Passoword Managemet from the Command Line

February 8, 2018

Today we will look at some simple, portable yet effective ways to manage your passwords from the command line. You will need nothing more than apg and one of gnugpg or openssl along with your favorite text editor.

apt install apg gnupg openssl

Generate your Password

Before you can manage your passwords, you will obviously first have to generate them. Since your brain might be a very poor random number generator you can use /dev/random here.

A few examples for generating random passwords with apg follow:

# generate a few random passwords with default settings using /dev/random
apg -c /dev/random    
 
# set password length to 20-30 characters and generate 10 passwords
apg -m20 -x30 -n10 -c /dev/random
 
Example output:
   gootCoHuecJarItOojBouFrag
   OignisholWulfisOdPearshed
   fekfedsornUgbacyoimyab
   ...
 
# Other useful flags: 
#- a0    pronouncable
# -a1    random 
 
# If you use -a1 you can specify the symbolset with -M 
# You can combine multiple -M options as in: -MCnS
 
# -MC / -Mc must/can use small leters set
# -MC / -Mc must/can use capital symbol set
# -MN / -Mn must/can use numeral symbol set
# -MS / -Ms must/can use special symbol set
 
 
# Finally we can exclude specific characters from the symbol set with -E
apg -a1 -m10 -MN -E 02345678 -c /dev/random
 
Example output:
   9119191199
   9919119919
   1199999911
   ...

Managing your Password Safe

Just put the passwords in a plaintext file (named mypasswords in the examples below), along with related data and encrypt them symmetrically via gnupg. Decrypt them as needed. You will be prompted for a passphrase in each case.

Note that gnupg might cache your password for a few minutes, so don’t worry if you can decrypt them without beeing prompted.

#encrypyt. Don't forget to delete the source file
gpg -c mypasswords
 
#decrypt and write to STDOUT
gpg -d mypasswords.gpg

You might prefer openssl, which some claim to be even more portable

#encrypyt. Don't forget to delete the source file
openssl aes-256-cbc -salt -in mypasswords > mypasswords.aes
 
#decrypt and write to STDOUT
openssl aes-256-cbc -d -in mypasswords.aes

Adding, Editing or Deleting a password constitutes simply of the three steps:

• decrypt your password file and save it in a safe place
• edit the passwordfile as needed with your favorite text editor
• encrypt the password flie back again