A pure-Python2 library that can read and write Password Safe v3 files. It includes full support for almost all current Password Safe v3 database headers and record headers.
Since this was written, the main (PasswordSafe project)[https://github.com/pwsafe/pwsafe] has added a cli version (pwsafe-cli) as part of the deliverables. That may be preferable, both for performance and compatibility, to using this.
The library was initially written by Paulson McIntyre for Symantec in 2009. It was later released by Symantec under the GPLv2 in 2011. Changes and updates have been made since by Paulson McIntyre (GpMidi), Evan Deaubl (evandeaubl), and Sean Perry (shaleh). Rony Shapiro maintains the project page and acts as gate keeper for new patches.
- Lack of documentation
- Unit tests are out-of-date
- There MAY be an issue with the order that NonDefaultPrefsHeader serializes preferences for HMAC validation in pypwsafe. Although the library validates HMACs fine at the moment, so who knows.
- The version of python-mcrypt for Windows isn't compatible with this library. As a result, the pypwsafe library doesn't work in Windows. If anyone is able to get around this, please notify us. The library has not been tried under Cygwin.
- python2-mcrypt
- hashlib OR pycrypto
Here's a Dockerfile from liath
FROM python:2-alpine
RUN apk add --no-cache gcc git libmcrypt-dev musl-dev && \
pip install python2-mcrypt pycrypto && \
git clone https://github.com/ronys/pypwsafe.git /app
WORKDIR /app
RUN python setup.py install && python -c "import pypwsafe"
ENTRYPOINT ["/usr/local/bin/python", "/app/pwsafecli/psafedump"]
To run:
docker build -t pypwsafe .
docker run --rm -it -v "${PWD}:/work" --workdir /work pypwsafe -f /work/Backup.psafe3 -p xxx
- Install libmcrypt and it's dev package along with the Python dev package: yum install libmcrypt-devel libmcrypt python-devel These packages are needed by the installer for python2-mcrypt
- Install the standard Linux development tools. For RHEL/CentOS 5 and 6,
yum groupinstall 'Development tools'can be used if your YUM repos have group information. - Use Pip or easy install to install python2-mcrypt, hashlib, and pycrypto
- Run the setup script python setup.py install
- Test that the module loads python -c "import pypwsafe"
- Install clang compiler using brew: brew install llvm
- Install mcrypt using brew: brew install mcrypt This package is needed by the installer for python2-mcrypt
- Use Pip or easy install to install python2-mcrypt, hashlib, and pycrypto
- Run the setup script python setup.py install
- Test that the module loads python -c "import pypwsafe"
Windows is not currently supported due to issues with python-mcrypt. A pure-Python Twofish implementation will allow future support, if a bit slower than a C-based implementation.
FIXME: Fill this in
The pyCrypto library doesn't support TwoFish, which is a newer cipher based on Blowfish. Twofish is required to encrypt/decrypt Password Safe v3 files.
The format spec is kept in the Password Safe project's SVN repo. Go to the password safe code base and check in /pwsafe/pwsafe/docs/formatV3.txt. As of today, it can be found here
- Add support for using a pure-python TwoFish algorithm if mcrypt doesn't work. http://code.google.com/p/python-keysafe/source/browse/crypto/twofish.py http://www.bjrn.se/code/twofishpy.txt
- Need to update against the latest version of the official psafe format v3 doc.