About me: My name is Solène Rapenne. I like learning and sharing experiences about IT stuff. Hobbies: '(BSD OpenBSD h+ Lisp cmdline gaming internet-stuff Crossbow). I love percent and lambda characters. OpenBSD developer solene@.

Contact me: solene on Freenode, solene+www at dataswamp dot org or solene@bsd.network (mastodon)

Managing passwords using ed and gpg2

Written by Solène, on 02 October 2019.
Tags: #security

Years ago, I have read a blog post about managing your passwords using ed and gpg, unfortunately, I can not remember the author. Two years ago, I decided to give it a try because the few tools I tried were too obscure, required databases, were too complicated to use.

The principle is easy: - run /bin/ed (without rlwrap) - use r !gpg2 to load protected file - use W !gpg2 to save file

Why ed? Because it does not save any temporary file.

I use two different methods, depending I want to get a password or if I want to add/change a password.

Writing / changing

/bin/ed
a
# something
my login / my password
some annotation if required
.
W !gpg2 -r solene@mydomain -e > .password
Q

Now I have a .password file requiring my private gpg key to be decrypted.

Reading

As I could use ed but I don’t want to type anything, I decrypt the file and pipe it to less.

gpg2 -d < .password | less

Tips: easy reminder

As I sometimes forget about the gpg commands and my command to generate new passwords, I have put those 3 lines as a reminder at the top of the file.

W !gpg2 -r solene@domain -e > .password
r !gpg2 -d < .password
pwgen -cnys 20

Tips: works for everything

You can have multiples files like .password-personal .password-work or you can use it for anything you want.

Tips: scripting ed

While it is possible to send some init commands to ed it has some limitations.

You can use ( echo "r !gpg2 -d < .password" ; cat - ) | /bin/ed so ed will receive the read command and then cat will wait for your inputs to send it to ed, it works, but if you type a newline in ed without any command, cat will end and so ed will exits. It works but it is a bit clumsy.