Quick and Dirty Password Management with GPG/Zenity

In attempts to create a secure network at work, we have distinct passwords for everything. And they aren’t easy to remember, either. We’re talking about 14+ characters long with real large keyspaces (A-Z, a-z, 0-9, special chars). So, I wondered how I can store them all securely yet be easy to access.

I figured that GPG with a preshared key would do the trick. So then, when I want to dump my password file, I can:

gpg -o passwords.txt cryptfile.gpg

But then I realized that every time I do this, I would have to shred the password file when I’m done so a hypothetical intruder could not retrieve the data in the clear. So, how about I just dump to stdout:

gpg -o - cryptfile.gpg

And that’s ok.. and then my supervisor wondered if we could get this graphical somehow, and so I recommended Zenity. He quickly came up with this:

#!/bin/bash
gpg -o - cryptfile.gpg | zenity --title="Host Credentials" \
--width=460 --height=680 --list --separator=" " --column="Type" \
--column="User" --column="Password" --editable &> /dev/null

You still have to run the script within a command shell to take the password, but a GTK table is generated. Just make sure your password file looks like:

gmail account
foouser@gmail.com
thisisareallyawesomepassword
bill gates' computer
bgates
linuxisactuallybetter

And then encrypt your file:

gpg -c passwords.txt

Sure, it’s not your password keychain program for websites, but if you have ssh accounts to a lot of places, it works great! Enjoy.