NAME¶

pwtool - a convenience tool to make sane passwords and account creations

SYNOPSIS¶

pwtool

pwtool --number N

pwtool --length N

pwtool --[only]alpha

pwtool --[only]numeric

pwtool --[only]extended

pwtool --[only]lowercase

pwtool --[only]uppercase

pwtool --md5 [--salt STRING]

pwtool --des [--salt STRING]

pwtool --bcrypt [--salt STRING]

pwtool --sha[1,256,512] [--salt STRING]

pwtool --username name

pwtool --database name

pwtool --createdatabase

pwtool --password STRING

pwtool --keepassdb PATH

pwtool --keepassphrase STRING

pwtool --totp STRING

pwtool --totpfmt

pwtool --totpstep NUMBER

DESCRIPTION¶

pwtool is a utility to generate account passwords in a variety of formats with helper output on stdout. By default the password strings are made of of letters and numbers for easy mouse selection.

If you just want a simple password for use in a script

pwtool --number 1
PVTevLyA9r
    

If you run pwtool without any options it will generate a screen of passwords. Pick one that you like!

As well as flexible password generation options a main goal is to output user creation strings to copy and paste/execute as stdin so that operators don’t have to re-type passwords.

Crypts can be based on user supplied strings via the --password option or PASSWORD environment variable.

The --format string can expand values:

pwtool --database billing --username wonkeydonkey --password hunter2 --servername webby --number 1 --format 'DB: %{database}\\nUSR: %{username}\\nPASSWORD: %{password}\\nSERVER: %{servername}\\n'
    

Other strings, such as --mysqlfmt, --pgfmt, --mysqluserfmt, --userfmt, can generate copy/paste shell commands:

pwtool --username wonkeydonkey --number 1 --userfmt
useradd -m -s /bin/bash -p '$5$hYhnxam4j/chBu3V$BsZsRl4nj6DTpEdFMfLuerPFR0xvCJmeGQCUjuG9qM1' wonkeydonkey # Y9YgmSyv1A
pwtool --username wonkeydonkey --database circus --createdatabase --number 1 --mysqlfmt
create database circus; grant all privileges on circus.* to wonkeydonkey@'%' identified with mysql_native_password as '*21c0a42c1bb43ff6b56226a6a65a8859dd077497'; -- # VfKptnR2ft
    

Optionally a salt string can be provided with --salt.

If --keepassdb is specified, entries will be added to the DB. If the file exists then the password for the DB should be specified either in --keepassphrase or KEEPASSPHRASE environment. If the file does not exist, it will be created. If the passphrase is not specified one will be created using the runtime configuration and written to stdout.

TOTP¶

pwtool can work as a TOTP CLI and display TOTP authentication strings.

If you want to leave a TOTP authentication display in your terminal, it can run like this:

TOTP="name=metalisbest,key=bar" pwtool --totpfmt
    

It will then run and leave a display like this:

762269 [#################             ] metalisbest
    

If you have multiple accounts, they can be displayed like this:

TOTP="name=metalisbest,key=bar;name=grungeisbest,key=baz" pwtool --totpfmt
523200 [#######                       ] metalisbest
523200 [#######                       ] grungeisbest
    

The following key=value pairs are supported:

AUTHORS¶

Ed Neville (ed-pwtool@s5h.net).