Monday, March 30, 2009

DIY Encrypted Password Vault

This is something I've needed at various jobs/situations for years...a place to store the root/router/database/web passwords that only I can see. There are a lot of desktop/handheld apps for this but I always feel like I could lose the computer/handheld that it's on and I'd be boned. I'd rather have something I can stick on a server somewhere and access via a remote shell....or carry it around on a thumb drive. Here are the scripts:

encrypt.sh
#! /bin/sh 

openssl bf -a -salt -in $1.txt -out $1.bf && rm -v $1.txt
decrypt.sh
#! /bin/sh 

openssl bf -a -d -salt -in $1.bf

To use it, create a file named blah.txt that has your secret info in it. Run the encrypt script first:
$ ./encrypt.sh blah
enter bf-cbc encryption password:
Verifying - enter bf-cbc encryption password:
removed `blah.txt'
It will encrypt the file and remove it. Check the contents of the file:
$ cat blah.bf
U2FsdGVkX1/+ZGiXPSZX8MED9aXrm1NfIEjpv5vvFKo=
It's actually base 64 encoded so you can email it to yourself for safe keeping if you so choose.

To decrypt for reading:
$ ./decrypt.sh blah
enter bf-cbc decryption password:
secret host: secret password
secret host2: secret password2
Now take the encrypted output file and the 2 scripts, email it to yourself and store a copy on a thumb drive. :)

Comments:
I do something similar, but I secure rm/wipe the input file. I also have pre-compiled statically-linked openssl binaries for a variety of systems on the thumb drive as well, and never check the contents of the thumb drive on an unsecured box. :)

Hope things are going well.

-Barclay
 
If you use emacs check this out:

http://www.emacswiki.org/emacs/mc-gpg-file-mode.el

I just started using it. I keep all of my notes and homedir files etc in hg and like to check my homedir files out onto all of my machines but I don't want everything available in plaintext everywhere so I use this to encrypt some things.
 
what about pwsafe? I have a script to integrate that with the OSX keychain if you want it.
 

Post a Comment



Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]