/usr/share/doc/yapet/html/DESIGN.html is in yapet 0.8~pre2-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 | <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>YAPET - Yet Another Password Encryption Tool 0.8pre2</title><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article" title="YAPET - Yet Another Password Encryption Tool 0.8pre2"><div class="titlepage"><div><div><h2 class="title"><a id="id2514968"></a>YAPET - Yet Another Password Encryption Tool 0.8pre2</h2></div><div><h3 class="subtitle"><em>YAPET - Design</em></h3></div><div><div class="author"><h3 class="author"><span class="firstname">Rafael</span> <span class="surname">Ostertag</span></h3></div></div><div><p class="releaseinfo">
$Id: DESIGN.sgml.in 2904 2009-09-04 05:11:30Z rafi $
</p></div><div><p class="copyright">Copyright © 2008, 2009, 2010 Rafael Ostertag <rafi@guengel.ch></p></div></div><hr /></div><div class="toc"><p><strong>Table of Contents</strong></p><dl><dt><span class="sect1"><a href="#general">General</a></span></dt><dt><span class="sect1"><a href="#masterpassword">Master Password</a></span></dt><dt><span class="sect1"><a href="#encryptionkey">Encryption Key</a></span></dt><dt><span class="sect1"><a href="#filestructure">File Structure</a></span></dt><dd><dl><dt><span class="sect2"><a href="#recogstring">Recognition String</a></span></dt><dt><span class="sect2"><a href="#fileheader">Header</a></span></dt><dt><span class="sect2"><a href="#passwordrecord">Password Records</a></span></dt><dt><span class="sect2"><a href="#example">Example</a></span></dt></dl></dd><dt><span class="sect1"><a href="#security">Security</a></span></dt><dt><span class="sect1"><a href="#references">References</a></span></dt></dl></div><div class="sect1" title="General"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="general"></a>General</h2></div></div></div><p>YAPET stores passwords encrypted on disk. Passwords are kept in
records with additional information. A record is comprised by the following
components:
</p><div class="variablelist"><dl><dt><span class="term"><span class="guilabel">Name</span></span></dt><dd>The name displayed in the Main Screen.</dd><dt><span class="term"><span class="guilabel">Host</span></span></dt><dd>The host on which the password is used.</dd><dt><span class="term"><span class="guilabel">Username</span></span></dt><dd>The user name the password is associated with.</dd><dt><span class="term"><span class="guilabel">Password</span></span></dt><dd>The password to protect.</dd><dt><span class="term"><span class="guilabel">Comment</span></span></dt><dd>A comment.</dd></dl></div><p>The encryption and hash functions used by YAPET are provided
by the <span class="citerefentry"><span class="refentrytitle">crypto</span>(3)</span> library of <span class="citerefentry"><span class="refentrytitle">ssl</span>(3)</span>. YAPET does not provide them
itself.</p></div><div class="sect1" title="Master Password"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="masterpassword"></a>Master Password</h2></div></div></div><p>YAPET uses a master password provided by the user to generate
a key in order to encrypt and decrypt the password records. The
master password is not stored permanently. It has to be entered
when a file is opened or the screen is locked in order to unlock
it.</p></div><div class="sect1" title="Encryption Key"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="encryptionkey"></a>Encryption Key</h2></div></div></div><p>The encryption key is generated by calculating a SHA1 hash
of the master password. MD5 is used to hash the SHA1 hash. Both
hashes are concatenated. Finally, RIPEMD-160 is used to generate
a hash of the SHA1 and MD5 hashes. The RIPEMD-160 hash is then
appended to the SHA1 and MD5 hash, yielding a key of 448
bits. This key will be used for the Blowfish encryption
algorithm in order to encrypt and decrypt password
records.</p></div><div class="sect1" title="File Structure"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="filestructure"></a>File Structure</h2></div></div></div><p>A file created by YAPET has the following basic
structure</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">Clear text recognition
string</li><li class="listitem">Clear text header length indicator
(prefix)</li><li class="listitem">Encrypted header</li><li class="listitem">Clear text password record length indicator
(prefix)</li><li class="listitem">Encrypted password
record</li><li class="listitem">Clear text password record length indicator
(prefix)</li><li class="listitem">Encrypted password
record</li><li class="listitem">…</li></ol></div><p>The prefixes are stored in big endian order, regardless of
the endianess of the platform YAPET is running.</p><div class="sect2" title="Recognition String"><div class="titlepage"><div><div><h3 class="title"><a id="recogstring"></a>Recognition String</h3></div></div></div><p>Each file created by YAPET starts with a unencrypted
recognition string which currently consists of the 8
bytes <code class="literal">YAPET1.0</code> as depicted in
<a class="xref" href="#fig.recogstring" title="Figure 1. Recognition String">Figure 1, “Recognition String”</a>.</p><div class="figure"><a id="fig.recogstring"></a><p class="title"><strong>Figure 1. Recognition String</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+--------+--------+--------+--------+
| Y | A | P | E | T | 1 | . | 0 |
| 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte |
+--------+--------+--------+--------+--------+--------+--------+--------+
</pre></div></div></div><br class="figure-break" /></div><div class="sect2" title="Header"><div class="titlepage"><div><div><h3 class="title"><a id="fileheader"></a>Header</h3></div></div></div><p>After the recognition string a 4 byte unsigned integer
which is stored in big-endian order follows. This indicator is
read to determine how many bytes to read in order to get the
encrypted header (<a class="xref" href="#fig.encryptedheader" title="Figure 2. Encrypted Header">Figure 2, “Encrypted Header”</a>).</p><div class="figure"><a id="fig.encryptedheader"></a><p class="title"><strong>Figure 2. Encrypted Header</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+
| Length indicator in big-endian |
| order (4 bytes) |
+--------+--------+--------+--------+--...---+
| Encrypted header exactly as many bytes |
| indicated by the prefix |
+--------+--------+--------+--------+--...---+
</pre></div></div></div><br class="figure-break" /><div class="sect3" title="Pre Version 0.6 Header"><div class="titlepage"><div><div><h4 class="title"><a id="prev0.6_header"></a>Pre Version 0.6 Header</h4></div></div></div><p>The decrypted header (<a class="xref" href="#fig.decryptedheaderpre0.6" title="Figure 3. Pre Version 0.6 Decrypted Header">Figure 3, “Pre Version 0.6 Decrypted Header”</a>) is 25 bytes in size. The first
byte indicates the version of the file. The next 20 bytes are used as
control string. After decryption, the control string is compared to the
predefined clear text control string, in order to find out whether or
not the key used to decrypt was the same used to encrypt. The control
string holds all characters from A to Z.</p><div class="figure"><a id="fig.decryptedheaderpre0.6"></a><p class="title"><strong>Figure 3. Pre Version 0.6 Decrypted Header</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+
|Version |
| 1 byte |
+--------+--------+--------+--...---+
| Control String |
| 20 bytes |
+--------+--------+--------+--...---+
| Time when the Password |
| was set (4 bytes) |
+--------+--------+--------+
</pre></div></div></div><br class="figure-break" /><p>The Version field holds the value 1
(<code class="varname">YAPET::VERSION_1</code>).</p><p>The length of the header is either 25 bytes on 32bit
architectures, or 29 bytes on 64bit architectures.</p><p>This is considered as design flaw, thus starting from YAPET 0.6,
the version 0.6 header was introduced, providing a stable size across
platforms (see <a class="xref" href="#v0.6_header" title="Version 0.6 Header">the section called “Version 0.6 Header”</a>).</p></div><div class="sect3" title="Version 0.6 Header"><div class="titlepage"><div><div><h4 class="title"><a id="v0.6_header"></a>Version 0.6 Header</h4></div></div></div><p>The pre version 0.6 header was designed with the uneducated
assumption that <code class="varname">time_t</code> is always 4 bytes in
size. This is not the case. Therefore, the version 0.6 header uses 64
bits for the password set field, regardless of the architecture, as
shown in <a class="xref" href="#fig.decryptedheader0.6" title="Figure 4. Version 0.6 Decrypted Header">Figure 4, “Version 0.6 Decrypted Header”</a>. The Version field
will hold the value 2 (<code class="varname">YAPET::VERSION_2</code>).</p><p>Thus, the new header has always a size of 29 bytes, hence being
stable across platforms.</p><div class="figure"><a id="fig.decryptedheader0.6"></a><p class="title"><strong>Figure 4. Version 0.6 Decrypted Header</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+
|Version |
| 1 byte |
+--------+--------+--------+--------+--------+--------+--...---+
| Control String |
| 20 bytes |
+--------+--------+--------+--------+--------+--------+--...---+--------+
| Time when the Password was set (8 bytes) |
| |
+--------+--------+--------+--------+--------+--------+--------+--------+
</pre></div></div></div><br class="figure-break" /><p>YAPET 0.6 or later is still able to read pre version 0.6 headers
in order to maintain backwards compatibility with earlier releases. It
will however write a version 0.6 header upon password change.</p><p>YAPET 0.5 or earlier is able to read version 0.6 headers. If the
master password on a version 0.6 file is changed using YAPET 0.5 or earlier,
it will automatically become a pre version 0.6 file, and the
restrictions for version 0.5 applies.</p><p><a class="xref" href="#tab.ver0.5compat" title="Table 1. File Compatibility Matrix of YAPET 0.5 or earlier">Table 1, “File Compatibility Matrix of YAPET 0.5 or earlier”</a> lists the compatibility
between different processor architectures and YAPET 0.5.</p><p>The tests were conducted mainly on Linux boxes.</p><div class="table"><a id="tab.ver0.5compat"></a><p class="title"><strong>Table 1. File Compatibility Matrix of YAPET 0.5 or earlier</strong></p><div class="table-contents"><table summary="File Compatibility Matrix of YAPET 0.5 or earlier" border="1"><colgroup><col align="left" class="vendianess" /><col align="left" class="vbits" /><col align="left" class="proc" /><col align="center" class="f32le0.5" /><col align="center" class="f64le0.5" /><col align="center" class="f32be0.5" /><col align="center" class="f64be0.5" /><col align="center" class="f32le0.6" /><col align="center" class="f64le0.6" /><col align="center" class="f32be0.6" /><col align="center" class="f64be0.6" /></colgroup><thead><tr><th rowspan="4" colspan="3" align="left">
YAPET running on
</th><th colspan="8" align="center">
File created
</th></tr><tr><th colspan="4" align="center">Version 0.5 or earlier</th><th colspan="4" align="center">Version 0.6</th></tr><tr><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th></tr><tr><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th></tr></thead><tbody><tr><td rowspan="6" align="left">
<p>Little</p>
<p>Endian</p>
</td><td rowspan="3" align="left">
32bit
</td><td align="left">ARM XScale</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a id="fnote.dateissue" href="#ftn.fnote.dateissue" class="footnote">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">i386</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">MIPS Loongson</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td rowspan="3" align="left">
64bit
</td><td align="left">AMD Opteron</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">IA64</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">Xeon</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td rowspan="6" align="left">
<p>Big</p>
<p>Endian</p>
</td><td rowspan="4" align="left">
32bit
</td><td align="left">PA-RISC</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">PowerPC G4</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">PowerPC G5</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">SPARC</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td rowspan="2" align="left">
64bit
</td><td align="left">PowerPC G5</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">SPARC</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr></tbody><tbody class="footnotes"><tr><td colspan="11"><div class="footnote"><p><sup>[<a id="ftn.fnote.dateissue" href="#fnote.dateissue" class="para">a</a>] </sup>The password set field will be
incorrectly read and displayed as <code class="literal">Thu Jan 1 01:00:00
1970</code> in YAPET.</p></div></td></tr></tbody></table></div></div><br class="table-break" /><p><a class="xref" href="#tab.ver0.5compat" title="Table 1. File Compatibility Matrix of YAPET 0.5 or earlier">Table 1, “File Compatibility Matrix of YAPET 0.5 or earlier”</a> boils down to <a class="xref" href="#tab.ver0.5compatsmall" title="Table 2. Summary of File Compatibility Matrix of YAPET 0.5 or earlier">Table 2, “Summary of File Compatibility Matrix of YAPET 0.5 or earlier”</a></p><div class="table"><a id="tab.ver0.5compatsmall"></a><p class="title"><strong>Table 2. Summary of File Compatibility Matrix of YAPET 0.5 or earlier</strong></p><div class="table-contents"><table summary="Summary of File Compatibility Matrix of YAPET 0.5 or earlier" border="1"><colgroup><col align="left" class="proc" /><col align="center" class="f32le0.5" /><col align="center" class="f64le0.5" /><col align="center" class="f32be0.5" /><col align="center" class="f64be0.5" /><col align="center" class="f32le0.6" /><col align="center" class="f64le0.6" /><col align="center" class="f32be0.6" /><col align="center" class="f64be0.6" /></colgroup><thead><tr><th rowspan="4" align="left">
YAPET running on
</th><th colspan="8" align="center">
File created
</th></tr><tr><th colspan="4" align="center">Version 0.5 or earlier</th><th colspan="4" align="center">Version 0.6</th></tr><tr><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th></tr><tr><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th></tr></thead><tbody><tr><td align="left">Little Endian 32bit</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">Little Endian 64bit</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">Big Endian 32bit</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">Big Endian 64bit</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr></tbody></table></div></div><br class="table-break" /></div></div><div class="sect2" title="Password Records"><div class="titlepage"><div><div><h3 class="title"><a id="passwordrecord"></a>Password Records</h3></div></div></div><p>Each encrypted password record is prefixed by a 4 byte
unsigned integer which is stored in big-endian order. That
integer is used to indicate the length of the following
encrypted data chunk.
</p><div class="figure"><a id="fig.passwordrecord"></a><p class="title"><strong>Figure 5. Encrypted Password Record</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+
| Length indicator in big-endian |
| order (4 bytes) |
+--------+--------+--------+--------+--...---+
| Encrypted password record of exactly as |
| many bytes as indicated by the prefix |
+--------+--------+--------+--------+--...---+
| Length indicator in big-endian |
| order (4 bytes) |
+--------+--------+--------+--------+--...---+
| Encrypted password record of exactly as |
| many bytes as indicated by the prefix |
+--------+--------+--------+--------+--...---+
[ . . . ]
</pre></div></div></div><br class="figure-break" /></div><div class="sect2" title="Example"><div class="titlepage"><div><div><h3 class="title"><a id="example"></a>Example</h3></div></div></div><p>Putting this together, an encrypted file created by YAPET
may look like this</p><div class="figure"><a id="fig.examplefile"></a><p class="title"><strong>Figure 6. Encrypted File Example</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+--------+--------+--------+--------+
| Y | A | P | E | T | 1 | . | 0 |
| 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte |
+--------+--------+--------+--------+--------+--------+--------+--------+
| Length indicator in big-endian |
| order (4 bytes) |
+--------+--------+--------+--------+--...---+
| Encrypted header exactly as many bytes |
| indicated by the prefix |
+--------+--------+--------+--------+--...---+
| Length indicator in big-endian |
| order (4 bytes) |
+--------+--------+--------+--------+--...---+
| Encrypted password record of exactly as |
| many bytes as indicated by the prefix |
+--------+--------+--------+--------+--...---+
| Length indicator in big-endian |
| order (4 bytes) |
+--------+--------+--------+--------+--...---+
| Encrypted password record of exactly as |
| many bytes as indicated by the prefix |
+--------+--------+--------+--------+--...---+
[ . . . ]
</pre></div></div></div><br class="figure-break" /></div></div><div class="sect1" title="Security"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security"></a>Security</h2></div></div></div><p>Memory used for storing sensitive information is cleared by
setting it to zero upon de-allocation. This is default behavior
of YAPET functions. However, YAPET cannot alter the way functions
provided by <span class="citerefentry"><span class="refentrytitle">crypto</span>(3)</span> and <span class="citerefentry"><span class="refentrytitle">curses</span>(3X)</span> de-allocates memory. An attempt
to make <span class="citerefentry"><span class="refentrytitle">curses</span>(3X)</span> more secure is taken by
calling <span class="citerefentry"><span class="refentrytitle"><code class="function">wclear</code></span>(3X)</span> before
calling <span class="citerefentry"><span class="refentrytitle"><code class="function">delwin</code></span>(3X)</span>, in the hope that
it clears the memory associated with the curses window.
</p><p>YAPET
uses <span class="citerefentry"><span class="refentrytitle"><code class="function">setrlimit</code></span>(2)</span>
to suppress the creation of core dumps. It also sets up signal
handlers
for <code class="literal">SIGHUP</code>, <code class="literal">SIGINT</code>, <code class="literal">SIGQUIT</code>, <code class="literal">SIGTERM</code>,
and <code class="literal">SIGKILL</code> for doing a proper cleanup and
clearing of allocated memory.</p><p>Apart from memory clearing, YAPET locks the screen after ten
minutes of inactivity.</p><p>YAPET does not keep the password records decrypted in
memory. It decrypts only the name of the password record in order
to show it to the user. Password records are only decrypted for
displaying and editing, when the user chooses to open a record.
</p></div><div class="sect1" title="References"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="references"></a>References</h2></div></div></div><p>See also the code documentation that comes along with the
source tarball of YAPET.</p></div></div></body></html>
|