blob: 1b45b02db317d12ae70d02731125c73999aae254 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
# Passoword Managemet from the Command Line
February 8, 2018
Today we will look at some simple, portable yet effective ways to manage
your passwords from the command line. You will need nothing more than
**apg** and one of **gnugpg** or **openssl** along with your favorite
text editor.
~~~~~~~~~~ {.bash}
apt install apg gnupg openssl
~~~~~~~~~~
## Generate your Password
Before you can manage your passwords, you will obviously first have to
generate them. Since your brain might be a very poor random number
generator you can use `/dev/random` here.
A few examples for generating random passwords with **apg** follow:
~~~~~~~~~~ {.bash}
# generate a few random passwords with default settings using /dev/random
apg -c /dev/random
# set password length to 20-30 characters and generate 10 passwords
apg -m20 -x30 -n10 -c /dev/random
Example output:
gootCoHuecJarItOojBouFrag
OignisholWulfisOdPearshed
fekfedsornUgbacyoimyab
...
# Other useful flags:
#- a0 pronouncable
# -a1 random
# If you use -a1 you can specify the symbolset with -M
# You can combine multiple -M options as in: -MCnS
# -MC / -Mc must/can use small leters set
# -MC / -Mc must/can use capital symbol set
# -MN / -Mn must/can use numeral symbol set
# -MS / -Ms must/can use special symbol set
# Finally we can exclude specific characters from the symbol set with -E
apg -a1 -m10 -MN -E 02345678 -c /dev/random
Example output:
9119191199
9919119919
1199999911
...
~~~~~~~~~~
## Managing your Password Safe
Just put the passwords in a plaintext file (named mypasswords in the examples below),
along with related data and encrypt them symmetrically via **gnupg**.
Decrypt them as needed. You will be prompted for a passphrase in each case.
Note that **gnupg** might cache your password for a few minutes,
so don’t worry if you can decrypt them without beeing prompted.
~~~~~~~~~~ {.bash}
#encrypyt. Don't forget to delete the source file
gpg -c mypasswords
#decrypt and write to STDOUT
gpg -d mypasswords.gpg
~~~~~~~~~~
You might prefer openssl, which some claim to be even more portable
~~~~~~~~~~ {.bash}
#encrypyt. Don't forget to delete the source file
openssl aes-256-cbc -salt -in mypasswords > mypasswords.aes
#decrypt and write to STDOUT
openssl aes-256-cbc -d -in mypasswords.aes
~~~~~~~~~~
Adding, Editing or Deleting a password constitutes simply of the three steps:
* decrypt your password file and save it in a safe place
* edit the passwordfile as needed with your favorite text editor
* encrypt the password flie back again
|
