Sunday, November 1, 2009
vim + gpg + dropbox = secure passwords
The short version is
1.) gpg encrypt a text file
2.) store it in a shared dropbox folder
3.) add vim gnugpg plugin.
The long version of the story is that Dropbox has added a functionality to share a folder with other Dropbox users. I have a Dropbox account for each operating system that I use (3). So I can modify on one machine and it will get pushed to all the other machines. I also found the dbcli.py script which lets me run dropbox on a headless machine.
I already have 2048 bit pgp keys created. I used that key to encrypt a text file to myself. The file I had was a text file that I was using to record my passwords. With the command "gpg --encrypt filename" will produce an encrypted copy with the *.gpg extension. This new file I placed in the shared dropbox folder and created a symbolic link to it in my home directory.
Then after creating the folder ~/.vim/plugin and moving the gnupg.vim into that folder I was able to open and edit the gpg encrypted file after typing my passphase for the key. This extension turns off the auto-backup feature of vim to prevent a clear text copy from being anywhere but ram. Once writes to the file are made, it will re-synchronize with the other computers automatically.
With this new process I am able to view, search and edit my password file even on a mac (with vim and gpg installed). Of note, I also have a Truecrypt volume in this same shared folder and once a month I do a plain text export into the hidden volume of a Trucrypt drive. This allows me additional access even if I do not have the permissions to install all the needed components.
Now I can use strong secure and unique passwords for every online service I have. I even took the opportunity to generate a few passwords and keep them in the password file directly in the case I needed to update a login without command line access to pwgen.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.