flagrantdisregard » Console password manager

Console password manager

Here are two bash scripts I use for managing and protecting my ever growing password list (112 at last count). To install:

copy the code below into two new files and save them into a folder on your path (~/bin for me)
make them executable (chmod u+x editpasswords findpassword)

To edit your passwords type editpassword. You can format your password file any way you like since it’s just an encrypted text file. So what I do is type the service name, my username, and then the password all on a line. Then, to find my banking password, for example, I type findpassword bank.

You’ll need the ccrypt package for your operating system. Probably you can get it from your package repository. On Ubuntu you can get it by typing sudo apt-get install ccrypt. ccrypt uses AES which I’ve read is quite good as far as encryption goes. I’m no cryptography expert, but I recommend you don’t lose your password.

If you’re on a multi-user system and you’re really paranoid, I don’t recommend using this because theoretically it’s possible for another user on the same system to get your password while this script runs. Otherwise, if, say someone stole your laptop, your passwords would be safe.

editpassword:

#!/bin/bash

# editpasswords
#
# Copyright (c) 2008 John Watson
# All rights reserved.
# http://flagrantdisregard.com/password-manager/
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote products
#    derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

PASSFILE=~/.passwords

if [ -z $EDITOR ]; then
	EDITOR=nano
fi

if [ -f $PASSFILE.cpt ]; then
	read -s -p "Password: " PASSWORD
	echo ""
	ccdecrypt --key "$PASSWORD" $PASSFILE.cpt
else
	echo "Creating a new password file."

	while [ 1 ]
	do
		read -s -p "Enter a password that will be used to access this file: " PASSWORD
		echo ""
		read -s -p "Verify password: " VERIFY
		echo ""
		if [ $PASSWORD = $VERIFY ]; then
			break
		else
			echo "Password not verified. Please try again."
		fi
	done

	touch $PASSFILE
	echo "This is a new password file." >> $PASSFILE
	echo "" >> $PASSFILE
	echo "Everything you write here will be encrypted when you save your" >> $PASSFILE
	echo "changes and exit the editor." >> $PASSFILE
	echo "" >> $PASSFILE
	echo "You WILL NOT be able to recover this file without your password." >> $PASSFILE
fi

if [ $? == 0 ]; then
	$EDITOR $PASSFILE
	ccencrypt --key "$PASSWORD" $PASSFILE
	if [ $? == 0 ]; then
		echo "Changes saved and encrypted."
	fi
fi

findpassword:

#!/bin/bash

# findpassword
#
# Copyright (c) 2008 John Watson
# All rights reserved.
# http://flagrantdisregard.com/password-manager/
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote products
#    derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PASSFILE=~/.passwords

ccat $PASSFILE | grep -i $1