[ale] How do you store your passwords?

Nick Ali nali at ubuntu.com
Fri Nov 9 17:10:41 EST 2007


On Nov 9, 2007 4:42 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> This is a neat use of make.  I like it.  How are you handling the
> error cases?  For example, i'm thinking about what happens the first
> time you try to "make edit" your password file after your GPG key
> expires -- since GPG will fail to encrypt to an expired key, will it
> nuke your password file entirely by overwriting it with the truncated
> (failed) gpg output?
>
>   (not that i ask from personal experience or anything...)
>
> Care to share your makefile?  I know i'd be interested in seeing it,
> at least.

With my simple Makefile, if your key has expired, it will bail out
when re-encrypting and you will be left with an encrypted file and
unencrypted file.

I found the Makefile somewhere online, but can't remember where. It
doesn't really handle any error cases, but you shouldn't lose any data
if things don't work for some reason:
--------
GPGID = user at whatever.com
FILEPLAIN = myencryptedfile
FILECRYPT = $(FILEPLAIN).gpg

HOMEDIR = ../somedirectory/.gnupg
GPG = gpg --homedir $(HOMEDIR)
RM = rm -i
VI = vi

all:
        @echo ""
        @echo "usage:"
        @echo ""
        @echo "* make view -- to see $(FILEPLAIN)"
        @echo "* make edit -- to edit $(FILEPLAIN)"
        @echo ""

edit:
        @umask 0077; $(GPG) --output $(FILEPLAIN) --decrypt $(FILECRYPT)
        @$(VI) $(FILEPLAIN)
        @umask 0077; $(GPG) --encrypt --recipient $(GPGID) $(FILEPLAIN)
        @$(RM) $(FILEPLAIN)

view:
        @umask 0077; $(GPG) --decrypt $(FILECRYPT) | less
--------------

nick


-- 

http://boredandblogging.com



More information about the Ale mailing list