derivepassphrase(1)¶
NAME¶
derivepassphrase – derive a strong passphrase, deterministically, from a master secret
SYNOPSIS¶
derivepassphrase SUBCOMMAND_ARGS ...
DESCRIPTION¶
Using a master secret, derive a passphrase for a named service, subject to constraints e.g. on passphrase length, allowed characters, etc. The exact derivation depends on the selected derivation scheme. Each scheme derives strong passphrases by design: the derived passphrases have as much entropy as permitted by the master secret and the passphrase constraints (whichever is more restrictive), and even if multiple derived passphrases are compromised, the master secret remains cryptographically difficult to discern from those compromised passphrases. The derivations are also deterministic, given the same inputs, thus the resulting passphrases need not be stored explicitly. The service name and constraints themselves also generally need not be kept secret, depending on the scheme.
SUBCOMMANDS¶
- export
- Export a foreign configuration to standard output.
- vault
- Derive a passphrase using the vault(1) derivation scheme.
If no subcommand is given, we default to vault.
OPTIONS¶
- --debug
-
Emit all diagnostic information to standard error, including progress, warning and error messages.
Cancels the effect of any previous --quiet or --verbose options. Also applies to subcommands.
- -v, --verbose
-
Emit extra/progress information to standard error, on top of warning and error messages.
Cancels the effect of any previous --debug or --quiet options. Also applies to subcommands.
- -q, --quiet
-
Suppress all other diagnostic output to standard error, except error messages. This includes warning messages.
Cancels the effect of any previous --debug or --verbose options. Also applies to subcommands.
- --version
- Show version and feature information, then exit.
This includes a list of known passphrase derivation schemes and known subcommands, marked explicitly as either supported or unavailable.
- -h, --help
- Show a help message, then exit.
ENVIRONMENT¶
DERIVEPASSPHRASE_PATH
- derivepassphrase stores its configuration files and data in this directory.
Defaults to
~/.derivepassphrase
on UNIX-like systems andC:\Users\<user>\AppData\Roaming\Derivepassphrase
on Windows.
COMPATIBILITY¶
With other software¶
Some derivation schemes are based on other software. See their respective manpages for compatibility information.
Affected derivation schemes: vault.
Forward and backward compatibility¶
- [Since v0.2.0.] In v1.0, derivepassphrase will require an explicit subcommand name. Defaults to the subcommand vault.
SEE ALSO¶
derivepassphrase-export(1), derivepassphrase-vault(1).
AUTHOR¶
Marco Ricci (software
at the13thletter
dot info
)