I've been accumulating passwords recently. More than I could remember
all in one go. I even got worried that I'd locked myself out of one
of my own servers recently. So I decided to play it safe and store
the passwords somewhere. However, plain text files, even on an
encrypted disk, aren't the most secure plan, so I tried to go shopping
for a tool that would store passwords in encrypted files and wouldn't
be too inconvenient to use. I found a few (pwsafe, keysafe,
keepassx, yapet and so on), but they all seem to be either
graphical or using their own encryption scheme and (presumably)
storage format. Being rather nervous about long-term data
accessibility, I thus decided to roll my own script, that would be as
simple as possible while doing just the required amount of work.
I call the result sgeps, for “simple GnuPG-encrypted password
store”. Note the initial s: I didn't invent any wheel.
- Data model: a list of key/value pairs (each being a string);
- Storage: serialisation using Perl's built-in Storable module;
- Encryption: the serialised data is GnuPG-encrypted;
- Hopefully secure: no password stored in plaintext files at any time.
The code comments should give an idea of the capabilities of sgeps:
# Usage: sgeps --create to create the store
# sgeps --add <key> to add a key/value to the store
# sgeps --list to list existing keys
# sgeps --add --overwrite <key> to replace a key/value
I trust both GnuPG and Perl to stay around for quite some time, so hopefully I can forget even the passwords I use very rarely and still be able to recover them later. Even in the event of a hard drive dying, since the encrypted store can now be backed up and burnt on DVDs. I “just” need to be careful about my GnuPG key.
Interested people can grab sgeps from its Bazaar branch with bzr
branch http://bzr.debian.org/users/lolando/sgeps/trunk/ or browse it
on the
web interface.
I don't plan to make a Debian package for a hundred lines of Perl
code, but if anyone is interested, feel free to include it in an
existing package (moreutils maybe?).
