About SherPass

SherPass is a program to manage passwords, both for web sites and SSH access.

It uses the GNU Privacy Guard to PGP-encrypt login/password entries. By encrypting an entry with possibly multiple persons' public keys, several people will be able to obtain access to the password entry, each using his own private key. This allows password information for hosts or websites to be shared among several people, without needing a single master key.

To manage passwords, download the standalone program for your operating system. To be able to use passwords in web pages more easily, you can use

• the Google Chrome browser extension
• the bookmarklet ('SherPassLet') on the main web site

The manual explains how both the standalone program and the bookmarklet/extension can be used.

Programs

Installable packages for various platforms:

• Debian/Ubuntu: sherpass-2.0.0.deb

• OS X: SherPass-2.0.0.dmg This version was created with PyInstaller and includes includes QTerminal as a terminal to run SSH in, sshpass to pass a password to the SSH session, and GnuPG for the encryption and decryption of passwords.

• MS-Windows: SherPass-2.0.0-installer.exe This version was created with py2exe and includes Gpg4Win, as well as PuTTY.

The standalone program was written in Python, using several extra software packages listed below. The source code of the Python application, as well as this web site can be found here:

• Source code: sherpass-2.0.0.tar.gz

Copyright & disclaimer

Everything is licensed under the GPLv3, the short version of which is:

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

The full version can be found at http://www.gnu.org/licenses/gpl-3.0.txt

Software used for the standalone application

• PyCrypto
• python-gnupg
• paramiko
• PyQt5

Software included in the installers

• On OS X: QTerminal, sshpass and GnuPG.
• On MS-Windows: PuTTY and Gpg4Win

Software used for web page

• JQuery
• Touchy
• CryptoJS
• OpenPGP.js
• QR Code Generator
• Vex

Manual

The main SherPass program works with two directories:

1. A directory with PGP public keys which can be used to encrypt login/password entries.
2. A directory in which each file is an login/password entry that has been encrypted with one or more public keys from the other directory. The people who have a matching private key (and the corresponding passphrase) can decrypt these entries and view the login/password information.

By using shared directories for this (e.g. using a shared filesystem like NFS, or something like Dropbox), this makes a shared password system possible. In this system each person can still have his own private key and passphrase, no globally known password or key is necessary.

UNDER CONSTRUCTION

Updating manual for v2 series

The manual for the v1 series may still be useful

Contact

You can find contact information on my Google+ page.