[Discuss] deadmanish login?

[grg-webvisible+blu at ai.mit.edu (Gregory Galperin)]

On Sat, Feb 04, 2017 at 12:55:13PM -0500, Daniel Barrett wrote:
> On February 4, 2017, Bill Horne wrote:
> >Readers please state your preferences for Keepass, Password Safe, or
> >other programs/methods for storing passwords.
> 
> GnuPG.
> 
> I store usernames, passwords, and site names in a 3-column,
> GnuPG-encrypted text file. To recall a password for a given host, I
> run a homebrew script that's more or less:
> 
>   gpg -d mysecrets.gpg | grep <host>
> 
> If desired, one can further copy the password into the X clipboard by
> piping to "xclip". This simple is and has worked for a decade+ without
> problems.


The above lets you read from that encrypted file without leaving unecrypted
bits on disk (definitely a good thing), but how do you add to/edit that
encrypted file without having cleartext versions around?


FWIW, what I do to edit encrypted files without leaking sensitive data is
that I use an (x)emacs hook I wrote to encrypt/decrypt behind the scenes
while looking mostly like an ordinary file to me.  I posted the elisp to
this list some years back:

http://boston-linux-unix-general-discussion-list.996279.n3.nabble.com/MyPasswordSafe-converter-to-KeePassX-available-td45267.html#a45270

(Yah, xemacs... I do know I oughta put in the work to make all my elisp
work under emacs again so I can switch back at some point...)

--grg