Skriv ned passordene, nogen lunde trygt

[JBlack]

For å øve litt på bash scripting har jeg laga et lite script som bruker GnuPG til å automatisere jobben med å lagre og editere krypterte tekstfiler.

 

Behovet bak var å kunne skrive ned passord til diverse ting og tang, men slippe å skrive det i klartekst. Da kan man selvsagt bruke gpg til å kryptere fila. Men hver gang man skal se den, endre den osv så må man skrive riktig kommandoer, huske korrekte options osv. Og når man editerer så må man huske å slette de midlertidig filene man bruker, og ikke minst de backupfilene som editorer ofte lager. Jeg vet med meg selv at jeg ikke er strukturert nok til dette.

 

Så her kommer scriptet som holder orden på alt dette for dere.... scriptet skulle være selvforklarende.

 

Kommentarer til ting som kunne vært gjort bedre taes imot med takk.

#!/bin/sh

GPGUSER="Vault"         #The user name used in GnuPG
VAULTDIR=$HOME/.vault   #The directory where the encrypted files are stores
TMPDIR=$VAULTDIR/tmp    #Temporary directory where files are stored before calling editors
                       #Note: the TMPDIR will be emptied for files starting with vault. 
                       #every time the script is run
#EDITOR=nano -w          #uncomment and modify for providing a custom editor command
 	
echo "Vault V0.0001 beta for GPG user name: $GPGUSER"
echo "This program is provided "as is" without any warranty of any kind."
echo "Do with it whatever you like, use at own risk, don't blame me for anything etc. etc. etc."

if [ ! -d "$VAULTDIR" ]
then
echo "Vault directory '$VAULTDIR' does not exist!"
echo "If you want to use another location, please edit the script."
echo -n "Want me to create it? (ctrl-c to exit) [y/N] "
read ans
if [[ "$ans" = "y" || "$ans" = "Y" ]]
then
 mkdir $VAULTDIR
else
 echo "Cannot work without vault directory. Exiting."
 exit -1
fi
echo
fi

if [ ! -d "$TMPDIR" ]
then
echo "The temporary directory '$TMPDIR' does not exist!"
echo "If you want to use another location, please edit the script."
echo -n "Want me to create it? (ctrl-c to exit) [y/N] "
read ans
if [[ "$ans" = "y" || "$ans" = "Y" ]]
then
 mkdir $TMPDIR
else
 echo "Cannot work without temporary directory. Exiting."
 exit -1
fi
echo
fi

rm -f $TMPDIR/vault.*

if [ -z $1 ]
then
echo "Usage: ${0##*/} id"
echo
echo "id is an identification for the different elements in the vault."
echo "Each element in the vault is a separate encrypted file found in the"
echo "vault directory: $VAULTDIR"
echo "If you don't remember an id, just list this directory."
echo
echo "The script uses Gnupg (gpg). Before using this script, you need to"
echo "create keys. This is done with the command: gpg --gen-key"
echo "When asked for name, enter $GPGUSER. If you want to use a different"
echo "name, edit this script." 
echo
echo "Security issue! When editing files, they will temporarily be stored"
echo "in the temporary directory: $TMPDIR"
echo "Here they wil be stored unencrypted! This means anyone with read"
echo "access to these files can read the information."
echo
echo "Furthermore, if the script is interrupted before properly finishing,"
echo "these temporary files may linger on. To mitigate this issue, the"
echo "script will delete any file in this directory with filename starting"
echo "with vault. every time it's run. This may cause problems if several"
echo "instances of the script using the same temporary directory is run at"
echo "the same time."
echo
echo "Also, if your editor is saving temporary files elsewhere, then these"
echo "files will contain unencrypted information. I advice using a simple"
echo "text based editor like nano or pico."
echo
echo "The editor currently configured is: $EDITOR"
echo "You can change this by changing the EDITOR variable in the shell, or"
echo "in this script."
exit 0
fi

idfile="$VAULTDIR/$1"

if [ -f $idfile ]
then
echo
echo "This id already exists: $1"
echo -n "Do you want to list, edit or delete it? [L/e/d] "
read ans
if [[ "$ans" = "l" || "$ans" = "L" || -z $ans ]]
then
 echo "Opening file..."
 echo
 gpg -d "$idfile"
 exit 0
elif [[ "$ans" = "d" || "$ans" = "D" ]]
then
 echo -n "Please confirm deleting vault id: $1 [y/N] "
 read ans
 if [[ "$ans" = "y" || "$ans" = "Y" ]]
 then
 	echo "Deleting file."
 	rm -f "$idfile"
 	exit 0
 else
 	echo "File not deleted. Exiting."
 	exit 0
 fi
elif  [[ "$ans" = "e" || "$ans" = "E" ]]
then
 echo gpg -d -o "$TMPDIR/vault.$$ "$idfile""
 gpg -d -o "$TMPDIR/vault.$$" "$idfile"
else
 echo "Unknown option. Exiting!"
fi

else
echo "This is a new vault file with id: $1" > "$TMPDIR/vault.$$"
echo "Edit this file, remember to save it, and exit the editor." >> "$TMPDIR/vault.$$"
fi

$EDITOR "$TMPDIR/vault.$$"

if [ -f "$TMPDIR/vault.$$" ]
then
echo "Storing edited information in vault..."
gpg -e -r "$GPGUSER" -o "$idfile" "$TMPDIR/vault.$$"
rm -f $TMPDIR/vault.*
else
echo "Error, something went wrong. Information was lost."
echo "Please check the contents of the temporary directory."
echo $TMPDIR
ls $TMPDIR/vault.*
exit -1
fi

NB! brukes på eget ansvar.

[Bad_Byte]

For oss KDE brukere finnes det alt ett mer (gui) bruker vennlig verktøy for dette KGpg (en del av KDE siden 3.2). Den ligger under "utilities" i start menyen som "Encryption Tool (KGpg)".

Endret 31. mai 2005 av Bad_Byte

[Dovrebanen]

Funker fint oss GNOME-brukere også.

[franksun]

man kan også bruke den innebygde krypteringsfunksjonen i vim.

 

:e

[JBlack]

Vi kde-brukere har også KDE Wallet som lagrer passord, og er integrert med i hvertfall konqueror. Men den synes jeg er litt forvirrende til generell bruk.