www.idziorek.net | blog | contact

# Passoword Managemet from the Command Line

February 8, 2018

Today we will look at some simple, portable yet effective ways to manage your passwords from the command line. You will need nothing more than apg and one of gnugpg or openssl along with your favorite text editor.

apt install apg gnupg openssl

Before you can manage your passwords, you will obviously first have to generate them. Since your brain might be a very poor random number generator you can use /dev/random here.

A few examples for generating random passwords with apg follow:

# generate a few random passwords with default settings using /dev/random
apg -c /dev/random

apg -m20 -x30 -n10 -c /dev/random

Example output:
gootCoHuecJarItOojBouFrag
OignisholWulfisOdPearshed
fekfedsornUgbacyoimyab
...

# Other useful flags:
#- a0    pronouncable
# -a1    random

# If you use -a1 you can specify the symbolset with -M
# You can combine multiple -M options as in: -MCnS

# -MC / -Mc must/can use small leters set
# -MC / -Mc must/can use capital symbol set
# -MN / -Mn must/can use numeral symbol set
# -MS / -Ms must/can use special symbol set

# Finally we can exclude specific characters from the symbol set with -E
apg -a1 -m10 -MN -E 02345678 -c /dev/random

Example output:
9119191199
9919119919
1199999911
...

Just put the passwords in a plaintext file (named mypasswords in the examples below), along with related data and encrypt them symmetrically via gnupg. Decrypt them as needed. You will be prompted for a passphrase in each case.

Note that gnupg might cache your password for a few minutes, so don’t worry if you can decrypt them without beeing prompted.

#encrypyt. Don't forget to delete the source file

#decrypt and write to STDOUT
gpg -d mypasswords.gpg

You might prefer openssl, which some claim to be even more portable

#encrypyt. Don't forget to delete the source file
openssl aes-256-cbc -d -in mypasswords.aes