CLIPassMan (Console Smart Password Manager) ^v4.0.0

Console Smart Password Manager - Terminal-based smart password manager with deterministic password generation. Generate, manage, and retrieve passwords without storing them - all from your command line.

Decentralized by Design: Unlike traditional password managers that store encrypted vaults on central servers,
Smart Password Manager stores nothing. Your secrets never leave your device. Passwords are regenerated on-demand —
no cloud, no database, no trust required.

⚠️ Disclaimer

By using this software, you agree to the full disclaimer terms.

Summary: Software provided "AS IS" without warranty. You assume all risks.

Full legal disclaimer: See DISCLAIMER.md

🔄 Breaking Change (v4.0.0)

⚠️ This release uses smartpasslib v4.0.0, which is NOT backward compatible with v2.x.x or v3.x.x

Smart passwords created with older versions cannot be regenerated using v4.0.0.

📖 Full migration instructions → see MIGRATION.md

Core Principles

• Zero-Storage Security: No passwords or secret phrases are ever stored or transmitted
• Decentralized Architecture: No central servers, no cloud dependency, no third-party trust required
• Deterministic Regeneration: Passwords are recreated identically from your secret phrase
• Metadata Only: Store only descriptions and verification keys
• Terminal Processing: All cryptographic operations happen in your CLI
• On-Demand Discovery: Passwords exist only when you generate them

What You Can Do:
1. Create Smart Passwords: Generate deterministic passwords from secret phrases
2. Store Metadata Securely: Keep password descriptions and lengths without storing passwords
3. Regenerate Passwords: Recreate passwords anytime using your secret phrase
4. Manage Services: Organize passwords for different accounts and services
5. Secure Terminal Input: Hidden secret phrase entry with getpass
6. Verify Secrets: Prove knowledge of secrets without exposing them
7. Export/Import: Backup and restore your password metadata
8. Cross-Platform Management: Works on any system with Python
9. No GUI Dependencies: Pure terminal interface for servers and remote systems

Key Features

• Decentralized & Serverless: No central database, no cloud lock-in, complete user sovereignty
• No Password Database: Eliminates password storage completely
• Interactive Terminal UI: Clean, centered text with visual framing
• Public Key Verification: Verify secret knowledge without exposure
• List View: See all your password metadata in clear lists
• Export/Import: Backup and restore functionality with timestamped files
• Bulk Operations: Clear all passwords with double confirmation
• Secure Hidden Input: Hidden secret phrase entry via getpass
• No Dependencies: Only Python standard library + smartpasslib
• Server Ready: Perfect for headless systems and remote management

Security Model

• Proof of Knowledge: Public keys verify secrets without exposing them
• Decentralized Trust: No third party needed — you control your secrets completely
• Deterministic Security: Same secret + length = same password, always
• Metadata Separation: Non-sensitive data stored separately from verification
• Local Processing: No data leaves your computer
• No Recovery Backdoors: Lost secret = permanently lost access (by design)

Research Paradigms & Publications

• Pointer-Based Security Paradigm - Architectural Shift from Data Protection to Data Non-Existence
• Local Data Regeneration Paradigm - Ontological Shift from Data Transmission to Synchronous State Discovery

Technical Foundation

Powered by smartpasslib v4.0.0+ — The core library for deterministic password generation.

Key derivation (same as Python/JS/Kotlin/Go/C# versions v4.0.0):

Character Set (Google-compatible):

!@#$%^&*()_+-=[]{};:,.<>?/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz

Validation Rules:
- Secret phrase: minimum 12 characters
- Password length: 12-100 characters

Decentralized Architecture:
- No central authority required
- Metadata can be synced via any channel
- Your security depends only on your secret phrase
- Works offline — no internet connection required

What's NOT stored:
- Your secret phrase
- The actual password
- Any reversible password data

What IS stored (in ~/.config/smart_password_manager/passwords.json):
- Public verification key (hash of secret)
- Service description
- Password length parameter

File Locations

Configuration files are stored in:

Legacy Migration:
- Old ~/.cases.json files from v1.x.x/v2.x.x/v3.x.x are NOT compatible with v4.0.0
- Public keys in old files use different derivation (fixed iterations, no salt)
- These files will not be migrated automatically
- If you have existing metadata, you need to recreate entries manually
- Keep old file as backup: ~/.cases.json.v3.bak
- See MIGRATION.md for detailed instructions

Installation & Quick Start

Prerequisites

• Python 3.7+ required
• pip for package management

Quick Installation

# Install from PyPI
pip install clipassman==4.0.0

# For systems with package conflicts
pip install clipassman==4.0.0 --break-system-packages

# Verify installation
clipassman

Quick Run from Repository

# Clone and run in one go
git clone https://github.com/smartlegionlab/clipassman.git
cd clipassman
python app.py

Manual Installation

# Clone repository
git clone https://github.com/smartlegionlab/clipassman.git
cd clipassman

# Install in development mode
pip install -e .

# Or install from local source
pip install .

Quick Usage Guide

Launching the Application

# Start interactive terminal interface
clipassman

# Or if installed locally
python -m clipassman.clipassman

Creating Your First Password

1. Launch clipassman
2. Select option 1: Add Password
3. Enter service description (e.g., "GitHub Account")
4. Enter your secret phrase (minimum 12 characters, never stored)
5. Good examples: "MyStrongSecretPhrase2026!" or "P@ssw0rd!LongSecret"
6. Confirm your secret phrase
7. Set password length (12-100 characters, 16-24 recommended)
8. Password is generated and displayed
9. Save it securely (not stored by system)

Retrieving a Password

1. Launch clipassman
2. Select option 2: Get/Delete Password
3. Choose password entry from numbered list
4. Select 1: Get password
5. Enter your secret phrase (hidden input)
6. Password regenerates identically

Exporting Passwords

1. Launch clipassman
2. Select option 3: Export/Import Passwords
3. Select 1: Export passwords to file
4. Choose filename (or press Enter for auto-generated with timestamp)
5. Select format (1: pretty JSON, 2: minified JSON)
6. Choose whether to include metadata (y/n)
7. File is saved with all your password metadata

Importing Passwords

1. Launch clipassman
2. Select option 3: Export/Import Passwords
3. Select 2: Import passwords from file
4. Enter filename to import
5. Review export metadata if present
6. Confirm import (y/n)
7. See statistics of added/skipped/invalid entries

Deleting Passwords

1. Select option 2: Get/Delete Password
2. Choose password entry
3. Select 2: Delete entry
4. Confirm deletion with 'y'

Clearing All Passwords

1. Select option 4: Clear All Passwords
2. First confirmation with 'y'
3. Type 'DELETE ALL' to confirm

Security Requirements

Secret Phrase

• Minimum 12 characters (enforced)
• Case-sensitive
• Use mix of: uppercase, lowercase, numbers, symbols
• Never store digitally
• NEVER use your password description as secret phrase

Strong Secret Examples

✅ "MyStrongSecretPhrase2026!"   — mixed case + numbers + symbols
✅ "P@ssw0rd!LongSecret"         — special chars + numbers + length
✅ "КотБегемот2026НаДиете"       — Cyrillic + numbers

Weak Secret Examples (avoid)

❌ "GitHub Account"              — using description as secret (weak!)
❌ "password"                    — dictionary word, too short
❌ "1234567890"                  — only digits, too short
❌ "qwerty123"                   — keyboard pattern

Decentralized Nature

There is no "forgot password" button. This is by design:

• No central server can reset your passwords
• No support team can recover your access
• Your secret phrase is the ONLY key

This is the price of true decentralization — you are completely in control.

Cross-Platform Compatibility

CLIPassMan produces identical passwords to:

Ecosystem

Core Libraries:
- smartpasslib - Python
- smartpasslib-js - JavaScript
- smartpasslib-kotlin - Kotlin
- smartpasslib-go - Go
- smartpasslib-csharp - C#

CLI Applications:
- CLI Smart Password Manager (Python) (this)
- CLI Smart Password Generator (Python)
- CLI Smart Password Manager (C#)
- CLI Smart Password Generator (C#)

Desktop Applications:
- Desktop Smart Password Manager (Python)
- Desktop Smart Password Manager (C#)

Other:
- Web Smart Password Manager
- Android Smart Password Manager

Version History

Security Warnings

Secret Phrase Security

Your secret phrase is the cryptographic master key

1. Permanent data loss: Lost secret phrase = irreversible loss of all derived passwords
2. No recovery mechanisms: No password recovery, no secret reset, no administrative override
3. Deterministic generation: Identical input (secret + length) = identical output (password)
4. Single point of failure: Secret phrase is the sole authentication factor for all passwords
5. Secure storage required: Digital storage of secret phrases is prohibited

Critical: Test password regeneration with non-essential accounts before production use

Secret Phrase Strength

The security of your passwords depends entirely on your secret phrase.

• Minimum 12 characters is enforced by the application
• Short secrets (under 12 chars) are automatically rejected
• Use a mix of: uppercase, lowercase, numbers, symbols
• A 12-character secret with diverse character types provides practical brute-force immunity

Remember: The app cannot recover your secret phrase. If you lose it, all passwords are permanently lost.

License

BSD 3-Clause License

Copyright (©) 2026, Alexander Suvorov

Support

• CLI Manager Issues: GitHub Issues
• Core Library Issues: smartpasslib Issues
• Documentation: Inline help (option 5) and this README

Note: Always test password generation with non-essential accounts first. Implementation security depends on proper usage.