Version 2 Beta

The second release of purse.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.

Known issues:

• Read actions now require two Yubikey touches, if touch to decrypt is enabled - once for the index and twice for the encrypted password file.

Changelist:

• Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
• Individual password filenames are random, mapped to usernames in an encrypted index file.
• Index and password files are now "immutable" using chmod while purse.sh is not running.
• Read passwords are now copied to clipboard and cleared after a timeout, instead of printed to stdout.
• Use printf instead of echo for improved portability.
• New option: list passwords in the index.
• New option: create tar archive for backup.
• Removed option: delete password; the index is now a permanent ledger.
• Removed option: read all passwords; no use case for having a single command.
• Removed option: suppress generated password output; should be read from safe to verify save.