Too many passwords these days. Way too many. I've been keeping passwords on kitchen recipe cards ever since the passwords that get handed out at work started to become completely cryptic and beyond my ability to remember them. Which may seem like a pretty insecure way to keep passwords. But, if the bad guys are actually sitting at my desk, I figure I may have bigger problems.

Finally, I've decided to take the risk of actually storing my passwords on my computer. I'm not real jazzed about the idea, seeing as how if the hackers get into my machine and then into my password file then I'll really have given them the keys to the castle. But, with way too many passwords, what is the average hacker to do.

I work on mostly Debian/Gnu linux systems these days (hurray free software!!). So if you're working on some other operating system this may be completely irrelevant to you. So, for myself and others here's how I've attempted to secure my passwords.

Enter GPG

GPG is some state of the art encryption techniques are often used to sending encrypted emails. But I found a few people who have used them for encrypting password files. So, this is the technique that I've chosen to follow. To get started you need a private key. At the terminal command line run

gpg --gen-key

I used the defaults for the questions it asked and then entered my details and non-forgettable, non-write-downable passphrase. More specific detail on getting started with GPG. Seems too simple, yeah, to me too. That provides a private key with which we can encrypt files. And you can encrypt whatever you would like, but it requires remembering a bunch of command line stuff that I would rather not try and recall, ( more about encrypting files for personal use from the command line here). Note: Once the password file is encrypted it's not necessary to encrypt it by hand again.

So I created a new file called memories.txt and then encrypted it by typing on the command line

gpg --encrypt --recipient 'Jeff Richards' memories.txt

This produces a file called memories.txt.gpg. Now the original memories.txt can be deleted. Great! now how to add passwords, view them easily and re-encrypt the file as needed.

Vim and GPG plugin - Making Encryption Easier

At this point, ideally I'd have an encrypted file that I can open with my passphrase, and then read, write and close in an encrypted fashion. Enter vim plus the gpg plugin. Turns out someone has handily figured all this out. NOTE: the standard Debian install comes with vim-tiny. which doesn't support plugins so the first step is to install vim proper (package name: vim).

Once that's installed, next step is to install the gpg plugin file.

  • Grab the gpg plugin code and save it into a called gpg.vim.
  • Copy gpg.vim into the /home/your-username/.vim/plugin/ directory
  • If the directories .vim/plugin/ doesn't exist, create it!

And... that's it! try and open the encrypted file with vim, in my case

vim memories.txt.gpg

Enter the passphrase and your in, add and subtract and the file is encrypted when you exit the program.

My reading of the vim plugin seems to indicate that there won't be any temp files created or saved anywhere. If anyone has any tips as to why if/how this is a terrible/insecure way to keep passwords, please let me know!