Re: password managers

To: debian-security@lists.debian.org
Subject: Re: password managers
From: Alberto Gonzalez Iniesta <agi@agi.as>
Date: Tue, 15 Jun 2004 10:46:56 +0200
Message-id: <[🔎] 20040615084656.GA1212@var.inittab.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040614224613.GA2876@cargal.org>
References: <[🔎] 20040614185614.GA3126@naranek.org> <[🔎] 20040614224613.GA2876@cargal.org>

On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote:
> Hello!
> 
> andrew lattis <debian@naranek.org> schrieb:
> > what does everyone else use to keep track of all there passwords?
> 
> Following an article of Martin Joey Schulze in a german magazine i send
> a mail with the password encryted for myself to me and use it via mutt.
> 

I used gringotts, that someone mentioned.

Some of the applications I run use kwallet, that seems similar to what
Russell Cooker described for OS X.

But I use vim (+gpg, that is). Which is a solution similar to the one
Stephan talks about, but without having to mail yourself every password.

I took it from somewhere I can't remember so credit goes to whoever wrote it.
What this does is:
- If the file extension is .gpg or .asc, call gpg --decrypt to get the real contents
- Edit the file
- Call gpg --encrypt before writing to disk.

So you keep everything encrypted with your GPG key.

>From my .vimrc:

----- cut ----

augroup encrypted
        au!
        " First make sure nothing is written to ~/.viminfo while editing
        " an encrypted file.
        autocmd BufReadPre,FileReadPre      *.gpg,*.asc set viminfo=
        " We don't want a swap file, as it writes unencrypted data to disk.
        autocmd BufReadPre,FileReadPre      *.gpg,*.asc set noswapfile
        " Switch to binary mode to read the encrypted file.
        autocmd BufReadPre,FileReadPre      *.gpg       set bin
        autocmd BufReadPre,FileReadPre      *.gpg,*.asc let ch_save = &ch|set ch=2
        autocmd BufReadPost,FileReadPost    *.gpg,*.asc
                \ '[,']!sh -c 'gpg --decrypt 2> /dev/null'
        " Switch to normal mode for editing
        autocmd BufReadPost,FileReadPost    *.gpg       set nobin
        autocmd BufReadPost,FileReadPost    *.gpg,*.asc let &ch = ch_save|unlet ch_save
        autocmd BufReadPost,FileReadPost    *.gpg,*.asc
                \ execute ":doautocmd BufReadPost " . expand("%:r")
        " Convert all text to encrypted text before writing
        autocmd BufWritePre,FileWritePre    *.gpg
                \ '[,']!sh -c 'gpg --default-recipient-self -e 2>/dev/null'
        autocmd BufWritePre,FileWritePre    *.gpg       set bin
        autocmd BufWritePre,FileWritePre    *.asc
                \ '[,']!sh -c 'gpg --default-recipient-self -e -a 2>/dev/null'
        " Undo the encryption so we are back in the normal text, directly
        " after the file has been written.
        autocmd BufWritePost,FileWritePost  *.gpg,*.asc u
        autocmd BufWritePost,FileWritePost  *.gpg       set nobin
augroup END

--- cut ----

-- 
Alberto Gonzalez Iniesta   | BOFH excuse #399:
agi@(agi.as|debian.org)    | We are a 100% Microsoft Shop.
Encrypted mail preferred   | 

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3

Reply to:

Follow-Ups:
- Re: password managers
  - From: Russell Coker <russell@coker.com.au>
- Re: password managers
  - From: Daniele Cortesi <dg.c@tiscali.it>

References:
- password managers
  - From: andrew lattis <debian@naranek.org>
- Re: password managers
  - From: Stephan Dietl <webmaster@cargal.org>

Prev by Date: Re: Kernel Crash Bug????
Next by Date: Re: may CAN-2004-041[678] affect on woody?
Previous by thread: Re: password managers
Next by thread: Re: password managers
Index(es):
- Date
- Thread