22 March 2006

Using GPG as a password wallet

I have too many passwords. In fact, I make many of my less-used passwords by grabbing the first 10 or 12 characters of output from something like this:

dd if=/dev/urandom bs=1k count=1 | md5sum

So I get passwords like '1758dbed4331'--no way I'll remember that.

For a while I tried using a nice text-based password wallet program called the Password Management System (PMS--yes, it's a very unfortunate acronym). I learned about this from a Linux Journal article by Marcel Gagne. I built it from source and used it on FC3 for months.

Then I upgraded to FC4. I rebuilt PMS from source and tried reading the previous PMS data files (two data files in my home directory, as I recall). I kept getting segmentation faults. PMS on FC4 worked OK on new data, but it wouldn't read the old data. Some weird incompatibility in the libraries, I guess. So I had to build PMS on another FC3 box, run it, and copy-and-paste all my passwords out of PMS and into a text file. Lame. Hella lame.

So now I just stick with that text file, but it's encrypted by gpg:

gpg -c passwords.txt

When prompted, I gave it a good password. Now, when I need to look up one of my passwords, I just do this:

cat passwords.txt.gpg | gpg | less

Because the output is in 'less', I can even do text searches (each username/password pair is accompanied by some text describing where the password is used). When I've looked up whatever password I need, I just hit 'q', and I'm done.

1 comment:

mbrisby said...

Eventually you'll need to edit the password file. You need to decrypt the file, edit the decrypted copy, and then re-encrypt the file. When you re-encrypt the file, you can use the old password or use a new one.

gpg passwords.txt.gpg
vim passwords.txt
rm passwords.txt.gpg
gpg -c passwords.txt