• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

artwork/H03-May-2022-

icons/H03-May-2022-

localization/H09-Oct-2019-14,68914,664

main/H09-Oct-2019-166107

src/H09-Oct-2019-10,0697,525

tests/H09-Oct-2019-299210

.appveyor.ymlH A D09-Oct-2019702 2524

.coafileH A D09-Oct-2019221 1310

.codecov.ymlH A D09-Oct-201964 54

.gitignoreH A D09-Oct-2019678 4140

.linthub.ymlH A D09-Oct-2019221 1413

.travis.ymlH A D09-Oct-20194.5 KiB8684

CHANGELOG.mdH A D09-Oct-201948.2 KiB713521

CONTRIBUTING.mdH A D09-Oct-2019824 2816

DoxyfileH A D09-Oct-2019104.3 KiB2,4421,887

FAQ.mdH A D09-Oct-20195 KiB147103

LICENSEH A D09-Oct-201934.3 KiB675553

README.mdH A D09-Oct-20196.3 KiB162116

appdmg.jsonH A D09-Oct-2019395 1312

key_management.batH A D09-Oct-201922 21

qtpass.1H A D09-Oct-2019816 2221

qtpass.appdata.xmlH A D09-Oct-20192 KiB4944

qtpass.desktopH A D09-Oct-2019906 4039

qtpass.issH A D09-Oct-20194.4 KiB8878

qtpass.plistH A D09-Oct-20191.1 KiB3029

qtpass.priH A D09-Oct-20191.9 KiB8470

qtpass.proH A D09-Oct-20193.9 KiB8572

qtpass.specH A D09-Oct-20192.1 KiB7452

release-linuxH A D09-Oct-2019197 76

release-macH A D09-Oct-2019584 87

release-winstore.batH A D09-Oct-20191.3 KiB2217

release-zip.makH A D09-Oct-2019430 117

resources.qrcH A D09-Oct-20192 KiB4140

windows.rcH A D09-Oct-201967 21

README.md

1QtPass
2======
3
4[![latest packaged version(s)](https://repology.org/badge/latest-versions/qtpass.svg)](https://repology.org/metapackage/qtpass)
5[![Build Status](https://travis-ci.org/IJHack/QtPass.svg?branch=master)](https://travis-ci.org/IJHack/QtPass)
6[![Build status](https://ci.appveyor.com/api/projects/status/9rjnj72rdir7u9eg/branch/master?svg=true)](https://ci.appveyor.com/project/annejan/qtpass/branch/master)
7[![Coverity scan](https://scan.coverity.com/projects/5266/badge.svg)](https://scan.coverity.com/projects/ijhack-qtpass)
8[![Coverage Status](https://coveralls.io/repos/github/IJHack/QtPass/badge.svg)](https://coveralls.io/github/IJHack/QtPass)
9[![codecov](https://codecov.io/gh/IJhack/QtPass/branch/master/graph/badge.svg)](https://codecov.io/gh/IJhack/QtPass)
10[![CodeFactor](https://www.codefactor.io/repository/github/ijhack/qtpass/badge)](https://www.codefactor.io/repository/github/ijhack/qtpass)
11[![Packaging status](https://repology.org/badge/tiny-repos/qtpass.svg)](https://repology.org/metapackage/qtpass)
12[![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/IJHack/QtPass.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/IJHack/QtPass/context:cpp)
13[![Total alerts](https://img.shields.io/lgtm/alerts/g/IJHack/QtPass.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/IJHack/QtPass/alerts/)
14[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FIJHack%2FQtPass.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2FIJHack%2FQtPass?ref=badge_shield)
15
16QtPass is a GUI for [pass](https://www.passwordstore.org/),
17the standard unix password manager.
18
19Features
20--------
21
22* Using `pass` or `git` and `gpg2` directly
23* Configurable shoulder surfing protection options
24* Cross platform: Linux, BSD, OS X and Windows
25* Per-folder user selection for multi recipient encryption
26* Multiple profiles
27* Easy onboarding
28
29Logo based on [Heart-padlock by AnonMoos](https://commons.wikimedia.org/wiki/File:Heart-padlock.svg).
30
31Installation
32------------
33
34### From package
35
36OpenSUSE & Fedora
37`yum install qtpass`
38`dnf install qtpass`
39
40Debian, Ubuntu and derivates like Mint, Kali & Raspbian
41`apt-get install qtpass`
42
43Arch Linux
44`pacman -S qtpass`
45
46Gentoo
47`emerge -atv qtpass`
48
49Sabayon
50`equo install qtpass`
51
52FreeBSD
53`pkg install qtpass`
54
55macOS
56`brew cask install qtpass`
57
58Windows
59`choco install qtpass`
60
61[![Packaging status](https://repology.org/badge/vertical-allrepos/qtpass.svg)](https://repology.org/metapackage/qtpass)
62
63### From Source
64
65**Dependencies**
66
67* QtPass requires Qt 5.2 or later
68* The Linguist package is required to compile the translations.
69* For use of the fallback icons the SVG library is required.
70
71At runtime the only real dependency is `gpg2` but to make the most of it, you'll need `git` and `pass` too.
72
73Your GPG has to be set-up with a graphical pinentry when applicable, same goes for git authentication.
74On Mac OS X this currently seems to only work best with `pinentry-mac` from homebrew, although gpgtools works too.
75
76On most unix systems all you need is:
77```
78qmake && make && make install
79```
80
81Testing
82-------
83
84This is done with `make check`
85
86Codecoverage can be done with `make lcov`, `make gcov`, `make coveralls` and/or `make codecov`.
87
88Be sure to first run: `make distclean && qmake CONFIG+=coverage qtpass.pro`
89
90Security considerations
91-----------------------
92
93Using this program will not magically keep your passwords secure against
94compromised computers even if you use it in combination with a smartcard.
95
96It does protect future and changed passwords though against anyone with access to
97your password store only but not your keys.
98Used with a smartcard it also protects against anyone just monitoring/copying
99all files/keystrokes on that machine and such an attacker would only gain access
100to the passwords you actually use.
101Once you plug in your smartcard and enter your PIN (or due to CVE-2015-3298
102even without your PIN) all your passwords available to the machine can be
103decrypted by it, if there is malicious software targeted specifically against
104it installed (or at least one that knows how to use a smartcard).
105
106To get better protection out of use with a smartcard even against a targeted
107attack I can think of at least two options:
108
109* The smartcard must require explicit confirmation for each decryption operation.
110  Or if it just provides a counter for decrypted data you could at least notice
111  an attack afterwards, though at quite some effort on your part.
112* Use a different smartcard for each (group of) key.
113* If using a YubiKey or U2F module or similar that requires a "button" press for
114  other authentication methods you can use one OTP/U2F enabled WebDAV account per
115  password (or groups of passwords) as a quite inconvenient workaround.
116  Unfortunately I do not know of any WebDAV service with OTP support except ownCloud
117  (so you would have to run your own server).
118
119Known issues
120------------
121
122* Filtering (searching) breaks the tree/model sometimes
123* Starting without a correctly set password-store folder
124  gives weird results in the tree view
125
126Planned features
127----------------
128
129* Plugins based on field name, plugins follow same format as password files
130* Colour coding folders (possibly disabling folders you can't decrypt)
131* Optional table view of decrypted folder contents
132* Opening of (basic auth) urls in default browser?
133  Possibly with helper plugin for filling out forms?
134* WebDAV (configuration) support
135* Some other form of remote storage that allows for
136  accountability / auditing (web API to retrieve the .gpg files?)
137
138Further reading
139---------------
140
141[FAQ](FAQ.md) and [CONTRIBUTING](CONTRIBUTING.md) documentation.
142[CHANGELOG](CHANGELOG.md)
143
144[Website](https://qtpass.org/)
145[Source code](https://github.com/IJHack/qtpass)
146[Issue queue](https://github.com/IJHack/qtpass/issues)
147[Chat](https://gitter.im/IJHack/qtpass)
148
149
150## License
151### GNU GPL v3.0
152
153[![GNU GPL v3.0](http://www.gnu.org/graphics/gplv3-127x51.png)](http://www.gnu.org/licenses/gpl.html)
154
155View official GNU site <http://www.gnu.org/licenses/gpl.html>.
156
157[![OSI](http://opensource.org/trademarks/opensource/OSI-Approved-License-100x137.png)](https://opensource.org/licenses/GPL-3.0)
158
159[View the Open Source Initiative site.](https://opensource.org/licenses/GPL-3.0)
160
161[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FIJHack%2FQtPass.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FIJHack%2FQtPass?ref=badge_large)
162