Skip to content

derivepassphrase(1)

NAME

derivepassphrase – derive a strong passphrase, deterministically, from a master secret

SYNOPSIS

derivepassphrase SUBCOMMAND_ARGS ...

DESCRIPTION

Using a master secret, derive a passphrase for a named service, subject to constraints e.g. on passphrase length, allowed characters, etc. The exact derivation depends on the selected derivation scheme. Each scheme derives strong passphrases by design: the derived passphrases have as much entropy as permitted by the master secret and the passphrase constraints (whichever is more restrictive), and even if multiple derived passphrases are compromised, the master secret remains cryptographically difficult to discern from those compromised passphrases. The derivations are also deterministic, given the same inputs, thus the resulting passphrases need not be stored explicitly. The service name and constraints themselves also generally need not be kept secret, depending on the scheme.

SUBCOMMANDS

export
Export a foreign configuration to standard output.
vault
Derive a passphrase using the vault(1) derivation scheme.

If no subcommand is given, we default to vault.

OPTIONS

--debug

Emit all diagnostic information to standard error, including progress, warning and error messages.

Cancels the effect of any previous --quiet or --verbose options. Also applies to subcommands.

-v, --verbose

Emit extra/progress information to standard error, on top of warning and error messages.

Cancels the effect of any previous --debug or --quiet options. Also applies to subcommands.

-q, --quiet

Suppress all other diagnostic output to standard error, except error messages. This includes warning messages.

Cancels the effect of any previous --debug or --verbose options. Also applies to subcommands.

--version
Show version and feature information, then exit.

This includes a list of known passphrase derivation schemes and known subcommands, marked explicitly as either supported or unavailable.

-h, --help
Show a help message, then exit.

ENVIRONMENT

DERIVEPASSPHRASE_PATH
derivepassphrase stores its configuration files and data in this directory. Defaults to ~/.derivepassphrase on UNIX-like systems and C:\Users\<user>\AppData\Roaming\Derivepassphrase on Windows.

COMPATIBILITY

With other software

Some derivation schemes are based on other software. See their respective manpages for compatibility information.

Affected derivation schemes: vault.

Forward and backward compatibility

  • [Since v0.2.0.] In v1.0, derivepassphrase will require an explicit subcommand name. Defaults to the subcommand vault.

SEE ALSO

derivepassphrase-export(1), derivepassphrase-vault(1).

AUTHOR

Marco Ricci (software at the13thletter dot info)