NAME

Palm::Keyring - Handler for Palm Keyring databases.

DESCRIPTION

The Keyring PDB handler is a helper class for the Palm::PDB package. It parses Keyring for Palm OS databases. See http://gnukeyring.sourceforge.net/.

It has the standard Palm::PDB methods with 2 additional public methods. Decrypt and Encrypt.

It currently supports the v4 Keyring databases as well as the pre-release v5 databases. I am not completely happy with the interface for accessing v5 databases, so any suggestions on improvements on the interface are appreciated.

This module doesn't store the decrypted content. It only keeps it until it returns it to you or encrypts it.

SYNOPSIS

use Palm::PDB;
use Palm::Keyring;

my $pass = 'password';
my $file = 'Keys-Gtkr.pdb';
my $pdb  = new Palm::PDB;
$pdb->Load($file);

foreach (0..$#{ $pdb->{records} }) {
    # skip the password record for version 4 databases
    next if $_ == 0 && $pdb->{version} == 4;
    my $rec  = $pdb->{records}->[$_];
    my $acct = $pdb->Decrypt($rec, $pass);
    print $rec->{name}, ' - ';
    if ($pdb->{version} == 4 || $pdb->{options}->{v4compatible}) {
        print ' - ', $acct->{account};
    } else {
        foreach my $a (@{ $acct }) {
            if ($a->{label} eq 'account') {
                print ' - ',  $a->{data};
                last;
            }
        }
    }
    print "\n";
}

SUBROUTINES/METHODS

new

$pdb = new Palm::Keyring([$password[, $version]]);

Create a new PDB, initialized with the various Palm::Keyring fields and an empty record list.

Use this method if you're creating a Keyring PDB from scratch otherwise you can just use Palm::PDB::new() before calling Load().

If you pass in a password, it will initalize the first record with the encrypted password.

new() now also takes options in other formats

$pdb = new Palm::Keyring({ key1 => value1,  key2 => value2 });
$pdb = new Palm::Keyring( -key1 => value1, -key2 => value2);
Supported options
password

The password used to initialize the database

version

The version of database to create. Accepts either 4 or 5. Currently defaults to 4.

v4compatible

The format of the fields passed to Encrypt and returned from Decrypt have changed. This allows programs to use the newer databases with few changes but with less features.

cipher

The cipher to use. Either the number or the name.

0 => None
1 => DES_EDE3
2 => AES128
3 => AES256
iterations

The number of iterations to encrypt with.

options

A hashref of the options that are set

For v5 databases there are some additional appinfo fields set. These are set either on new() or Load().

$pdb->{appinfo} = {
    # normal appinfo stuff described in L<Palm::StdAppInfo>
    cipher     => The index number of the cipher being used
    iter       => Number of iterations for the cipher
};

crypts

Pass in the alias of the crypt to use, or the index.

These only make sense for v5 databases.

This is a function, not a method.

$cipher can be 0, 1, 2, 3, None, DES_EDE3, AES128 or AES256.

my $c = Palm::Keyring::crypt($cipher);

$c is now:

$c = {
    alias     => (None|DES_EDE3|AES128|AES256),
    name      => (None|DES_EDE3|Rijndael),
    keylen    => <key length of the cipher>,
    blocksize => <block size of the cipher>,
    default_iter => <default iterations for the cipher>,
};

Encrypt

$pdb->Encrypt($rec, $acct[, $password[, $ivec]]);

Encrypts an account into a record, either with the password previously used, or with a password that is passed.

$ivec is the initialization vector to use to encrypt the record. This is not used by v4 databases. Normally this is not passed and is generated randomly.

$rec is a record from $pdb->{records} or a new_Record(). The v4 $acct is a hashref in the format below.

my $v4acct = {
    name       => $rec->{name},
    account    => $account,
    password   => $password,
    notes      => $notes,
    lastchange => {
        year  => 107, # years since 1900
        month =>   0, # 0-11, 0 = January, 11 = December
        day   =>  30, # 1-31, same as localtime
    },
};

The v5 $acct is an arrayref full of hashrefs that contain each encrypted field.

my $v5acct = [
    {
        'label_id' => 2,
        'data' => 'abcd1234',
        'label' => 'password',
        'font' => 0
    },
    {
        'label_id' => 3,
        'data' => {
            'month' => 1,
            'day' => 11,
            'year' => 107
        },
        'label' => 'lastchange',
        'font' => 0
    },
    {
        'label_id' => 255,
        'data' => 'This is a short note.',
        'label' => 'notes',
        'font' => 0
    }
];

The account name is stored in $rec->{name} for both v4 and v5 databases. It is not returned in the decrypted information for v5.

$rec->{name} = 'account name';

If you have changed anything other than the lastchange, or don't pass in a lastchange key, Encrypt() will generate a new lastchange date for you.

If you pass in a lastchange field that is different than the one in the record, it will honor what you passed in.

Encrypt() only uses the $acct->{name} if there is not already a $rec->{name}.

Decrypt

my $acct = $pdb->Decrypt($rec[, $password]);

Decrypts the record and returns a reference for the account as described under Encrypt().

foreach (0..$#{ $pdb->{records} }) {
    next if $_ == 0 && $pdb->{version} == 4;
    my $rec = $pdb->{records}->[$_];
    my $acct = $pdb->Decrypt($rec);
    # do something with $acct
}

Password

$pdb->Password([$password[, $new_password]]);

Either sets the password to be used to crypt, or if you pass $new_password, changes the password on the database.

If you have created a new $pdb, and you didn't set a password when you called new(), you only need to pass one password and it will set that as the password.

If nothing is passed, it forgets the password that it was remembering.

After a successful password verification the following fields are set

For v4

$pdb->{digest}   = the calculated digest used from the key;
$pdb->{password} = the password that was passed in;

For v5

$pdb->{appinfo} = {
    # As described under new() with these additional fields
    cipher     => The index number of the cipher being used
    iter       => Number of iterations for the cipher
    key        => The key that is calculated from the password 
                  and salt and is used to decrypt the records.
    masterhash => the hash of the key that is stored in the 
                  database.  Either set when Loading the database
                  or when setting a new password.
    salt       => the salt that is either read out of the database 
                  or calculated when setting a new password.
};

Other overridden subroutines/methods

ParseAppInfoBlock

Converts the extra returned by Palm::StdAppInfo::ParseAppInfoBlock() into the following additions to $pdb->{appinfo}

$pdb->{appinfo} = {
    cipher     => The index number of the cipher being used (Not v4)
    iter       => Number of iterations for the cipher (Not v4)
};
PackAppInfoBlock

Reverses ParseAppInfoBlock before sending it on to Palm::StdAppInfo::PackAppInfoBlock()

ParseRecord

Adds some fields to a record from Palm::StdAppInfo::ParseRecord()

$rec = {
    name       => Account name
    ivec       => The IV for the encrypted record.  (Not v4)
    encrypted  => the encrypted information
};
PackRecord

Reverses ParseRecord and then sends it through Palm::StdAppInfo::PackRecord()

DEPENDENCIES

Palm::StdAppInfo

For v4 databases

Digest::MD5

Crypt::DES

For v5 databases

Digest::HMAC_SHA1

Digest::SHA1

Depending on how the database is encrypted

Crypt::CBC - For any encryption but None

Crypt::DES_EDE3 - DES_EDE3 encryption

Crytp::Rijndael - AES encryption schemes

THANKS

I would like to thank the helpful Perlmonk shigetsu who gave me some great advice and helped me get my first module posted. http://perlmonks.org/?node_id=596998

I would also like to thank Johan Vromans <jvromans@squirrel.nl> -- http://www.squirrel.nl/people/jvromans. He had his own Palm::KeyRing module that he posted a couple of days before mine was ready and he was kind enough to let me have the namespace as well as giving me some very helpful hints about doing a few things that I was unsure of. He is really great.

And finally, thanks to Jochen Hoenicke <hoenicke@gmail.com> (one of the authors of Palm Keyring) for getting me started on the v5 support as well as providing help and some subroutines.

BUGS AND LIMITATIONS

I am sure there are problems with this module. For example, I have not done very extensive testing of the v5 databases.

I am not sure I am 'require module' the best way, but I don't want to depend on modules that you don't need to use.

I am not very happy with the data structures used by Encrypt() and Decrypt() for v5 databases, but I am not sure of a better way.

The v4 compatibility mode does not insert a fake record 0 where normally the encrypted password is stored.

The date validation for packing new dates is very poor.

I have not gone through and standardized on how the module fails. Some things fail with croak, some return undef, some may even fail silently. Nothing initializes a lasterr method or anything like that. I need to fix all that before it is a 1.0 candidate.

Please report any bugs or feature requests to bug-palm-keyring at rt.cpan.org, or through the web interface at http://rt.cpan.org. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

AUTHOR

Andrew Fresh <andrew@cpan.org>

LICENSE AND COPYRIGHT

Copyright 2004, 2005, 2006, 2007 Andrew Fresh, All Rights Reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

Palm::PDB(3)

Palm::StdAppInfo(3)

The Keyring for Palm OS website: http://gnukeyring.sourceforge.net/

The HACKING guide for palm keyring databases: http://gnukeyring.cvs.sourceforge.net/*checkout*/gnukeyring/keyring/HACKING

Johan Vromans also has a wxkeyring app that now uses this module, available from his website at http://www.vromans.org/johan/software/sw_palmkeyring.html