SAFE(1) General Commands Manual SAFE(1)
NAME
safe - simple symmetric-key password encrypter
SYNOPSIS
safe [OPTIONS] [FILE]
DESCRIPTION
safe is a password encrypter/decrypter using a symmetric-key encryption
algorithm. It encodes data in a textual, two-line (one for password,
one for username) format.
If FILE is specified, safe decrypts and queries its content (or stdin
if FILE is "-"), else creates and encrypts a new entry.
OPTIONS
Output (default: stdout)
-o|--output <file>
Key (default: none)
-k|--key <key>
-K|--key-file <file>
Password (only for creation, default: random generation)
-p|--password <password>
-c|--password-character-set <generated-password-character-set-id> (default: p)
-l|--password-length <generated-password-length> (default: 20)
Username (only for creation, default: none)
-u|--username <username>
-U|--random-username
-C|--username-character-set <generated-username-character-set-id> (default: p)
-L|--username-length <generated-username-length> (default: 20)
Notes (only for creation, default: none)
-n|--notes <notes>
Query output (only for querying, default: password)
-f|--format <output-format> (default: %p)
-0|--only-password short for: --format %p
-1|--only-username short for: --format %u
-s|--separator <separator> short for: --format %u<separator>%p
Characters sets
d|digits 0 to 9
l|lowercase a to z
p|printable alphanumeric and special characters
NOTES
Password management
safe is NOT a password manager. The user has both the responsability
and the flexibility to manage its encrypted password entries in its own
way. A typical use is to store each entry in a dedicated file,
organize them in a file tree, and use tarballs or a version control
system to backup/synchronize them.
When querying a password entry, safe only considers the first two
lines. Thus, additional lines can be used to store metadata.
Cryptographic security
safe uses its own implementation of a custom system involving Chacha20
at its core, as well as Murmur3 and host system pseudorandom number
generation. Despite active efforts to ensure its security, no warranty
of any kind is provided, as specified in the LICENSE.
EXAMPLES
# safe --key key --password password > entry.safe
# cat entry.safe
]e623d8e07fbb9d8817dd2fc9d91c4e40dfba813a87be7f6502e47e528634040a5c1bec0d10b8ac3397cab81968f8066e
# safe --key key entry.safe
password
To hide sensitive data, one can use the provided safe_prompt shell
script for inputs and pipe the result to a clipboard program:
# safe --key `safe_prompt Key` entry.safe | clipboard-program
Key:
SEE ALSO
pass(1)
BUGS
Send all bug reports with a patch to arthur@jacquin.xyz.