In attempts to create a secure network at work, we have distinct passwords for everything. And they aren’t easy to remember, either. We’re talking about 14+ characters long with real large keyspaces (A-Z, a-z, 0-9, special chars). So, I wondered how I can store them all securely yet be easy to access.
I figured that GPG with a preshared key would do the trick. So then, when I want to dump my password file, I can:
gpg -o passwords.txt cryptfile.gpg
But then I realized that every time I do this, I would have to shred the password file when I’m done so a hypothetical intruder could not retrieve the data in the clear. So, how about I just dump to stdout:
gpg -o - cryptfile.gpg
And that’s ok.. and then my supervisor wondered if we could get this graphical somehow, and so I recommended Zenity. He quickly came up with this:
#!/bin/bash gpg -o - cryptfile.gpg | zenity --title="Host Credentials" \ --width=460 --height=680 --list --separator=" " --column="Type" \ --column="User" --column="Password" --editable &> /dev/null
You still have to run the script within a command shell to take the password, but a GTK table is generated. Just make sure your password file looks like:
gmail account firstname.lastname@example.org thisisareallyawesomepassword bill gates' computer bgates linuxisactuallybetter
And then encrypt your file:
gpg -c passwords.txt
Sure, it’s not your password keychain program for websites, but if you have ssh accounts to a lot of places, it works great! Enjoy.