diff options
Diffstat (limited to '080_blog/00070_Password-Management-on-the-Command-Line')
| -rw-r--r-- | 080_blog/00070_Password-Management-on-the-Command-Line/index.md | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/080_blog/00070_Password-Management-on-the-Command-Line/index.md b/080_blog/00070_Password-Management-on-the-Command-Line/index.md new file mode 100644 index 0000000..1b45b02 --- /dev/null +++ b/080_blog/00070_Password-Management-on-the-Command-Line/index.md @@ -0,0 +1,89 @@ +# Passoword Managemet from the Command Line + + February 8, 2018 + +Today we will look at some simple, portable yet effective ways to manage +your passwords from the command line. You will need nothing more than +**apg** and one of **gnugpg** or **openssl** along with your favorite +text editor. + +~~~~~~~~~~ {.bash} +apt install apg gnupg openssl +~~~~~~~~~~ + +## Generate your Password + +Before you can manage your passwords, you will obviously first have to +generate them. Since your brain might be a very poor random number +generator you can use `/dev/random` here. + +A few examples for generating random passwords with **apg** follow: + +~~~~~~~~~~ {.bash} +# generate a few random passwords with default settings using /dev/random +apg -c /dev/random + +# set password length to 20-30 characters and generate 10 passwords +apg -m20 -x30 -n10 -c /dev/random + +Example output: + gootCoHuecJarItOojBouFrag + OignisholWulfisOdPearshed + fekfedsornUgbacyoimyab + ... + +# Other useful flags: +#- a0 pronouncable +# -a1 random + +# If you use -a1 you can specify the symbolset with -M +# You can combine multiple -M options as in: -MCnS + +# -MC / -Mc must/can use small leters set +# -MC / -Mc must/can use capital symbol set +# -MN / -Mn must/can use numeral symbol set +# -MS / -Ms must/can use special symbol set + + +# Finally we can exclude specific characters from the symbol set with -E +apg -a1 -m10 -MN -E 02345678 -c /dev/random + +Example output: + 9119191199 + 9919119919 + 1199999911 + ... +~~~~~~~~~~ + +## Managing your Password Safe + +Just put the passwords in a plaintext file (named mypasswords in the examples below), +along with related data and encrypt them symmetrically via **gnupg**. +Decrypt them as needed. You will be prompted for a passphrase in each case. + +Note that **gnupg** might cache your password for a few minutes, +so don’t worry if you can decrypt them without beeing prompted. + +~~~~~~~~~~ {.bash} +#encrypyt. Don't forget to delete the source file +gpg -c mypasswords + +#decrypt and write to STDOUT +gpg -d mypasswords.gpg +~~~~~~~~~~ + +You might prefer openssl, which some claim to be even more portable + +~~~~~~~~~~ {.bash} +#encrypyt. Don't forget to delete the source file +openssl aes-256-cbc -salt -in mypasswords > mypasswords.aes + +#decrypt and write to STDOUT +openssl aes-256-cbc -d -in mypasswords.aes +~~~~~~~~~~ + +Adding, Editing or Deleting a password constitutes simply of the three steps: + +* decrypt your password file and save it in a safe place +* edit the passwordfile as needed with your favorite text editor +* encrypt the password flie back again |