On Fri, Jan 25, 2008 at 01:25:15PM -0500, Joey Hess wrote:
> Amit Uttamchandani wrote:
> > Recently moved from Mac to Debian Linux. I am looking for a nice and powerful FLOSS password manager similar to "Keychain" on Mac OS X.
> >
> > I preferably would want a CLI tool...so I could remote login using SSH and look at some passwords that I have forgotten.
>
> vim + gpg
>
> vim can be configured to automatically use gpg to decrypt *.gpg files
> when they're read and re-encrypt thenm when saving. The decrypted data
> never touches the disk (though encrypting your swap partition too wouldn't
> hurt).
>
> Dump the following in your .vimrc:
>
> " Transparent editing of gpg encrypted files.
> " By Wouter Hanegraaff <wouter@blub.net>
> augroup encrypted
> au!
>
> " First make sure nothing is written to ~/.viminfo while editing
> " an encrypted file.
> autocmd BufReadPre,FileReadPre *.gpg set viminfo=
> " We don't want a swap file, as it writes unencrypted data to disk
> autocmd BufReadPre,FileReadPre *.gpg set noswapfile
> " Switch to binary mode to read the encrypted file
> autocmd BufReadPre,FileReadPre *.gpg set bin
> autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
> autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
> " Switch to normal mode for editing
> autocmd BufReadPost,FileReadPost *.gpg set nobin
> autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
> autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
>
> " Convert all text to encrypted text before writing
> autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=80BF97AA --default-recipient-self -ae 2>/dev/null
> " Undo the encryption so we are back in the normal text, directly
> " after the file has been written.
> autocmd BufWritePost,FileWritePost *.gpg u
> augroup END
I had trouble with this occasionally, probably when the encrypted file
had invalid byte sequences for the charset. The unencrypted file had
only 7 bit characters. Symptom was inability to read the .gpg file
written from within vim.
Note the 'set bin' pair for the write path too.
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing
" an encrypted file.
autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk.
autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set noswapfile
" Switch to binary mode to read the encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg,*.asc
\ '[,']!sh -c 'gpg --decrypt 2> /dev/null'
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg,*.asc let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg,*.asc
\ execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg set bin
autocmd BufWritePre,FileWritePre *.gpg
\ '[,']!sh -c 'gpg --default-recipient-self -e 2>/dev/null'
autocmd BufWritePre,FileWritePre *.asc
\ '[,']!sh -c 'gpg --default-recipient-self -e -a 2>/dev/null'
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg,*.asc u
autocmd BufWritePost,FileWritePost *.gpg set nobin
augroup END
--
Rob
Attachment:
signature.asc
Description: Digital signature