# Passoword Managemet from the Command Line

    February 8, 2018

Today we will look at some simple, portable yet effective ways to manage 
your passwords from the command line. You will need nothing more than 
**apg** and one of **gnugpg** or **openssl** along with your favorite 
text editor.

~~~~~~~~~~ {.bash}
apt install apg gnupg openssl
~~~~~~~~~~

## Generate your Password

Before you can manage your passwords, you will obviously first have to 
generate them. Since your brain might be a very poor random number 
generator you can use `/dev/random` here.

A few examples for generating random passwords with **apg** follow:

~~~~~~~~~~ {.bash}
# generate a few random passwords with default settings using /dev/random
apg -c /dev/random    
 
# set password length to 20-30 characters and generate 10 passwords
apg -m20 -x30 -n10 -c /dev/random
 
Example output:
   gootCoHuecJarItOojBouFrag
   OignisholWulfisOdPearshed
   fekfedsornUgbacyoimyab
   ...
 
# Other useful flags: 
#- a0    pronouncable
# -a1    random 
 
# If you use -a1 you can specify the symbolset with -M 
# You can combine multiple -M options as in: -MCnS
 
# -MC / -Mc must/can use small leters set
# -MC / -Mc must/can use capital symbol set
# -MN / -Mn must/can use numeral symbol set
# -MS / -Ms must/can use special symbol set
 
 
# Finally we can exclude specific characters from the symbol set with -E
apg -a1 -m10 -MN -E 02345678 -c /dev/random
 
Example output:
   9119191199
   9919119919
   1199999911
   ...
~~~~~~~~~~

## Managing your Password Safe

Just put the passwords in a plaintext file (named mypasswords in the examples below), 
along with related data and encrypt them symmetrically via **gnupg**. 
Decrypt them as needed. You will be prompted for a passphrase in each case.

Note that **gnupg** might cache your password for a few minutes, 
so don’t worry if you can decrypt them without beeing prompted.

~~~~~~~~~~ {.bash}
#encrypyt. Don't forget to delete the source file
gpg -c mypasswords
 
#decrypt and write to STDOUT
gpg -d mypasswords.gpg
~~~~~~~~~~

You might prefer openssl, which some claim to be even more portable

~~~~~~~~~~ {.bash}
#encrypyt. Don't forget to delete the source file
openssl aes-256-cbc -salt -in mypasswords > mypasswords.aes
 
#decrypt and write to STDOUT
openssl aes-256-cbc -d -in mypasswords.aes
~~~~~~~~~~

Adding, Editing or Deleting a password constitutes simply of the three steps:

* decrypt your password file and save it in a safe place
* edit the passwordfile as needed with your favorite text editor
* encrypt the password flie back again