Simsafe: Simple command-line password safe
Posted in Linux, Security on April 7th, 2009 by Philipp C. Heckel – 2 CommentsNowadays, it appears to me as if almost everything in the big and fancy world of IT comes with the need to sign up and create an account. Every little online tool, every social networking site and of course every instant messenger account. System administrators hits it even harder: The setup of a server machine requires to create lots of different users for every kind of service, — be it Postfix, Sendmail, Courier, MySQL, PostgreSQL, etc. Most of them require some kind of super-user password or account.
This is where a password manager comes in handy: Open the password vault by typing in the master password, put in all you secrets and crucial information, save it and be happy. As if!
Almost every password manager I found on the Web was crowded out by details so that it took minutes to add a single account. What I wanted was something like a text-file with password — and that’s what I made: A simple command-line password safe.
How it works
Simsafe is nothing else but a simple Perl script wrapped around the symmetric encryption functions of GPG. Every box with GPG and Perl installed can hence use the script (= every linux box!). And even if the simsafe-script is not installed on the system, a simple gpg –decrypt FILE shows the plain text contents. That is, Simsafe files are nothing more but text-files with password!
Usage
It’s simple and really easy to use.
Syntax:
$ simsafe FILE
Create a new password safe file
$ simsafe mySafe simsafe: Creating a new password safe 'mySafe' simsafe: Please enter the new password: (type in your password) simsafe: Please confirm the password: (confirm your password) simsafe: Executing editor vi ... // VI or your favourite editor opens // and you can edit the plain text file simsafe: Encrypting with GPG ...
Adding/Removing entries to the password vault
$ simsafe mySafe simsafe: Please enter the safe password: (type in your password) simsafe: Decrypting with GPG ... simsafe: Executing editor vi ... // VI or your favourite editor opens // and you can edit the plain text file simsafe: Safe unchanged.
Get it!
It’s a reeeaallly small script and this post is possible longer than the perl-file itself, but here it is. Simply download it, make it executable and put it somewhere in your PATH.
Download: Simsafe v0.1, Apr. 2009
Passing the GPG password through a password file hardly seems like appropriate security for a password manager. People are worried about putting that password in *memory* (because it may eventually be written to disk through swap), so you should be more careful. If I remember this right, there’s a Perl API for GPG you could use, otherwise, there are ways to simply use gpg to prompt the password itself.
Nice little script ;), thanks for sharing!
- Jan