This file is indexed.

/usr/share/doc/yapet/html/DESIGN.html is in yapet 0.8~pre2-1build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>YAPET - Yet Another Password Encryption Tool 0.8pre2</title><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article" title="YAPET - Yet Another Password Encryption Tool 0.8pre2"><div class="titlepage"><div><div><h2 class="title"><a id="id2514968"></a>YAPET - Yet Another Password Encryption Tool 0.8pre2</h2></div><div><h3 class="subtitle"><em>YAPET - Design</em></h3></div><div><div class="author"><h3 class="author"><span class="firstname">Rafael</span> <span class="surname">Ostertag</span></h3></div></div><div><p class="releaseinfo">
      $Id: DESIGN.sgml.in 2904 2009-09-04 05:11:30Z rafi $
    </p></div><div><p class="copyright">Copyright © 2008, 2009, 2010 Rafael Ostertag &lt;rafi@guengel.ch&gt;</p></div></div><hr /></div><div class="toc"><p><strong>Table of Contents</strong></p><dl><dt><span class="sect1"><a href="#general">General</a></span></dt><dt><span class="sect1"><a href="#masterpassword">Master Password</a></span></dt><dt><span class="sect1"><a href="#encryptionkey">Encryption Key</a></span></dt><dt><span class="sect1"><a href="#filestructure">File Structure</a></span></dt><dd><dl><dt><span class="sect2"><a href="#recogstring">Recognition String</a></span></dt><dt><span class="sect2"><a href="#fileheader">Header</a></span></dt><dt><span class="sect2"><a href="#passwordrecord">Password Records</a></span></dt><dt><span class="sect2"><a href="#example">Example</a></span></dt></dl></dd><dt><span class="sect1"><a href="#security">Security</a></span></dt><dt><span class="sect1"><a href="#references">References</a></span></dt></dl></div><div class="sect1" title="General"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="general"></a>General</h2></div></div></div><p>YAPET stores passwords encrypted on disk. Passwords are kept in
    records with additional information. A record is comprised by the following
    components:
    </p><div class="variablelist"><dl><dt><span class="term"><span class="guilabel">Name</span></span></dt><dd>The name displayed in the Main Screen.</dd><dt><span class="term"><span class="guilabel">Host</span></span></dt><dd>The host on which the password is used.</dd><dt><span class="term"><span class="guilabel">Username</span></span></dt><dd>The user name the password is associated with.</dd><dt><span class="term"><span class="guilabel">Password</span></span></dt><dd>The password to protect.</dd><dt><span class="term"><span class="guilabel">Comment</span></span></dt><dd>A comment.</dd></dl></div><p>The encryption and hash functions used by YAPET are provided
      by the <span class="citerefentry"><span class="refentrytitle">crypto</span>(3)</span> library of <span class="citerefentry"><span class="refentrytitle">ssl</span>(3)</span>. YAPET does not provide them
      itself.</p></div><div class="sect1" title="Master Password"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="masterpassword"></a>Master Password</h2></div></div></div><p>YAPET uses a master password provided by the user to generate
      a key in order to encrypt and decrypt the password records. The
      master password is not stored permanently. It has to be entered
      when a file is opened or the screen is locked in order to unlock
      it.</p></div><div class="sect1" title="Encryption Key"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="encryptionkey"></a>Encryption Key</h2></div></div></div><p>The encryption key is generated by calculating a SHA1 hash
      of the master password. MD5 is used to hash the SHA1 hash. Both
      hashes are concatenated. Finally, RIPEMD-160 is used to generate
      a hash of the SHA1 and MD5 hashes. The RIPEMD-160 hash is then
      appended to the SHA1 and MD5 hash, yielding a key of 448
      bits. This key will be used for the Blowfish encryption
      algorithm in order to encrypt and decrypt password
      records.</p></div><div class="sect1" title="File Structure"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="filestructure"></a>File Structure</h2></div></div></div><p>A file created by YAPET has the following basic
    structure</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">Clear text recognition
      string</li><li class="listitem">Clear text header length indicator
      (prefix)</li><li class="listitem">Encrypted header</li><li class="listitem">Clear text password record length indicator
      (prefix)</li><li class="listitem">Encrypted password
      record</li><li class="listitem">Clear text password record length indicator
      (prefix)</li><li class="listitem">Encrypted password
      record</li><li class="listitem"></li></ol></div><p>The prefixes are stored in big endian order, regardless of
    the endianess of the platform YAPET is running.</p><div class="sect2" title="Recognition String"><div class="titlepage"><div><div><h3 class="title"><a id="recogstring"></a>Recognition String</h3></div></div></div><p>Each file created by YAPET starts with a unencrypted
	recognition string which currently consists of the 8
	bytes <code class="literal">YAPET1.0</code> as depicted in
	<a class="xref" href="#fig.recogstring" title="Figure 1. Recognition String">Figure 1, “Recognition String”</a>.</p><div class="figure"><a id="fig.recogstring"></a><p class="title"><strong>Figure 1. Recognition String</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+--------+--------+--------+--------+
|   Y    |   A    |   P    |   E    |   T    |   1    |   .    |   0    |
| 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte |
+--------+--------+--------+--------+--------+--------+--------+--------+
</pre></div></div></div><br class="figure-break" /></div><div class="sect2" title="Header"><div class="titlepage"><div><div><h3 class="title"><a id="fileheader"></a>Header</h3></div></div></div><p>After the recognition string a 4 byte unsigned integer
	which is stored in big-endian order follows. This indicator is
	read to determine how many bytes to read in order to get the
	encrypted header (<a class="xref" href="#fig.encryptedheader" title="Figure 2. Encrypted Header">Figure 2, “Encrypted Header”</a>).</p><div class="figure"><a id="fig.encryptedheader"></a><p class="title"><strong>Figure 2. Encrypted Header</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+
|   Length indicator in big-endian  |
|         order (4 bytes)           |
+--------+--------+--------+--------+--...---+
|  Encrypted header exactly as many bytes    |
|        indicated by the prefix             |
+--------+--------+--------+--------+--...---+
</pre></div></div></div><br class="figure-break" /><div class="sect3" title="Pre Version 0.6 Header"><div class="titlepage"><div><div><h4 class="title"><a id="prev0.6_header"></a>Pre Version 0.6 Header</h4></div></div></div><p>The decrypted header (<a class="xref" href="#fig.decryptedheaderpre0.6" title="Figure 3. Pre Version 0.6 Decrypted Header">Figure 3, “Pre Version 0.6 Decrypted Header”</a>) is 25 bytes in size. The first
	byte indicates the version of the file. The next 20 bytes are used as
	control string. After decryption, the control string is compared to the
	predefined clear text control string, in order to find out whether or
	not the key used to decrypt was the same used to encrypt. The control
	string holds all characters from A to Z.</p><div class="figure"><a id="fig.decryptedheaderpre0.6"></a><p class="title"><strong>Figure 3. Pre Version 0.6 Decrypted Header</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+
|Version |
| 1 byte |
+--------+--------+--------+--...---+
|          Control String           |
|             20 bytes              |
+--------+--------+--------+--...---+
|  Time when the Password  |
|    was set (4 bytes)     |
+--------+--------+--------+
</pre></div></div></div><br class="figure-break" /><p>The Version field holds the value 1
	(<code class="varname">YAPET::VERSION_1</code>).</p><p>The length of the header is either 25 bytes on 32bit
	architectures, or 29 bytes on 64bit architectures.</p><p>This is considered as design flaw, thus starting from YAPET 0.6,
	the version 0.6 header was introduced, providing a stable size across
	platforms (see <a class="xref" href="#v0.6_header" title="Version 0.6 Header">the section called “Version 0.6 Header”</a>).</p></div><div class="sect3" title="Version 0.6 Header"><div class="titlepage"><div><div><h4 class="title"><a id="v0.6_header"></a>Version 0.6 Header</h4></div></div></div><p>The pre version 0.6 header was designed with the uneducated
	assumption that <code class="varname">time_t</code> is always 4 bytes in
	size. This is not the case. Therefore, the version 0.6 header uses 64
	bits for the password set field, regardless of the architecture, as
	shown in <a class="xref" href="#fig.decryptedheader0.6" title="Figure 4. Version 0.6 Decrypted Header">Figure 4, “Version 0.6 Decrypted Header”</a>. The Version field
	will hold the value 2 (<code class="varname">YAPET::VERSION_2</code>).</p><p>Thus, the new header has always a size of 29 bytes, hence being
	stable across platforms.</p><div class="figure"><a id="fig.decryptedheader0.6"></a><p class="title"><strong>Figure 4. Version 0.6 Decrypted Header</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+
|Version |
| 1 byte |
+--------+--------+--------+--------+--------+--------+--...---+
|                     Control String                           |
|                        20 bytes                              |
+--------+--------+--------+--------+--------+--------+--...---+--------+
|            Time when the Password was set (8 bytes)                   |
|                                                                       |
+--------+--------+--------+--------+--------+--------+--------+--------+
</pre></div></div></div><br class="figure-break" /><p>YAPET 0.6 or later is still able to read pre version 0.6 headers
	in order to maintain backwards compatibility with earlier releases. It
	will however write a version 0.6 header upon password change.</p><p>YAPET 0.5 or earlier is able to read version 0.6 headers. If the
	master password on a version 0.6 file is changed using YAPET 0.5 or earlier,
	it will automatically become a pre version 0.6 file, and the
	restrictions for version 0.5 applies.</p><p><a class="xref" href="#tab.ver0.5compat" title="Table 1. File Compatibility Matrix of YAPET 0.5 or earlier">Table 1, “File Compatibility Matrix of YAPET 0.5 or earlier”</a> lists the compatibility
	between different processor architectures and YAPET 0.5.</p><p>The tests were conducted mainly on Linux boxes.</p><div class="table"><a id="tab.ver0.5compat"></a><p class="title"><strong>Table 1. File Compatibility Matrix of YAPET 0.5 or earlier</strong></p><div class="table-contents"><table summary="File Compatibility Matrix of YAPET 0.5 or earlier" border="1"><colgroup><col align="left" class="vendianess" /><col align="left" class="vbits" /><col align="left" class="proc" /><col align="center" class="f32le0.5" /><col align="center" class="f64le0.5" /><col align="center" class="f32be0.5" /><col align="center" class="f64be0.5" /><col align="center" class="f32le0.6" /><col align="center" class="f64le0.6" /><col align="center" class="f32be0.6" /><col align="center" class="f64be0.6" /></colgroup><thead><tr><th rowspan="4" colspan="3" align="left">
		  YAPET running on
		</th><th colspan="8" align="center">
		  File created
		</th></tr><tr><th colspan="4" align="center">Version 0.5 or earlier</th><th colspan="4" align="center">Version 0.6</th></tr><tr><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th></tr><tr><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th></tr></thead><tbody><tr><td rowspan="6" align="left">
		  <p>Little</p>
		  <p>Endian</p>
		</td><td rowspan="3" align="left">
		  32bit
		</td><td align="left">ARM XScale</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a id="fnote.dateissue" href="#ftn.fnote.dateissue" class="footnote">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">i386</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">MIPS Loongson</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td rowspan="3" align="left">
		  64bit
		</td><td align="left">AMD Opteron</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">IA64</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">Xeon</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td rowspan="6" align="left">
		  <p>Big</p>
		  <p>Endian</p>
		</td><td rowspan="4" align="left">
		  32bit
		</td><td align="left">PA-RISC</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">PowerPC G4</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">PowerPC G5</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td align="left">SPARC</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td></tr><tr><td rowspan="2" align="left">
		  64bit
		</td><td align="left">PowerPC G5</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">SPARC</td><td align="center">no</td><td align="center">yes<sup>[<a href="#ftn.fnote.dateissue" class="footnoteref">a</a>]</sup></td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr></tbody><tbody class="footnotes"><tr><td colspan="11"><div class="footnote"><p><sup>[<a id="ftn.fnote.dateissue" href="#fnote.dateissue" class="para">a</a>] </sup>The password set field will be
		incorrectly read and displayed as <code class="literal">Thu Jan 1 01:00:00
		1970</code> in YAPET.</p></div></td></tr></tbody></table></div></div><br class="table-break" /><p><a class="xref" href="#tab.ver0.5compat" title="Table 1. File Compatibility Matrix of YAPET 0.5 or earlier">Table 1, “File Compatibility Matrix of YAPET 0.5 or earlier”</a> boils down to <a class="xref" href="#tab.ver0.5compatsmall" title="Table 2. Summary of File Compatibility Matrix of YAPET 0.5 or earlier">Table 2, “Summary of File Compatibility Matrix of YAPET 0.5 or earlier”</a></p><div class="table"><a id="tab.ver0.5compatsmall"></a><p class="title"><strong>Table 2. Summary of File Compatibility Matrix of YAPET 0.5 or earlier</strong></p><div class="table-contents"><table summary="Summary of File Compatibility Matrix of YAPET 0.5 or earlier" border="1"><colgroup><col align="left" class="proc" /><col align="center" class="f32le0.5" /><col align="center" class="f64le0.5" /><col align="center" class="f32be0.5" /><col align="center" class="f64be0.5" /><col align="center" class="f32le0.6" /><col align="center" class="f64le0.6" /><col align="center" class="f32be0.6" /><col align="center" class="f64be0.6" /></colgroup><thead><tr><th rowspan="4" align="left">
		  YAPET running on
		</th><th colspan="8" align="center">
		  File created
		</th></tr><tr><th colspan="4" align="center">Version 0.5 or earlier</th><th colspan="4" align="center">Version 0.6</th></tr><tr><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th><th colspan="2" align="center">Little Endian</th><th colspan="2" align="center">Big Endian</th></tr><tr><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th><th align="center">32bit</th><th align="center">64bit</th></tr></thead><tbody><tr><td align="left">Little Endian 32bit</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">Little Endian 64bit</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">Big Endian 32bit</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr><tr><td align="left">Big Endian 64bit</td><td align="center">no</td><td align="center">yes</td><td align="center">no</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td><td align="center">yes</td></tr></tbody></table></div></div><br class="table-break" /></div></div><div class="sect2" title="Password Records"><div class="titlepage"><div><div><h3 class="title"><a id="passwordrecord"></a>Password Records</h3></div></div></div><p>Each encrypted password record is prefixed by a 4 byte
	unsigned integer which is stored in big-endian order. That
	integer is used to indicate the length of the following
	encrypted data chunk.
      </p><div class="figure"><a id="fig.passwordrecord"></a><p class="title"><strong>Figure 5. Encrypted Password Record</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+
|   Length indicator in big-endian  |
|         order (4 bytes)           |
+--------+--------+--------+--------+--...---+
|  Encrypted password record of exactly as   |
|   many bytes as indicated by the prefix    |
+--------+--------+--------+--------+--...---+
|   Length indicator in big-endian  |
|         order (4 bytes)           |
+--------+--------+--------+--------+--...---+
|  Encrypted password record of exactly as   |
|   many bytes as indicated by the prefix    |
+--------+--------+--------+--------+--...---+
	      [ . . . ]
</pre></div></div></div><br class="figure-break" /></div><div class="sect2" title="Example"><div class="titlepage"><div><div><h3 class="title"><a id="example"></a>Example</h3></div></div></div><p>Putting this together, an encrypted file created by YAPET
	may look like this</p><div class="figure"><a id="fig.examplefile"></a><p class="title"><strong>Figure 6. Encrypted File Example</strong></p><div class="figure-contents"><div class="mediaobject"><pre class="screen">
+--------+--------+--------+--------+--------+--------+--------+--------+
|   Y    |   A    |   P    |   E    |   T    |   1    |   .    |   0    |
| 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte | 1 byte |
+--------+--------+--------+--------+--------+--------+--------+--------+
|   Length indicator in big-endian  |
|         order (4 bytes)           |
+--------+--------+--------+--------+--...---+
|  Encrypted header exactly as many bytes    |
|        indicated by the prefix             |
+--------+--------+--------+--------+--...---+
|   Length indicator in big-endian  |
|         order (4 bytes)           |
+--------+--------+--------+--------+--...---+
|  Encrypted password record of exactly as   |
|   many bytes as indicated by the prefix    |
+--------+--------+--------+--------+--...---+
|   Length indicator in big-endian  |
|         order (4 bytes)           |
+--------+--------+--------+--------+--...---+
|  Encrypted password record of exactly as   |
|   many bytes as indicated by the prefix    |
+--------+--------+--------+--------+--...---+
	      [ . . . ]
</pre></div></div></div><br class="figure-break" /></div></div><div class="sect1" title="Security"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security"></a>Security</h2></div></div></div><p>Memory used for storing sensitive information is cleared by
      setting it to zero upon de-allocation. This is default behavior
      of YAPET functions. However, YAPET cannot alter the way functions
      provided by <span class="citerefentry"><span class="refentrytitle">crypto</span>(3)</span> and <span class="citerefentry"><span class="refentrytitle">curses</span>(3X)</span> de-allocates memory. An attempt
      to make <span class="citerefentry"><span class="refentrytitle">curses</span>(3X)</span> more secure is taken by
      calling <span class="citerefentry"><span class="refentrytitle"><code class="function">wclear</code></span>(3X)</span> before
      calling <span class="citerefentry"><span class="refentrytitle"><code class="function">delwin</code></span>(3X)</span>, in the hope that
      it clears the memory associated with the curses window.
    </p><p>YAPET
      uses <span class="citerefentry"><span class="refentrytitle"><code class="function">setrlimit</code></span>(2)</span>
      to suppress the creation of core dumps. It also sets up signal
      handlers
      for <code class="literal">SIGHUP</code>, <code class="literal">SIGINT</code>, <code class="literal">SIGQUIT</code>, <code class="literal">SIGTERM</code>,
      and <code class="literal">SIGKILL</code> for doing a proper cleanup and
      clearing of allocated memory.</p><p>Apart from memory clearing, YAPET locks the screen after ten
    minutes of inactivity.</p><p>YAPET does not keep the password records decrypted in
    memory. It decrypts only the name of the password record in order
    to show it to the user. Password records are only decrypted for
    displaying and editing, when the user chooses to open a record.
    </p></div><div class="sect1" title="References"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="references"></a>References</h2></div></div></div><p>See also the code documentation that comes along with the
    source tarball of YAPET.</p></div></div></body></html>