Sunday, November 1, 2009

vim + gpg + dropbox = secure passwords

Finally accomplished a multi-system synchronized encrypted password file.  Let me tell the short and then the long version.

The short version is
1.) gpg encrypt a text file
2.) store it in a shared dropbox folder
3.) add vim gnugpg plugin.

The long version of the story is that Dropbox has added a functionality to share a folder with other Dropbox users.  I have a Dropbox account for each operating system that I use (3).  So I can modify on one machine and it will get pushed to all the other machines.  I also found the script which lets me run dropbox on a headless machine.

I already have 2048 bit pgp keys created.  I used that key to encrypt a text file to myself.  The file I had was a text file that I was using to record my passwords.  With the command "gpg --encrypt filename"  will produce an encrypted copy with the *.gpg extension.  This new file I placed in the shared dropbox folder and created a symbolic link to it in my home directory.

Then after creating the folder ~/.vim/plugin and moving the gnupg.vim into that folder I was able to open and edit the gpg encrypted file after typing my passphase for the key.  This extension turns off the auto-backup feature of vim to prevent a clear text copy from being anywhere but ram.  Once writes to the file are made, it will re-synchronize with the other computers automatically.

With this new process I am able to view, search and edit my password file even on a mac (with vim and gpg installed).  Of note, I also have a Truecrypt volume in this same shared folder and once a month I do a plain text export into the hidden volume of a Trucrypt drive.  This allows me additional access even if I do not have the permissions to install all the needed components.

Now I can use strong secure and unique passwords for every online service I have.  I even took the opportunity to generate a few passwords and keep them in the password file directly in the case I needed to update a login without command line access to pwgen.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

No comments: