derivepassphrase.git

@@ -3,19 +3,50 @@

 [![PyPI - Version](https://img.shields.io/pypi/v/derivepassphrase.svg)](https://pypi.org/project/derivepassphrase)

 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/derivepassphrase.svg)](https://pypi.org/project/derivepassphrase)

------

+An almost faithful Python reimplementation of [James Coglan's `vault`][VAULT], a deterministic password manager/generator.

+

+Using a master passphrase or a master SSH key, derive a passphrase for a given named service, subject to length, character and character repetition constraints.

+The derivation is cryptographically strong, meaning that even if a single passphrase is compromised, guessing the master passphrase or a different service's passphrase is computationally infeasible.

+The derivation is also deterministic, given the same inputs, thus the resulting passphrase need not be stored explicitly.

+The service name and constraints themselves also need not be kept secret; the latter are usually stored in a world-readable file.

-## Table of Contents

+[VAULT]: https://getvau.lt

-- [Installation](#installation)

-- [License](#license)

+-----

 ## Installation

+### With `pip`

+

+```console

+$ pip install derivepassphrase

+```

+

+### Manually

+

+`derivepassphrase` is a pure Python package, and may be easily installed manually by placing the respective files into Python's import path.

+`derivepassphrase` requires Python 3.11 or higher for its core functionality and programmatic interface, and [`click`][CLICK] 8.1 or higher for its command-line interface.

+

+[CLICK]: https://click.palletsprojects.com/

+

+## Quick Usage

+

+```console

+$ derivepassphrase -p --length 30 --upper 3 --lower 1 --number 2 --space 0 --symbol 0 my-email-account

+Passphrase: This passphrase is for demonstration purposes only.

+JKeet7GeBpxysOgdCEJo6UzmP8A0Ih

+```

+

+Some time later…

+

 ```console

-pip install derivepassphrase

+$ derivepassphrase -p --length 30 --upper 3 --lower 1 --number 2 --space 0 --symbol 0 my-email-account

+Passphrase: This passphrase is for demonstration purposes only.

+JKeet7GeBpxysOgdCEJo6UzmP8A0Ih

 ```

+(The user input `This passphrase is for demonstration purposes only.` for the passphrase prompt is not actually displayed on-screen.)

+

 ## License

 `derivepassphrase` is distributed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license.

@@ -1 +0,0 @@

-Great documentation will appear here.

@@ -0,0 +1 @@

+../README.md

\ No newline at end of file

@@ -1,9 +1,9 @@

-site_name: derivepassphrase documentation

+site_name: derivepassphrase

 site_url: null

 repo_url: https://github.com/the-13th-letter/derivepassphrase

 site_description: An almost faithful Python reimplementation of James Coglan's vault.

 site_author: Marco Ricci

-copyright: Copyright 2024 Marco Ricci (the-13th-letter).  All rights reserved.

+copyright: Copyright 2024 Marco Ricci (the-13th-letter).  All rights reserved.  Distributed under the MIT license.

 docs_dir: docs

 site_dir: html

@@ -75,7 +75,7 @@ plugins:

             - src

 nav:

-  - derivepassphrase documentation: index.md

+  - Overview: index.md

   #- tutorials.md

   #- How-Tos: how-tos.md

   - Reference:

@@ -78,9 +78,17 @@ requires = [

 [tool.hatch.env.collectors.mkdocs.docs]

 path = "mkdocs.yml"

+[tool.hatch.envs.docs]

+extra-dependencies = [

+  "black",

+  "mkdocs-material",

+]

+detached = false

+

 [tool.hatch.envs.types]

 extra-dependencies = [

   "mypy>=1.0.0",

+  "pytest",

 ]

 [tool.hatch.envs.types.scripts]

 check = "mypy --install-types --non-interactive {args:src/derivepassphrase tests}"

@@ -572,11 +572,15 @@ def derivepassphrase(

 ) -> None:

     """Derive a strong passphrase, deterministically, from a master secret.

-    Using a master passphrase or a master SSH key, derive a strong

-    passphrase for SERVICE, deterministically, subject to length,

-    character and character repetition constraints.  The service name

-    and constraints themselves need not be kept secret; the latter are

-    usually stored in a world-readable file.

+    Using a master passphrase or a master SSH key, derive a passphrase

+    for SERVICE, subject to length, character and character repetition

+    constraints.  The derivation is cryptographically strong, meaning

+    that even if a single passphrase is compromised, guessing the master

+    passphrase or a different service's passphrase is computationally

+    infeasible.  The derivation is also deterministic, given the same

+    inputs, thus the resulting passphrase need not be stored explicitly.

+    The service name and constraints themselves also need not be kept

+    secret; the latter are usually stored in a world-readable file.

     If operating on global settings, or importing/exporting settings,

     then SERVICE must be omitted.  Otherwise it is required.\f