) 2.3.7 libgcrypt 1.10.1 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

    Home: /Users/truckerbug/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 AEAD: EAX, OCB Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2

    • Installed via Homebrew? I think so, then ran a few manual commands to get it functioning.

    Configuration

    gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpgsm keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/keyboxd gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg-agent scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/scdaemon dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/dirmngr pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry

    Logs

    gpg-agent:

    /.gnupg/gpg-agent.log:

    gpg-agent.log

    pinentry-touchid also generates its own log which you can find in $TMPDIR/pinentry-touchid.log: 2022/09/06 11:29:15 main.go:118: Ready! 2022/09/06 11:31:17 main.go:118: Ready! 2022/09/06 11:38:37 main.go:118: Ready! 2022/09/06 11:39:20 main.go:118: Ready! 2022/09/06 11:40:08 main.go:118: Ready! 2022/09/06 20:41:06 main.go:118: Ready! 2022/09/06 20:41:43 main.go:118: Ready! 2022/09/06 20:45:47 main.go:118: Ready! 2022/09/06 20:50:07 main.go:118: Ready! 2022/09/06 20:50:11 main.go:118: Ready! 2022/09/06 20:50:13 main.go:348: Failed to authenticate 2022/09/06 20:50:30 main.go:118: Ready! 2022/09/06 20:50:32 main.go:348: Failed to authenticate 2022/09/06 20:50:34 main.go:118: Ready! 2022/09/06 20:51:58 main.go:118: Ready! 2022/09/06 20:54:09 main.go:118: Ready! 2022/09/06 20:54:30 main.go:118: Ready! 2022/09/06 20:54:34 main.go:348: Failed to authenticate 2022/09/06 20:54:35 main.go:118: Ready! 2022/09/06 20:54:37 main.go:348: Failed to authenticate 2022/09/06 20:55:47 main.go:118: Ready! 2022/09/06 20:58:17 main.go:118: Ready! 2022/09/06 20:58:19 main.go:348: Failed to authenticate 2022/09/06 20:58:21 main.go:118: Ready! 2022/09/06 20:58:22 main.go:348: Failed to authenticate 2022/09/06 20:58:36 main.go:118: Ready! 2022/09/06 21:00:16 main.go:118: Ready! 2022/09/06 21:00:21 main.go:118: Ready! 2022/09/06 21:00:29 main.go:118: Ready! 2022/09/06 21:01:37 main.go:118: Ready! 2022/09/06 21:01:40 main.go:348: Failed to authenticate 2022/09/06 21:01:41 main.go:118: Ready! 2022/09/06 21:01:42 main.go:348: Failed to authenticate 2022/09/06 21:01:47 main.go:118: Ready! 2022/09/06 21:01:50 main.go:348: Failed to authenticate 2022/09/06 21:04:48 main.go:118: Ready! that's all I can say for right now

  • Error: Duplicated entry in the keychain when gpg has comment

    Error: Duplicated entry in the keychain when gpg has comment

    Describe the bug

    I've been trying to use this gpg-agent for a while now. Finally got it working on the M1 chip mac. However, now im running into a new issue related to gpg comments and regex.

    Seems like pinentry-mac stores the key in the keychain without the comment, so when pinentry-touchid is looking for it, it isnt found -> tries to create -> duplicate key error.

    System information

    macOS

    • Architecture: M1
    • Version: (e.g. 11.6.1)

    GPG gpg (GnuPG) 2.3.7 libgcrypt 1.10.1 Homebrew: yes

    Configuration gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpgsm keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/keyboxd gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg-agent scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/scdaemon dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/dirmngr pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry

    Logs (I added some logs)

    2022/08/30 09:18:23 main.go:119: Ready! 2022/08/30 09:18:23 main.go:260: description: pinentry.Settings{Desc:"Please enter the passphrase to unlock the OpenPGP secret key:\n"Brandon Ryan (brandonryan.dev) [email protected]"\n4096-bit RSA key, ID C39ECBC9739CCB93,\ncreated 2021-11-24.\n", Prompt:"Passphrase:", Error:"", OkBtn:"", NotOkBtn:"", CancelBtn:"", Title:"", Timeout:0, RepeatPrompt:"", RepeatError:"", QualityBar:"", PasswordQuality:(func(string) int)(nil), KeyInfo:"n/D25BB7218F89E807AAF8A055340843E8FDAC1A0B", Opts:pinentry.Options{Grab:false, AllowExtPasswdCache:true, Display:"", TTYType:"xterm-256color", TTYName:"/dev/ttys000", TTYAlert:"", LCCtype:"en_US.UTF-8", LCMessages:"en_US.UTF-8", Owner:"23826/501 Brandons-MacBook-Pro.local", TouchFile:"/Users/brandonryan/.gnupg/S.gpg-agent", ParentWID:"", InvisibleChar:""}} 2022/08/30 09:18:23 main.go:285: matches: []string{"ID C39ECBC9739CCB93,", "C39ECBC9739CCB93"} 2022/08/30 09:18:23 main.go:291: KeyID: "C39ECBC9739CCB93" 2022/08/30 09:18:23 main.go:298: keychain label: "Brandon Ryan (brandonryan.dev) [email protected] (C39ECBC9739CCB93)" 2022/08/30 09:18:23 main.go:305: key exists: false 2022/08/30 09:18:23 main.go:348: Duplicated entry in the keychain

    gpg-agent:

    #pinentry-program /opt/homebrew/bin/pinentry-mac #pinentry-program /opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid

    pinentry-program /Users/brandonryan/Development/pinentry-touchid/pinentry-touchid

  • gpg: signing failed: No passphrase given

    gpg: signing failed: No passphrase given

    Description

    I managed to configure pinentry-mac to work nicely, but when I try to switch to pinentry-touchid I am unable to find a proper way of solving this problem. After I follow the steps provided after installation, I keep getting the following error message:

    gpg: signing failed: No passphrase given
    gpg: [stdin]: clear-sign failed: No passphrase given
    

    Simplest test to reproduce:

    echo "test" | gpg -vvv --clearsign

    I have generated keys which have passphrases of course, but now I am unsure how to provide these passphrases to the pinentry.

    System information

    macOS

    • Architecture: ARM/M1 Pro (late 2021)
    • Version: 12.4 Monterey

    GPG

    • gpg (GnuPG) 2.3.6
    • Homebrew all the way!

    Configuration

    gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.6/bin/gpg
    gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.6/bin/gpgsm
    keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.6/libexec/keyboxd
    gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.6/bin/gpg-agent
    scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.6/libexec/scdaemon
    dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.6/bin/dirmngr
    pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry
    

    Logs

    2022-07-01 16:50:14 gpg-agent[16600] enabled debug flags: ipc
    2022-07-01 16:50:14 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:14 gpg-agent[16600] DBG: chan_7 <- [eof]
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK Pleased to meet you, process 16934
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- RESET
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- OPTION ttyname=/dev/ttys000
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- OPTION ttytype=xterm-256color
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- OPTION lc-ctype=UTF-8
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- GETINFO version
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> D 2.3.6
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- OPTION allow-pinentry-notify
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- OPTION agent-awareness=2.1.0
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- SCD SERIALNO
    2022-07-01 16:50:19 gpg-agent[16600] new connection to /opt/homebrew/Cellar/gnupg/2.3.6/libexec/scdaemon daemon established (reusing)
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_8 -> SERIALNO
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_8 <- ERR 100696144 Operation not supported by device <SCD>
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> ERR 100696144 Operation not supported by device <SCD>
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- HAVEKEY --list=1000
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_8 -> KEYINFO --list
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_8 <- OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> [ 44 20 52 af 5d 47 8d 4d a5 13 0e da d2 c4 ee a5 ...(26 byte(s) skipped) ]
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- KEYINFO XXXXXX
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_8 -> KEYINFO --list
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_8 <- OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> S KEYINFO XXXXXX D - - - P - - -
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- RESET
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- SIGKEY XXXXXX
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22nemscep_at_github+(key+to+rule+them+all)+<[email protected]>%22%0A4096-bit+RSA+key,+ID+XXXXXX,%0Acreated+2022-07-01.%0A
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- SETHASH 8 XXXXXXX
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:50:19 gpg-agent[16600] DBG: chan_7 <- PKSIGN
    2022-07-01 16:50:19 gpg-agent[16600] starting a new PIN Entry
    2022-07-01 16:50:19 gpg-agent[16600] DBG: connection to PIN entry established
    2022-07-01 16:50:19 gpg-agent[16600] You may want to update to a newer pinentry
    2022-07-01 16:50:20 gpg-agent[16600] DBG: error calling pinentry: No passphrase given <GPG Agent>
    2022-07-01 16:50:20 gpg-agent[16600] failed to unprotect the secret key: No passphrase given
    2022-07-01 16:50:20 gpg-agent[16600] failed to read the secret key
    2022-07-01 16:50:20 gpg-agent[16600] command 'PKSIGN' failed: No passphrase given
    2022-07-01 16:50:20 gpg-agent[16600] DBG: chan_7 -> ERR 67109041 No passphrase given <GPG Agent>
    2022-07-01 16:50:20 gpg-agent[16600] DBG: chan_7 <- [eof]
    2022-07-01 16:50:20 gpg-agent[16600] DBG: chan_8 -> RESTART
    2022-07-01 16:50:20 gpg-agent[16600] DBG: chan_8 <- OK
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 -> OK Pleased to meet you, process 17044
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 <- RESET
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 <- OPTION ttyname=not a tty
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 <- NOP
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 -> OK
    2022-07-01 16:52:03 gpg-agent[16600] DBG: chan_7 <- [eof]
    
  • Pinentry Serve returned error: EOF

    Pinentry Serve returned error: EOF

    Describe the bug

    When running echo "GETPIN" | pinentry-touchid I get the following response

    OK Hi from pinentry-touchid!
    OK
    2022/06/06 10:54:16 Pinentry Serve returned error: EOF
    

    pinentry-mac runs as expected - I have tried to unsinstall & re-install pinentry-mac & pinentry-touchid with no sucess at this point. I have also been looking for similar issues but haven't found a solution as of yet.

    System information

    macOS

    • Architecture: Intel
    • Version: 12.3.1

    GPG

    • Output of gpg --version
    gpg (GnuPG) 2.3.6
    libgcrypt 1.10.1
    Copyright (C) 2021 Free Software Foundation, Inc.
    License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Home: /Users/<USER>/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    AEAD: EAX, OCB
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2 
    
    • Installed via Homebrew?

    Yes.

    Configuration

    • Please attach the output of the command gpgconf.
    gpg:OpenPGP:/usr/local/Cellar/gnupg/2.3.6/bin/gpg
    gpgsm:S/MIME:/usr/local/Cellar/gnupg/2.3.6/bin/gpgsm
    keyboxd:Public Keys:/usr/local/Cellar/gnupg/2.3.6/libexec/keyboxd
    gpg-agent:Private Keys:/usr/local/Cellar/gnupg/2.3.6/bin/gpg-agent
    scdaemon:Smartcards:/usr/local/Cellar/gnupg/2.3.6/libexec/scdaemon
    dirmngr:Network:/usr/local/Cellar/gnupg/2.3.6/bin/dirmngr
    pinentry:Passphrase Entry:/usr/local/opt/pinentry/bin/pinentry
    
    • gpg-agent.conf
    cat /Users/<USERNAME>/.gnupg/gpg-agent.conf
    debug-level basic
    log-file /Users/<USERNAME>.gnupg/gpg-agent.log
    pinentry-program /usr/local/opt/pinentry-touchid/bin/pinentry-touchid
    

    Logs

    gpg-agent:

    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 -> OK Pleased to meet you, process 36805
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 <- RESET
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 -> OK
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 <- OPTION ttyname=/dev/ttys004
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 -> OK
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 <- OPTION ttytype=xterm-256color
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 -> OK
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 <- OPTION lc-ctype=UTF-8
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 -> OK
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 <- reloadagent
    2022-06-06 10:53:55 gpg-agent[36329] SIGHUP received - re-reading configuration and flushing cache
    2022-06-06 10:53:55 gpg-agent[36329] reading options from '/Users/<USERNAME>/.gnupg/gpg-agent.conf'
    2022-06-06 10:53:55 gpg-agent[36329] enabled debug flags: ipc
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 -> OK
    2022-06-06 10:53:55 gpg-agent[36329] DBG: chan_8 <- [eof]
    

    pinentry-touchid:

    2022/06/06 10:49:49 main.go:105: Ready!
    2022/06/06 10:49:49 main.go:211: Confirm was called!
    2022/06/06 10:49:50 main.go:105: Ready!
    2022/06/06 10:49:50 main.go:211: Confirm was called!
    2022/06/06 10:50:15 main.go:105: Ready!
    2022/06/06 10:51:10 main.go:105: Ready!
    2022/06/06 10:51:45 main.go:105: Ready!
    2022/06/06 10:54:16 main.go:105: Ready!
    2022/06/06 10:57:46 main.go:105: Ready!
    2022/06/06 10:57:59 main.go:105: Ready!
    
  • Respect PINENTRY_USER_DATA=USE_CURSES=1

    Respect PINENTRY_USER_DATA=USE_CURSES=1

    pinentry-mac falls back to pinentry-curses if the env var PINENTRY_USER_DATA=USE_CURSES=1 is set, however pinentry-touchid does not respect this and will always prompt for touchid.

    This is needed when pinentry is requested over a remote connection where the user has no physical access to the system, ie ssh sessions.

Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!

Super Dollop Super Dollop can encrypt your files and notes by your own GPG key and save them in S3 or minIO to keep them safe and portability, also yo

Jul 11, 2022
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Dec 22, 2022
Not Yet Another Password Manager written in Go using libsodium

secrets Secure and simple passwords manager written in Go. It aims to be NYAPM (Not Yet Another Password Manager), but tries to be different from othe

May 30, 2022
password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

May 30, 2022
Allows you to replace a secret in a file using secrets manager

secrets inserter Allows you to replace a secret in a file using secrets manager. ::SECRET:secret-name:SECRET:: will be replaced with your secret-name

Dec 12, 2021
A light package for generating and comparing password hashing with argon2 in Go

argon2-hashing argon2-hashing provides a light wrapper around Go's argon2 package. Argon2 was the winner of the Password Hashing Competition that make

Sep 27, 2022
Argon2 password hashing package for go with constant time hash comparison

argon2pw Argon2 password hashing package with constant time hash comparison Preface: Argon2 was selected as the winner of the Password Hashing Competi

Sep 27, 2022
Password generator written in Go

go-generate-password Password generator written in Go. Use as a library or as a CLI. Usage CLI go-generate-password can be used on the cli, just insta

Dec 19, 2022
Validate the Strength of a Password in Go
Validate the Strength of a Password in Go

go-password-validator Simple password validator using raw entropy values. Hit the project with a star if you find it useful ⭐ Supported by Qvault This

Jan 6, 2023
:key: Idiotproof golang password validation library inspired by Python's passlib

passlib for go Python's passlib is quite an amazing library. I'm not sure there's a password library in existence with more thought put into it, or wi

Dec 30, 2022
A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

Oct 14, 2022
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

Dec 10, 2022
Secure Remote Password library for Go

go-srp NOTE: This is a port of node-srp to Go. I recommend reading their README for general information about the use of SRP. Installation go get gith

Aug 8, 2022
A Go Module to interact with Passbolt, a Open source Password Manager for Teams

go-passbolt A Go Module to interact with Passbolt, a Open source Password Manager for Teams This Module tries to Support the Latest Passbolt Community

Oct 29, 2022
ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.
ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded i

Dec 31, 2022
GoLang script that checks for password leaks by sending email address to the BreachDirectory API
GoLang script that checks for password leaks by sending email address to the BreachDirectory API

GoLang script that checks for password leaks by sending email address to the BreachDirectory API

Feb 17, 2022
User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin
User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin

goEnumBruteSpray Description Summary The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can

Dec 25, 2022
Password manager written in golang
Password manager written in golang

Go password manager Password manager written in golang. Dependencies: gpg golang

Dec 2, 2021