I use a Terminal Bash script to interact with my encrypted password files as needed. My script procedure is simple and quick. A person new to Bash scripts should see them as small, self-contained, utility programs which use the full power of Linux and make repetitive, perhaps tedious, difficult tasks much easier to accomplish. How I store my passwords My passwords all reside in encrypted text files on my computer, and also as non-linked, encrypted text files on my website's hosting server. Here’s my rationale: I am able to easily decrypt any file into clear text when needed on my regular computer whereby I can … • Use it on a day-to-day basis, and •Save it to a USB key in a safe deposit box using clear-text that gets rotated every 15 days—my regular business practice. (Encrypted files would be quite safe to store even on a cloud storage service.)

J'utilise un script Bash pour interagir lorsque j'en ai besoin avec mes fichiers de mots de passe chiffrés. Ma procédure de script est simple et rapide. Un nouveau venu dans les scripts Bash devrait les considérer comme des programmes utilitaires autonomes, courts, qui utilisent la pleine puissance de Linux et rendent les tâches répétitives, parfois fastidieuses, et difficiles, beaucoup plus faciles à accomplir.

Comment je stocke mes mots de passe

Mes mots de passe se trouvent tous dans des fichiers textes chiffrés sur mon ordinateur, et également dans des fichiers textes chiffrés et sans URL sur le serveur d'hébergement de mon site web. Voici mon raisonnement : je suis capable de déchiffrer facilement n'importe quel fichier en texte clair en cas de besoin sur mon ordinateur habituel, de sorte que je peux… • l'utiliser sur une base quotidienne, et • l'enregistrer sur une clé USB dans un coffre-fort à l'aide d'un texte en clair qui change tous les 15 jours, ma pratique professionnelle habituelle. (Les fichiers chiffrés pourraient même être stockés de façon assez sûre sur un service de stockage dans le nuage.)

How I manage my encryption/decryption of my password lists First, my script runs a quick check to see if the caps lock key is enabled on my keyboard so that I am certain that my master password is correctly typed though it doesn't display as I type. Next, control goes through a decryption routine resulting in opening the clear-text file in my choice Linux text editor gedit – where I can read the clear-text file of passwords with accompanying details. I then close that clear-text file after seeing what I need. The utility then continues and processes the encryption – thereby converting the clear-text file back to its encrypted form and then it saves the result. Lastly, my script lists the folder of encrypted files (I have many in my actual business), showing the file and its extension as encrypted to verify that the encryption actually was successful with the clear-text file now gone.

Encrypted files get the extension .cpt to indicate encrypted status. All activity regarding encryption/decryption of password files is then logged into the file 'pwlog.' for recording my password file access activity. Note that removing the '.cpt' extension doesn't undo the encryption. My script also allows me to navigate to and encrypt or decrypt any chosen file on my computer. The encryption utility I use is ccrypt, it’s available from most standard repositories via: sudo apt-get install ccrypt Notes on ccrypt can be found at: http://ccrypt.sourceforge.net/#description which describe fully how to use it. I chose ccrypt based of its ease of use and the overall quickness and simplicity of its method. (I firmly believe that most users fail to use encryption because of this.) I'm sure you'd tell me about the advantages of pgp or gpg public/private keys, but I needed something that makes encrypting and decrypting files as dead-simple as possible, and with a reasonable level of security. ccrypt uses a simpler symmetric key instead.

I imagine that malicious hackers trying to get personal information about me or my files always go for my low hanging fruit on my document tree first, and then maybe even never bother with the delicious higher fruit (where my encrypted files are). You might appreciate what an encrypted text file using ccrypt actually looks like. Bring it up with extension .cpt in your text editor; you will quickly realize that decrypting that file using trial and error, anti-encryption software just isn't a short-time possibility for anyone trying to break your encryption. However, I always assume that NO encryption will resist persistent breakage forever. Thus, my method is practical without being fool-proof. Remember the low hanging fruit principle. Make your ccrypt default password difficult to guess and you're probably protecting yourself very well. (11+ password characters or more with non-dictionary words, upper/lower case letters, numbers and punctuation) Example: mYbroTher#owEmE400$

The Script The script resides in my home directory with the terminal command of ./dirpw to start it. My 'pw' folder with password files resides on my Desktop folder 'pw.' In that folder are my encrypted text files: 'customers.cpt 'and 'personal.cpt' – that contain relevant webpage control panel login details, e-mail security questions, etc. All activity regarding encryption/decryption of files is also logged into the file 'pwlog.' for recording password-file accesses. The script presents a directory of 4 choices and an exit option. Entering 1, 2, 3, 4 or 0 sends script control to the relevant selection. I particularly like to use colors in my scripts so that the presented dialog and responses stand out. While I normally heavily comment my scripts, I suspect that most readers will have little trouble following the flow. A run of the script usually clears up the remaining user/coder uncertainties.

Below I've included a modification of my Bash script so that you can easily convert it to your computing environment. Make it executable via owner for your computing needs with: chmod u+x <filename> Note that I always use indents even in Bash scripts to improve readability and that long lines shown here may display as wrapped around. Script http://pastebin.com/g0k4YyfB