Abraxas Collaborative Password Utility ====================================== Be aware that Abraxas is being deprecated in favor of `Advendesora `_. The only new functionality that has been added to Abraxas recently is the ability to export your accounts to Avendesora (abraxas --export). See the bottom of this file for instructions on how to use this new feature. Introduction ------------ Abraxas is powerful password utility that can store or generate your passwords and produce them from the command line. It can also be configured to autotype your username and password into the current window so that you can log in with a simple keystroke. Abraxas is an alternative to the traditional password vault. The intent is not to store passwords, but rather to regenerate them as needed. This is done with the aid of two files. The first is an accounts file that contains useful information about each account along with the parameters that control how the password is generated for that account (which style of password to generate, how many characters or words to include, what alphabet to use, etc.) The second is the master password file. When you go to use the password generator, you will first need to unlock the master password file. You do so by providing its pass phrase, which only you should know. Thus, only you will be capable of generating the passwords associated with your accounts. Once generated, you can specify that they be displayed on the standard output, you can specify that they be copied to the clipboard, or you can specify that they be typed into some other program. In your master password file you can store more than one master password (the password used to generate the passwords for your accounts). In this way this password generator makes it easy to collaborate with friends and colleagues. Simply start by sharing a master password that you only use for shared accounts. A password generated for a particular account is computed from the name of the account and the master password. Since your partner and you are sharing the master password, you will both generate the same password for an account as long as you both use the same name for the account. In other words, if Alice and Bob share a master password, and if Alice wants to create a Google Docs account for sharing documents with Bob, she need only create the account using the password generated by Abraxas using the shared master password, and then simply tells Bob that she has created a Google Docs account with the name "abdocs" and uploaded several documents. Without actually sharing the password, Bob uses the shared master password and the account name to regenerate the account's password himself and downloads the documents. Installing Prerequisites in Fedora with Yum ------------------------------------------- Abraxas is compatible with both python 2.6 and beyond or python 3.3 and beyond. It requires the following packages to fully function (run these commands as root):: yum install python yum install python-setuptools yum install libyaml-devel yum install PyYAML yum install pygobject3 (if using python2) yum install python3-gobject (if using python3) yum install python-docutils yum install xdotool yum install xsel easy_install python-gnupg On Centos you will also need:: yum install python-argparse On Redhat-based systems you can get these dependencies by running ./yum.sh. If you would like to run the tests, you will also need the inform package from my github account (https://github.com/KenKundert/inform.git). Installing Prerequisites in Arch Linux with Pacman -------------------------------------------------- Abraxas requires the following Arch Linux packages to fully function (run these commands as root):: pacman -S git pacman -S python pacman -S python-setuptools pacman -S python-docutils pacman -S python-gobject pacman -S libyaml pacman -S xdotool pacman -S xsel easy_install python-gnupg easy_install PyYAML You can install these prerequisites by running ./pacman.sh. Installing Prerequisites in Ubuntu with Apt-Get ----------------------------------------------- Abraxas requires the following Ubuntu packages to fully function (run these commands as root):: apt-get install git apt-get install libyaml-dev apt-get install python3 apt-get install python3-setuptools apt-get install python3-docutils apt-get install python3-gi apt-get install python3-yaml apt-get install xdotool apt-get install xsel easy_install3 python-gnupg You can install these prerequisites by running ./ubuntu.sh. Ubuntu does not provide gpg2, so you will need to change GPG_BINARY in ``abraxas/prefs.py`` to ``gpg``. Installing Prerequisites from Source ------------------------------------ Or, you can install Python from source. First get and install Python using:: $ cd ~/packages/python $ wget http://www.python.org/download/releases/3.3.2/Python-3.3.2.tgz $ tar zxf Python-3.3.2.tgz $ cd Python-3.3.2 $ ./configure --prefix=$HOME/.local $ make $ make install Now get easy_install:: $ wget -O http://python-distribute.org/distribute_setup.py $ python3.3 distribute_setup.py Then you can use easy_install to install python-gnupg, argparse, docutils, and PyYAML as above. Configuring GPG Agent --------------------- If you do not yet have a GPG key, you can get one using:: $ gpg --gen-key You should probably choose 4096 RSA keys. Now, edit ~/.gnupg/gpg-conf and add the line:: use-agent That way, if you have an agent running (and most login environments such as Gnome or KDE will start an agent for you; if you do not have an agent running you can generally have one started for you when you login by configuring your Session settings) then you can just give your GPG key pass phrase once per login session. The ultimate in convenience is to use Gnome Keyring to act as the GPG agent because it allows you to unlock the agent simply by logging in. To do so, make sure Keyring is installed:: yum install gnome-keyring gnome-keyring-pam If you are using Gnome, it will start Keyring for you. Otherwise, you should modify your .xinitrc or .xsession file to add the following:: # Start the message bus if it is not already running if test -z "$DBUS_SESSION_BUS_ADDRESS"; then eval $(dbus-launch --sh-syntax --exit-with-session) fi # Set ssh and gpg agent environment variables export $(gnome-keyring-daemon --start) GnuPG Issues '''''''''''' If abraxas crashes with the message:: ValueError: Unknown status message: u'PROGRESS' you have encountered a bug in python-gnupg. I can be resolved by adding "PROGRESS" to line 219 of gnupg.py in the python-gnupg install (the path varies based on the version and where you install it, but you might try something like: /usr/lib/python3.3/site-packages/python_gnupg-0.3.6-py3.3.egg/gnupg.py). If you use Gnome Keyring, you should be aware the Werner Koch is very annoyed at it and the latest versions of gnupg will emit a warning that Gnome Keyring has hijacked the GnuPG agent if you try to use Gnome Keyring as the GnuPG agent. You can safely ignore this message. The only way to use Gnome Keyring and avoid the message is to download the GnuPG source, delete the message, and compile it by hand. Installing ---------- To test the program, run:: $ ./test or:: $ ./test3 if you plan to use python3 and have both python2 and python3 installed. Once you are comfortable that everything is in order, you should install the program. To do so, first open the install file and make sure your version of python is given in the ``set python`` line. Then run:: $ ./install The program along with the man pages should end up in ~/.local. Once installed, you should be able to get information as follows:: $ man abraxas (information on how to use abraxas from the command line) $ man 3 abraxas (information on how to use the abraxas API) $ man 5 abraxas (information about the configuration files) Configuring Vim --------------- To be able to easily edit encrypted files (such as the Abraxas master password file), download the gnupg vim plugin from:: http://www.vim.org/scripts/script.php?script_id=3645 Then copy it into:: cp gnupg.vim ~/.vim/plugin Configuring Abraxas ------------------- To start using Abraxas you need to do a one-time setup to create your account directory (~/.config/abraxas):: $ abraxas -I where ```` would be replaced by the email you provided to GPG when you created your key. You will need to edit ~/.config/abraxas to add your accounts (see ``man 5 abraxas`` for the details). For example, to add a gmail accounts, add the following to ``accounts``:: "gmail-derrickAsh": { 'aliases': ['gmail', 'google'], 'template': "=words", 'username': "derrickAsh", 'url': 'https://accounts.google.com', 'window': [ 'Gmail*', '*Google Accounts*', ], 'autotype': "{username}{tab}{password}{return}", }, You can now test this account using:: $ abraxas gmail PASSWORD: fallacy derby twinge clone You would then change your gmail password to the generated pass phrase. Alternatively, you can simply enter your existing password into ``password_overrides`` in ``~/.config/abraxas/master.gpg`` until the next time you get around to changing your password. Configuring the Window Manager for Abraxas Autotype --------------------------------------------------- If you use Firefox or Thunderbird, I recommend you install the 'Hostname in Titlebar' add-on to both so that Abraxas can recognize the account to use purely from the URL. Finally, you will want to chose a keystroke sequence and configure the window manager to run the password generator when you trigger it with that keystroke. How you do that depends on your window manager. With Gnome, it requires that you open your Keyboard Shortcuts preferences and create a new shortcut. I recommend ``Alt-p`` as a reasonable keystroke sequence. Enter:: $HOME/.local/bin/abraxas --autotype as the command to run. Then, when you create your accounts, you should add the appropriate window titles to the account entry so that the appropriate account can be determined automatically from the window title. For example, with the gmail account entered above, you can go to ``gmail.com``, select the username field and then type ``Alt p`` to login. Exporting to Avendesora ----------------------- Abraxas is no longer being developed and is being replaced by `Avendesora `_. To facilitate the transition to Avendesora the --export option has been added to Abraxas. To use it, run:: abraxas --export This will result in ~/.config/abraxas/avendesora being created in your Abraxas configuration directory. It contains all of your accounts converted to a form that can be read by Avendesora. During the export process the passwords are generated and saved in the Avendesora files. The intent is to give you access these accounts from Avendesora, but exported versions are somewhat limited. The expectation is that when you use these accounts and notice these limitation you would manually move the accounts to Avendesora. After this has occurred, you should add the names of the migrated accounts to ~/.config/abraxas/do-not-export and re-export your accounts. In this way, those accounts will not show up twice in Avendesora. Exporting your accounts does not actually link them to Avendesora. The best way to do that is to go into your Avendesora configuration directory and create symbolic links from this directory to each of the exported Abraxas accounts files. Then add these files to your .accounts_files file. For example, if you export a single accounts file from Abraxas called *accounts.gpg*, then do the following:: cd ~/.config/avendesora ln -s ../abraxas/avendesora/accounts.gpg abraxas_accounts.gpg Then edit .accounts_files and add 'abraxas_accounts.gpg' to the *accounts_files* list. Other than re-exporting your Abraxas accounts after migrating some of your accounts to Avendesora (and so adding them to do-not-export) this process should not need to be repeated. The symbolic links will point to the newly updated files and so Avendesora will see the latest exports. Only creating new account files in Abraxas, which of course is discouraged, would require you to add additional symbolic links. | Enjoy, | -Ken