Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

encrypted password vault with Vim + openssl

  • 11-06-2015 2:18pm
    #1
    anvilfour
    Closed Accounts Posts: 720 ✭✭✭


    In the past few weeks I have been experimenting with various password managers, my requirements were I hope you'd agree not too stringent:

    - Accessible via SSH (as I want to have a backup of my passwords on a server in case anything happens to my laptop) and therefore can be run from command line.

    - Free and Open Source (If you need to know why this is important you don't belong here!) :)

    - Uses current, strong 256 bit encryption algorithms like AES and Twofish (rules out older command line programs like pswafe which is still on 64bit Blowfish).

    - Feature to edit the file without first decrypting the whole thing and re-encrypting it, which could leave remnants of password data on the server. (This rules out using gpg's symmetric encryption feature).

    - Ideally doesn't rely on a third party developer to maintain the tool.


    At this point I came across this article which suggests using Vim and OpenSSL to handle encryption of a text file.

    By default vim is actually capable of encrypting files, however as the article states it uses a cleartext .tmp file lying around whilst editing is going on. Also it uses the older 'crypt' command which is largely obsolete according to the mighty Wikipedia.

    Enter the OpenSSL plugin which when placed inside your Vim plugins directory, allows you to create an encrypted document e.g with the .aes extension and protect it with a password of your choice, using OpenSSL's own encryption tools.

    You can then re-open edit and save documents (with new password if you wish) all from your command line.

    Of course some people may prefer just to write down their passwords on a note pad but I prefer to guard against jack-booted government thugs smashing the door down too...! :)


Comments

  • #2
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Without going into details a well respected software company we've all heard of uses something similar but instead of OpenSSL it uses GnuPG which also has a plugin for vim. It works very well and satisfies many if not all of your requirements.


  • #3
    anvilfour
    Closed Accounts Posts: 720 ✭✭✭anvilfour


    bedlam wrote: »
    Make sure you do at least one save of your file *before* adding passwords when using the openssl plugin otherwise you will write plaintext to disk.

    Better yet use pass or if you have invested time in keepassx already, kpcli

    Yes indeed, in the article mentioned above it suggests creating a file with extension first e.g passwords.aes


Advertisement