Detailed features of cpm

Here is a detailed list of the features which CPM provides.

The data is encrypted with GnuPG which uses public key encryption. This makes it possible to share the password file among several people. Sharing of a general password to decrypt the database is not necessary.

Back to the main page.

The data file gets signed by the user who saves the file. The signature is always created by the last user who saved the file, any old signature gets removed.

The signing makes it impossible for other people to forge data files.

Back to the main page.

GPGME is used for encryption, decryption and signing of the data. It provides an interface to the widely known encryption engine GnuPG.

Back to the main page.

The XML content is compressed using the gzip algorithm before it get's encrypted. This way it is almost impossible to guess what the encrypted data looks like and makes known-text-attacks impossible.

Back to the main page.

Paging is disabled for CPM so it's memory does never get swapped out to disk, not even when memory gets low. Otherwise it would be possible to find sensitive data like the passwords in the swap partition or swap file.

Back to the main page.

CPM turns core dumps off so even when a segmentation fault causes the application to crash, no sensitive data (the passwords) get unencryptedly written to disk.

Back to the main page.

CPM is also protected from ptrace attacks. This makes it impossible (even for the root user) to attach a tracing process (like strace or a debugger) to the application. This secures the application against local attacks where you are not the owner of the computer.

Back to the main page.

CPM checks that it's not running as root user.

This is necessary because the program usually has the suid-bit set which means it automatically runs as root user which is necessary for the other protection mechanisms which are only configurable by root owned processes. After the protection mechanisms are in place, CPM switches back to the user who started the application. This check makes sure that the switch back really worked.

Back to the main page.

The environment variables are carefully checked to make sure it's not possible to inject any weird characters into external libraries like gettext. Only the following variables are accepted, any other variables are removed.

• COLUMNS
• GNUPGHOME
• GPG_AGENT_INFO
• HOME
• LANG
• LINES
• TERM
• TERMCAP

Back to the main page.

Any CPM data file can be decrypted manually by the following command:

$ gpg --decrypt <FILE> | gzip -cd

Moreover, the correct XML data can be encrypted like this:

$ cat <XMLFILE> | gzip -c9 | gpg --encrypt --sign --armour > <FILE>

Back to the main page.

The internal CPM data format is XML which makes it possible to easily convert any existing data to the CPM format or even make a 3rd party application interact with CPM.

Back to the main page.

On each startup the XML data is validated by a DTD to make sure the XML is formatted properly.

Back to the main page.

If the data is saved to disk, CPM creates a backup of the last version by appending the character ~ to the filename. Of course, this feature can be turned off in CPM's configuration file.

Back to the main page.

Since a password entry is just another node in the tree it is possible to store even more than one password per account. This makes it possible to archive old passwords or store used one-time passwords.

Back to the main page.

You can have several data files, each encrypted for different people.

Back to the main page.

When you enter a password, it's strength gets checked to make sure you don't use weak passwords like names or dictionary words. If a weak password is found a warning is displayed.

The library doing this check is libcrack.

Back to the main page.

CPM is not limited to the default hierarchy host / service / user / password. Any hierarchy can be defined, different for any data file.

Back to the main page.

For each node in the data structure a comment can be stored to note any important facts.

Back to the main page.

If you are lazy and don't want to think about new passwords a password generator can help you out there too. It automatically creates a good password for you.

Back to the main page.

There is only one password visible at a time (if any at all).

Back to the main page.

It is possible to search through the database on the commandline without using any interface.

This works like this:

$ cpm harry@localhost
enter your passphrase (try #1)
Harry Brueckner <harry_b@mm.st>
http harry@localhost secretpassword
1 match found.

Back to the main page.

When searching on the commandline, regex patterns can be used for the search.

Back to the main page.

It is possible to define which patterns are searchable, e.g. user@hostname in the above example is simply defined in the cpmrc file. Any other combination of the hierarchy levels is possible.

This is also the case for the result, which means that it is customizable that a search for user@hostname displays service user@hostname password. It might also just display the password, whatever you need or prefer.

Back to the main page.

If there is more than one match several results are displayed at once so you can get a list of all accounts on e.g. one host.

Back to the main page.

With CPM come several conversion scripts which make it possible to import data from these sources:

• Password Management System (pms)
• Password Safe
• CSV files

Back to the main page.